CVE-2017-10392

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Core. The supported version that is affected is Prior to 5.1.30. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to...

CVE-2017-10398

Vulnerability in the Oracle Hospitality Cruise Fleet Management component of Oracle Hospitality Applications subcomponent: BaseMasterPage. The supported version that is affected is 9.0.2.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Orac...

CVE-2017-10406

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products subcomponent: PIA Core Technology. Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromi...

CVE-2017-10408

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Core. The supported version that is affected is Prior to 5.1.30. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to...

CVE-2017-10099

CVE-2017-10099 affects SPARC M7, T7, and S7 based Servers (Firmware subcomponent) in Oracle Sun Systems Products Suite. The vulnerability is exploitable locally on systems where the SPARC hardware runs; with a logon, an attacker can cause a hang or frequent, repeatable crashes (complete denial of...

CVE-2017-10167

CVE-2017-10167 affects Oracle MySQL Server (Server: Optimizer). The MiracleLinux/Nessus entry lists affected versions as 5.7.19 and earlier and describes an exploitable flaw where a low-privileged, network-accessible attacker can cause the MySQL Server to hang or crash (DOS). Documentation confir...

CVE-2017-10190

CVE-2017-10190 affects Oracle Database Server’s Java VM component in affected versions 11.2.0.4, 12.1.0.2, and 12.2.0.1. The vulnerability allows a high-privileged, authenticated attacker with Create Session and Create Procedure privileges (local access) to compromise the Java VM, with potential ...

CVE-2017-10261

CVE-2017-10261 concerns a vulnerability in the XML Database component of Oracle Database Server. Affected versions include 11.2.0.4 and 12.1.0.2 . The issue allows a low-privileged attacker with Create Session privilege to log into the infrastructure where XML Database runs and compromise the XML...

CVE-2017-10271

CVE-2017-10271 is an input validation/deserialization flaw in Oracle WebLogic Server (WLS Security) that enables unauthenticated remote code execution. Affected products/versions per entries include Oracle WebLogic Server 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0, and 12.2.1.2.0. Public writeups and adv...

CVE-2017-10279

CVE-2017-10279 affects the MySQL Server component (Server: Optimizer) of Oracle MySQL. The vulnerability is exploitable by a high-privilege attacker with network access via multiple protocols and can cause a hang or frequent crash (DOS) of MySQL Server. Affected versions cited across connected do...

CVE-2017-10285

CVE-2017-10285 is confirmed to affect Oracle/OpenJDK Java SE and Java SE Embedded, specifically the RMI (Remote Method Invocation) component. The vulnerability allows an unauthenticated attacker with network access via multiple protocols to compromise Java SE/Embedded, with exploitation described...

CVE-2017-10310

CVE-2017-10310 affects Oracle Hyperion Financial Reporting, subcomponent Security Models, with the affected product/version: Oracle Hyperion Financial Reporting (11.1.2). The vulnerability is exploitable by an unauthenticated attacker over HTTP with network access, enabling unauthorized access to...

CVE-2017-10315

Summary: CVE-2017-10315 concerns the Siebel UI Framework (subcomponent: UIF Open UI) in Oracle Siebel CRM. Affected are Siebel versions 16.0 and 17.0. The vulnerability enables an unauthenticated attacker, over HTTP, to exploit via user interaction to gain unauthorized read/update/delete access t...

CVE-2017-10326

CVE-2017-10326 affects Oracle E-Business Suite’s Common Applications Calendar (CAC) component. A vulnerability in CAC impacts versions 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7, allowing an unauthenticated attacker with network access via HTTP to compromise CAC. The exploi...

CVE-2017-10333

CVE-2017-10333 affects the Siebel UI Framework, specifically the EAI subcomponent, in Oracle Siebel CRM. Affected versions are 16.0 and 17.0. The vulnerability allows an attacker with network access via HTTP and low privileges to compromise Siebel UI Framework, potentially leading to unauthorized...

CVE-2017-10355

CVE-2017-10355 is documented across multiple openJDK/OpenJDK-derived advisories (CentOS, Debian, Amazon, IBM, etc.) as a networking vulnerability in the FtpClient component of OpenJDK’s Java SE/Java SE Embedded. Technical details in connected sources specify that the FtpClient did not set default...

CVE-2017-10379

CVE-2017-10379 concerns the MySQL Server client-side component of Oracle MySQL. Affected versions are 5.5.57 and earlier, 5.6.37 and earlier, and 5.7.19 and earlier. The vulnerability can be exploited by a low-privileged attacker with network access via multiple protocols, potentially leading to ...

CVE-2017-10395

The CVE-2017-10395 entry concerns Oracle Hospitality Cruise Fleet Management (GangwayActivityWebApp) with affected version 9.0.2.0. The vulnerability allows a low-privileged attacker with network access over HTTP to compromise data, enabling unauthorized update/insert/delete operations and read a...

CVE-2017-10396

CVE-2017-10396 affects Oracle Hospitality Cruise AffairWhere (subcomponent AffairWhere) in Oracle Hospitality Applications; affected versions are 2.2.5.0, 2.2.6.0, and 2.2.7.0. The vulnerability allows a low-privileged attacker with logon to the infrastructure where AffairWhere runs to compromise...

CVE-2017-10397

The CVE-2017-10397 vulnerability affects Oracle Hospitality Cruise Fleet Management, BaseMasterPage subcomponent, in Oracle Hospitality Applications, specifically version 9.0.2.0. The exposure allows an unauthenticated attacker, over HTTP with network access, to compromise the component; exploita...