Microsoft Edge Spoofing Vulnerability (CNVD-2017-14641)

Microsoft Edge is the web browser built into the Windows 10 version. Microsoft Edge fails to properly parse HTTP content and has a spoofing vulnerability in its implementation. An attacker could exploit the vulnerability to trick users into opening malicious websites, among other things...

Oracle PeopleSoft Enterprise SCM eSupplier Connection Remote Vulnerability

Oracle PeopleSoft eSupplier Connection is an enterprise application from Oracle that provides supplier self-service through an Internet-based portal. A remote security vulnerability exists in Oracle PeopleSoft Enterprise SCM eSupplier Connection. An attacker could compromise the 'Vendor'...

UBUNTU-CVE-2017-9066

In WordPress before 4.7.5, there is insufficient redirect validation in the HTTP class, leading to SSRF...

CVE-2017-3355

Vulnerability in the Oracle Marketing component of Oracle E-Business Suite subcomponent: User Interface. Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via...

CVE-2017-3482

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications subcomponent: Infrastructure. Supported versions that are affected are 12.0.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0, 12.2.0 and 12.3.0. Easily "exploitable" vulnerability allows low privileged...

Oracle Automatic Service Request Remote Vulnerability

Automatic Service Request ASR is an "Oracle Support Service" that provides automatic case generation in the event of common hardware component failures. A remote vulnerability exists in Oracle Automatic Service Request. An attacker can exploit the vulnerability to compromise the "ASR Manager"...

CVE-2017-3326

Vulnerability in the Oracle Common Applications component of Oracle E-Business Suite subcomponent: Role Summary. Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access...

ALPINE-CVE-2016-10002

Incorrect processing of responses to If-None-Modified HTTP conditional requests in Squid HTTP Proxy 3.1.10 through 3.1.23, 3.2.0.3 through 3.5.22, and 4.0.1 through 4.0.16 leads to client-specific Cookie data being leaked to other clients. Attack requests can easily be crafted by a client to prob...

Oracle FLEXCUBE Private Banking Security Bypass Vulnerability

Oracle FLEXCUBE Private Banking is a product of Oracle Corporation USA. It plans, records, tracks and manages client wealth across a range of asset classes and tools to increase financial advisor productivity and improve client relationships. A remote security bypass vulnerability exists in Oracl...

Oracle GlassFish Server Remote Security Vulnerability (CNVD-2017-00929)

Oracle GlassFish Server is the United States Oracle Oracle company's set of Java Platform, Java EE 6 specification can be realized solution. The solution provides flexible, lightweight and ready to use for the development of applications Java EE 6 application server. A remote security vulnerabili...

Unspecified Vulnerability in Oracle FLEXCUBE Universal Banking (CNVD-2017-00945)

Oracle FLEXCUBE Universal Banking is the United States Oracle Oracle company's set of real-time, online coverage of retail, group, investment banking, a comprehensive solution. The program supports multi-currency, multi-language and multi-entity operations. A remote security vulnerability exists ...

Oracle E-Business Suite Remote Security Vulnerability (CNVD-2017-00642)

Oracle E-Business Suite is a suite of fully integrated, global business management software from Oracle Corporation. Oracle Common Applications also known as Oracle Common Application Calendar, CAC is one of the components that can simplify the management of daily activities, appointments, and...

Oracle E-Business Suite Remote Security Vulnerability (CNVD-2017-00652)

Oracle E-Business Suite E-Business Suite is a set of fully integrated global business management software from Oracle Oracle. The software provides customer relationship management, service management, financial management and other functions. A remote vulnerability exists in Oracle Installed Bas...

Oracle E-Business Suite Remote Security Vulnerability (CNVD-2017-00653)

Oracle E-Business Suite E-Business Suite is a fully integrated set of Oracle's global business management software. Oracle Customer Intelligence is one of the Web-based customer information viewer, customer data analyzer and customer performance monitor components. A remote vulnerability exists i...

Oracle E-Business Suite Remote Security Vulnerability (CNVD-2017-00650)

Oracle E-Business Suite E-Business Suite is Oracle's fully integrated suite of global business management software. oracle iStore is one of the e-business applications that enable merchants to efficiently build, deploy, manage, and personalize their Internet storefronts. iStore is an e-commerce...

Oracle E-Business Suite Remote Security Vulnerability (CNVD-2017-00640)

Oracle E-Business Suite is a suite of fully integrated, global business management software from Oracle Corporation. Oracle Common Applications also known as Oracle Common Application Calendar, CAC is one of the components that can simplify the management of daily activities, appointments, and...

H2O use-after-free vulnerability

Overview H2O is an open source web server software. H2O contains a use-after-free vulnerability CWE-416 due to a flaw in the process of upgrading from HTTP/1 to HTTP/2. Kazuho Oku reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and Kazuho Oku coordinated...

Unspecified Vulnerability in Oracle PeopleSoft Enterprise PeopleTools (CNVD-2016-10122)

Oracle PeopleSoft Enterprise is a set of enterprise human capital management solutions from Oracle Oracle. The program provides human capital management, financial management, supplier relationship management and other functions. A remote security vulnerability exists in the Oracle PeopleSoft...

CVE-2016-1469

The HTTP framework on Cisco SPA300, SPA500, and SPA51x devices allows remote attackers to cause a denial of service device outage via a series of malformed HTTP requests, aka Bug ID CSCut67385...

Cisco Firepower Management Center and ASA 5500-X Series with FirePOWER Services Elevation of Privilege Vulnerability

Cisco Firepower Management Center and Cisco ASA 5500-X Series with FirePOWER Services are both next-generation firewall software from Cisco. An elevation of privilege vulnerability exists in the web-based GUI in Cisco Firepower Management Center and Cisco ASA 5500-X Series with FirePOWER Services...