CVE-2017-3454

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: InnoDB. Supported versions that are affected are 5.7.17 and earlier. Easily "exploitable" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successf...

CVE-2017-3459

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Optimizer. Supported versions that are affected are 5.7.17 and earlier. Easily "exploitable" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

CVE-2017-3463

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Security: Privileges. Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows high privileged attacker with network access vi...

CVE-2017-3592

Vulnerability in the Oracle Payables component of Oracle E-Business Suite subcomponent: Self Service Manager. Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily "exploitable" vulnerability allows high privileged attacker with network access...

CVE-2017-3618

Vulnerability in the Automatic Service Request ASR component of Oracle Support Tools subcomponent: ASR Manager. The supported version that is affected is Prior to 5.7. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where Automatic Service Reques...

CVE-2017-3621

Vulnerability in the Sun ZFS Storage Appliance Kit AK component of Oracle Sun Systems Products Suite subcomponent: IPC Frameworks. The supported version that is affected is AK 2013. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via multiple protocols to...

CVE-2017-3492

The CVE-2017-3492 vulnerability affects Oracle FLEXCUBE Enterprise Limits and Collateral Management (Infrastructure subcomponent) within Oracle Financial Services Applications. Affected versions are 12.0.0 and 12.1.0. The issue allows a low-privileged attacker with network access via HTTP to read...

CVE-2017-3465

CVE-2017-3465 affects the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Affected versions: 5.7.17 and earlier. An attacker with network access via multiple protocols and with low privileges can exploit this to perform unauthorized updates, inserts, or delete...

CVE-2017-3553

CVE-2017-3553 affects Oracle Identity Manager within Oracle Fusion Middleware (Rules Engine). Affected product/version: Oracle Identity Manager, 11.1.2.3.0. Root cause/impact: network-accessible, low-privilege attacker can compromise Oracle Identity Manager, with full takeover risk and confidenti...

CVE-2017-3620

Vulnerability in the Automatic Service Request ASR component of Oracle Support Tools subcomponent: ASR Manager. The supported version that is affected is Prior to 5.7. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where Automatic Service Reques...

CVE-2017-3460

CVE-2017-3460 affects Oracle MySQL Server (Server: Audit Plug-in). Affected: MySQL 5.7.17 and earlier. Issue: high-privilege attacker can authenticate via network and cause a hang or complete DoS of MySQL Server. Mitigation: apply vendor-supplied fixes by upgrading to a version with the CP update...

CVE-2017-3499

CVE-2017-3499 affects Oracle Fusion Middleware’s Oracle Social Network Android Client (prior to 11.1.12.0.0). It is exploitable over HTTPS by an unauthenticated, network-accessing attacker, potentially leading to unauthorized access to confidential Oracle Social Network data. Root cause and speci...

CVE-2017-3558

CVE-2017-3558 affects Oracle VM VirtualBox (Core) with builds prior to 5.0.38 and 5.1.20. The issue stems from a heap allocator (slirp) and header handling in VirtualBox’ networking code, where an attacker can corrupt a heap header via crafted IP/UDP/TCP input. Due to dropped asserts in release b...

CVE-2017-3546

CVE-2017-3546 affects Oracle PeopleSoft Tools (MultiChannel Framework), specifically SSRF in IMServlet for ToolsRelease 8.55.x (ToolsReleaseDB 8.55; HCM 9.2). Connected docs show SSRF allows remote attacker over network to cause cross-site requests, enabling potentially unauthorized access or por...

CVE-2017-3583

The CVE-2017-3583 vulnerability affects Oracle Primavera P6 Enterprise Project Portfolio Management (Web Access). Affected versions are 8.3, 8.4, 15.1, 15.2, 16.1 and 16.2. The issue is exploitable via HTTP with network access and unauthenticated access, requiring user interaction to trigger. Suc...

CVE-2017-3592

CVE-2017-3592 affects Oracle E-Business Suite Payables (Self Service Manager) across 12.1.1–12.2.6. A remote attacker over HTTP with high privileges can compromise Payables, enabling unauthorized creation/modification/deletion of data. The CVE is noted in Oracle’s April 2017 CPU advisory and is r...

CVE-2017-3331

CVE-2017-3331 affects Oracle MySQL Server (subcomponent: Server: DML). Affects MySQL 5.7.11–5.7.17; exploitation via multiple network protocols by a low-privileged user can cause a hang or frequent crashes (DoS). Remediation references indicate an update path; Red Hat advisory RHSA-2017:2886 note...

CVE-2017-3521

CVE-2017-3521 affects Oracle PeopleSoft Products, specifically the PeopleSoft Enterprise SCM Purchasing component (Supplier Registration) on version 9.2. The vulnerability is described as exploitable over HTTP by a high-privilege attacker with network access, enabling unauthorized creation, delet...

CVE-2017-3309

Disclaimer: This data contains information about vulnerable...

CVE-2017-3508

Vulnerability in the Primavera Gateway component of Oracle Primavera Products Suite subcomponent: Primavera Desktop Integration. Supported versions that are affected are 1.0, 1.1, 14.2, 15.1, 15.2, 16.1 and 16.2. Easily "exploitable" vulnerability allows high privileged attacker with network acce...