CVE-2018-5688

ILIAS before 5.2.4 has XSS via the cmd parameter to the displayHeader function in setup/classes/class.ilSetupGUI.php in the Setup component...

CVE-2017-10303

Vulnerability in the Oracle Interaction Center Intelligence component of Oracle E-Business Suite subcomponent: Setup. Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...

Buffer overflow

Vulnerability in the Oracle Interaction Center Intelligence component of Oracle E-Business Suite subcomponent: Setup. Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...

Apple iTunes < 12.4 DLL Injection Arbitrary Code Execution (uncredentialed check)

The version of Apple iTunes running on the remote Windows host is prior to 12.4. It is, therefore, affected by a DLL Dynamic Link Library injection vulnerability in the setup component that is triggered when running the installer from an untrusted directory. An attacker can exploit this...