CVE-2017-3306

Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL subcomponent: Monitoring: Server. Supported versions that are affected are 3.1.6.8003 and earlier, 3.2.1182 and earlier and 3.3.2.1162 and earlier. Easily "exploitable" vulnerability allows high privileged attacker with netwo...

UBUNTU-CVE-2017-3589

Vulnerability in the MySQL Connectors component of Oracle MySQL subcomponent: Connector/J. Supported versions that are affected are 5.1.41 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Connectors executes to compromise...

UBUNTU-CVE-2017-3558

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Core. Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM...

CVE-2017-3485

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications subcomponent: Infrastructure. Supported versions that are affected are 11.3.0, 11.4.0, 12.0.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 and 12.2.0. Difficult to exploit vulnerability allows low...

CVE-2017-3488

Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications subcomponent: Unit Trust. Supported versions that are affected are 12.0.1, 12.0.2, 12.0.3, 12.0.4, 12.1.0, 12.2.0 and 12.3.0. Easily "exploitable" vulnerability allows low privileged attack...

CVE-2017-3546

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products subcomponent: MultiChannel Framework. Supported versions that are affected are 8.54 and 8.55. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via HTTP to compromis...

CVE-2017-3587

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Shared Folder. Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where Oracle V...

CVE-2017-3568

Vulnerability in the Oracle Hospitality OPERA 5 Property Services component of Oracle Hospitality Applications subcomponent: OPERA Printing and Login. Supported versions that are affected are 5.4.0.x, 5.4.1.x, 5.4.2.x, 5.4.3.x, 5.5.0.x and 5.5.1.x. Difficult to exploit vulnerability allows...

CVE-2017-3545

Vulnerability CVE-2017-3545 affects Oracle WebCenter Sites (Fusion Middleware) subcomponent Blob Server. Affected versions: 11.1.1.8.0, 12.2.1.0.0, 12.2.1.1.0, 12.2.1.2.0. The issue allows an unauthenticated attacker with network access over HTTP to compromise the system, enabling unauthorized cr...

CVE-2017-3602

Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware subcomponent: Advanced UI. Supported versions that are affected are 11.1.1.8.0, 12.2.1.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily "exploitable" vulnerability allows low privileged attacker with network access via HTTP t...

CVE-2017-3575

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Core. Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM...

SQL injection vulnerability in the save.php file of TreeHole's external link system

TreeHole Outbound Linking System is a free and open source outbound linking system. Treehole external link system save.php file SQL injection vulnerability , the vulnerability stems from x-forwarded-for failure to adequately filter , an attacker can exploit the vulnerability to access or modify...

PT-2017-15942

Name of the Vulnerable Software and Affected Versions Oracle WebLogic Server versions 10.3.6.0, 12.1.3.0, 12.2.1.0, 12.2.1.1, 12.2.1.2 Description The issue allows an unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks can result in...

UBUNTU-CVE-2017-3454

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: InnoDB. Supported versions that are affected are 5.7.17 and earlier. Easily "exploitable" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successf...

UBUNTU-CVE-2017-3468

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Security: Encryption. Supported versions that are affected are 5.7.17 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL...

UBUNTU-CVE-2017-3544

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Networking. Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker wi...

UBUNTU-CVE-2017-3464

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: DDL. Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protoco...

UBUNTU-CVE-2017-3533

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Networking. Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker wi...

UBUNTU-CVE-2017-3465

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Security: Privileges. Supported versions that are affected are 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL...

infinispan: auth bypass in REST api

It was found that the REST API in infinispan did not properly enforce auth constraints. An attacker could use this vulnerability to read or modify data in the default cache or a known cache name...