CVE-2017-10275

Vulnerability in the Sun ZFS Storage Appliance Kit AK component of Oracle Sun Systems Products Suite subcomponent: Filesystem. The supported version that is affected is AK 2013. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Sun ZFS Storage...

CVE-2017-10397

The CVE-2017-10397 vulnerability affects Oracle Hospitality Cruise Fleet Management, BaseMasterPage subcomponent, in Oracle Hospitality Applications, specifically version 9.0.2.0. The exposure allows an unauthenticated attacker, over HTTP with network access, to compromise the component; exploita...

CVE-2017-10408

CVE-2017-10408 affects Oracle VM VirtualBox Core, with older 5.1.x releases prior to 5.1.30. A local privileged user can exploit this to cause a hang or crash (DoS) and potentially read/update/insert/delete data in accessible VirtualBox data. CVSSv3 base score 7.3 (HIGH) with LOCAL/LOW attack com...

CVE-2017-10190

CVE-2017-10190 affects Oracle Database Server’s Java VM component in affected versions 11.2.0.4, 12.1.0.2, and 12.2.0.1. The vulnerability allows a high-privileged, authenticated attacker with Create Session and Create Procedure privileges (local access) to compromise the Java VM, with potential ...

CVE-2017-10396

CVE-2017-10396 affects Oracle Hospitality Cruise AffairWhere (subcomponent AffairWhere) in Oracle Hospitality Applications; affected versions are 2.2.5.0, 2.2.6.0, and 2.2.7.0. The vulnerability allows a low-privileged attacker with logon to the infrastructure where AffairWhere runs to compromise...

CVE-2017-10320

Disclaimer: This data contains information about vulnerable...

CVE-2017-10167

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Optimizer. Supported versions that are affected are 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successf...

CVE-2017-10320

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: InnoDB. Supported versions that are affected are 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

CVE-2017-10167

CVE-2017-10167 affects Oracle MySQL Server (Server: Optimizer). The MiracleLinux/Nessus entry lists affected versions as 5.7.19 and earlier and describes an exploitable flaw where a low-privileged, network-accessible attacker can cause the MySQL Server to hang or crash (DOS). Documentation confir...

CVE-2017-10261

CVE-2017-10261 concerns a vulnerability in the XML Database component of Oracle Database Server. Affected versions include 11.2.0.4 and 12.1.0.2 . The issue allows a low-privileged attacker with Create Session privilege to log into the infrastructure where XML Database runs and compromise the XML...

CVE-2017-10347

Vulnerability in the Java SE, JRockit component of Oracle Java SE subcomponent: Serialization. Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...

CVE-2017-10392

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Core. The supported version that is affected is Prior to 5.1.30. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to...

CVE-2017-10378

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Optimizer. Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.11 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple...

CVE-2017-10099

Vulnerability in the SPARC M7, T7, S7 based Servers component of Oracle Sun Systems Products Suite subcomponent: Firmware. The supported version that is affected is Prior to 9.7.6.b. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where SPARC M7,...

CVE-2017-10354

Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub component of Oracle PeopleSoft Products subcomponent: Enterprise Portal. The supported version that is affected is 9.1.00. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...

CVE-2017-10326

CVE-2017-10326 affects Oracle E-Business Suite’s Common Applications Calendar (CAC) component. A vulnerability in CAC impacts versions 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7, allowing an unauthenticated attacker with network access via HTTP to compromise CAC. The exploi...

CVE-2017-10355

CVE-2017-10355 is documented across multiple openJDK/OpenJDK-derived advisories (CentOS, Debian, Amazon, IBM, etc.) as a networking vulnerability in the FtpClient component of OpenJDK’s Java SE/Java SE Embedded. Technical details in connected sources specify that the FtpClient did not set default...

CVE-2017-10379

CVE-2017-10379 concerns the MySQL Server client-side component of Oracle MySQL. Affected versions are 5.5.57 and earlier, 5.6.37 and earlier, and 5.7.19 and earlier. The vulnerability can be exploited by a low-privileged attacker with network access via multiple protocols, potentially leading to ...

CVE-2017-10328

Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite subcomponent: Diagnostics. Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access v...

CVE-2017-10285

CVE-2017-10285 is confirmed to affect Oracle/OpenJDK Java SE and Java SE Embedded, specifically the RMI (Remote Method Invocation) component. The vulnerability allows an unauthenticated attacker with network access via multiple protocols to compromise Java SE/Embedded, with exploitation described...