CVE-2017-10236

CVE-2017-10236 affects Oracle VM VirtualBox Core prior to 5.1.24. The issue can enable a locally authenticated, high-privilege attacker to cause a hang/DoS and unauthorized read/write access to VirtualBox data, with CVSSv3.0 base score 7.3 (HIGH). Public sources reference Oracle’s patching; Magei...

CVE-2017-10187

CVE-2017-10187 affects the Oracle VM VirtualBox core component (pre-5.1.24). The issue allows a high-privileges attacker with local access to compromise VirtualBox, potentially corrupting data and causing partial Denial of Service (I/L/A impacts as described). Several connected records corroborat...

CVE-2017-10098

CVE-2017-10098 affects Oracle FLEXCUBE Universal Banking (Infrastructure subcomponent) in multiple supported releases (11.3.0, 11.4.0, 12.0.1–12.3.0). The flaw enables a low-privilege attacker who can access the service over HTTP to perform unauthorized read, update, insert, or delete actions on ...

CVE-2017-3651

CVE-2017-3651 affects Oracle MySQL Server’s Client mysqldump component. Affected releases include 5.5.56 and earlier, 5.6.36 and earlier, and 5.7.18 and earlier. The issue is described in multiple advisories as a vulnerability that enables a low-privileged, network-accessing attacker to perform u...

CVE-2017-10011

Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications subcomponent: Miscellaneous. Supported versions that are affected are 2.0.0, 2.0.1, 2.2.0 and 12.0.1. Easily exploitable vulnerability allows low privileged attacker with logon to the...

CVE-2017-3639

CVE-2017-3639 is a vulnerability in the MySQL Server component (Server: DML) of Oracle MySQL. Affected are MySQL 5.7.18 and earlier. An unauthenticated/highly privileged attacker with network access via multiple protocols can cause a hang or a frequently repeating crash (DoS) of MySQL Server. The...

CVE-2017-3643

CVE-2017-3643 affects Oracle MySQL Server (Server: DML). Affected: MySQL 5.7.18 and earlier. An attacker with high privileges over the network via multiple protocols can cause the MySQL Server to hang or crash (DoS). CVSS 3.0 base score 4.9 (Availability). No exploit details provided beyond vendo...

CVE-2017-10078

Vulnerability in the Java SE component of Oracle Java SE subcomponent: Scripting. The supported version that is affected is Java SE: 8u131. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this...

CVE-2017-10086

Vulnerability in the Java SE component of Oracle Java SE subcomponent: JavaFX. Supported versions that are affected are Java SE: 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks...

CVE-2017-10111

CVE-2017-10111 affects Oracle Java OpenJDK’s Libraries component (Java SE). The connected advisories confirm vulnerable versions include Java SE 8u131 and Java SE Embedded 8u131, with exploitation described as arbitrary code execution via the LambdaFormEditor bounds checks in the Libraries, enabl...

CVE-2017-10089

CVE-2017-10089 affects Oracle Java SE ImageIO in OpenJDK/OpenJDK-derived disclosures: 6u151, 7u141, 8u131 are vulnerable. The issue allows a network-based, unauthenticated attacker to take control of the Java SE runtime, with UI interaction required, potentially impacting additional products. Aff...

CVE-2017-10087

CVE-2017-10087 is a vulnerability in Oracle Java SE/Java SE Embedded Libraries affecting Java SE 6u151, 7u141, and 8u131, and Java SE Embedded 8u131. The issue is an access-control bypass in the Libraries component that could allow a network-facilitated, unauthenticated attacker to take control o...

CVE-2017-10215

Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub component of Oracle PeopleSoft Products subcomponent: EPPCMDEFNCATG. The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...

CVE-2017-10202

CVE-2017-10202 affects Oracle Database Server OJVM in affected releases (11.2.0.4, 12.1.0.2, 12.2.0.1). The flaw allows a low-privileged user with Create Session/Create Procedure privileges and network access (multiple protocols) to compromise OJVM, potentially taking over the component and impac...

CVE-2017-10062

CVE-2017-10062 affects the Solaris component of Oracle Sun Systems Suite, specifically the Oracle Java Web Console subcomponent. The vulnerability is in Solaris 10 (x86 and SPARC) and allows a low-privilege attacker with logon to the system to compromise Solaris, leading to unauthorized updates/d...

CVE-2017-10072

CVE-2017-10072 affects Oracle FLEXCUBE Universal Banking in Oracle Financial Services Applications. Affected versions include 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0, 12.2.0 and 12.3.0. The vulnerability allows a low-privileged attacker with network access via HTTP to compromise data: unau...

CVE-2017-3638

CVE-2017-3638 affects Oracle MySQL Server (Server: Optimizer). Affected are MySQL 5.7.18 and earlier. The issue allows a network-accessible, high-privilege attacker to cause a hang or frequent, reproducible crashes (DOS) of MySQL Server. The vulnerability is confirmed in multiple sources linked t...

CVE-2017-3642

CVE-2017-3642 affects Oracle MySQL Server (Server: Optimizer). Affected: MySQL 5.7.18 and earlier. Attackers with network access via multiple protocols can cause a hang or crash (DoS) of MySQL Server. CVSS v3.0 base score 4.9 (Availability). Connected advisories indicate fixes are available: Red ...

CVE-2017-10217

An Oracle Hospitality CVE-2017-10217 vulnerability affects Oracle Hospitality Guest Access (Base) in Oracle Hospitality Applications, specifically versions 4.2.0.0 and 4.2.1.0. The issue allows a low-privileged user with network access over HTTP to remotely modify certain Oracle Hospitality Guest...

CVE-2017-10007

CVE-2017-10007 affects Oracle FLEXCUBE Private Banking (Oracle Financial Services Applications), specifically the Miscellaneous subcomponent. Affected versions are 2.0.0, 2.0.1, 2.2.0 and 12.0.1. The vulnerability allows a low-privileged attacker with network access via HTTP to read data from the...