656 matches found
DEBIAN-CVE-2017-9800
A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server to attack another...
CVE-2017-10179
Vulnerability in the Application Management Pack for Oracle E-Business Suite component of Oracle E-Business Suite subcomponent: User Monitoring. Supported versions that are affected are AMP 12.1.0.4.0 and AMP 13.1.1.1.0. Easily exploitable vulnerability allows unauthenticated attacker with networ...
CVE-2017-1182
IBM Tivoli Monitoring Portal v6 could allow a local network adjacent attacker to execute arbitrary commands on the system, when default client-server default communications, HTTP, are being used. IBM X-Force ID: 123493...
Microsoft Edge Spoofing Vulnerability (CNVD-2017-14641)
Microsoft Edge is the web browser built into the Windows 10 version. Microsoft Edge fails to properly parse HTTP content and has a spoofing vulnerability in its implementation. An attacker could exploit the vulnerability to trick users into opening malicious websites, among other things...
Oracle PeopleSoft Enterprise SCM eSupplier Connection Remote Vulnerability
Oracle PeopleSoft eSupplier Connection is an enterprise application from Oracle that provides supplier self-service through an Internet-based portal. A remote security vulnerability exists in Oracle PeopleSoft Enterprise SCM eSupplier Connection. An attacker could compromise the 'Vendor'...
UBUNTU-CVE-2017-9066
In WordPress before 4.7.5, there is insufficient redirect validation in the HTTP class, leading to SSRF...
CVE-2017-3355
Vulnerability in the Oracle Marketing component of Oracle E-Business Suite subcomponent: User Interface. Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via...
CVE-2017-3482
Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications subcomponent: Infrastructure. Supported versions that are affected are 12.0.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0, 12.2.0 and 12.3.0. Easily "exploitable" vulnerability allows low privileged...
Oracle Automatic Service Request Remote Vulnerability
Automatic Service Request ASR is an "Oracle Support Service" that provides automatic case generation in the event of common hardware component failures. A remote vulnerability exists in Oracle Automatic Service Request. An attacker can exploit the vulnerability to compromise the "ASR Manager"...
CVE-2017-3326
Vulnerability in the Oracle Common Applications component of Oracle E-Business Suite subcomponent: Role Summary. Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access...
ALPINE-CVE-2016-10002
Incorrect processing of responses to If-None-Modified HTTP conditional requests in Squid HTTP Proxy 3.1.10 through 3.1.23, 3.2.0.3 through 3.5.22, and 4.0.1 through 4.0.16 leads to client-specific Cookie data being leaked to other clients. Attack requests can easily be crafted by a client to prob...
Oracle GlassFish Server Remote Security Vulnerability (CNVD-2017-00929)
Oracle GlassFish Server is the United States Oracle Oracle company's set of Java Platform, Java EE 6 specification can be realized solution. The solution provides flexible, lightweight and ready to use for the development of applications Java EE 6 application server. A remote security vulnerabili...
Oracle E-Business Suite Remote Security Vulnerability (CNVD-2017-00642)
Oracle E-Business Suite is a suite of fully integrated, global business management software from Oracle Corporation. Oracle Common Applications also known as Oracle Common Application Calendar, CAC is one of the components that can simplify the management of daily activities, appointments, and...
Oracle E-Business Suite Remote Security Vulnerability (CNVD-2017-00653)
Oracle E-Business Suite E-Business Suite is a fully integrated set of Oracle's global business management software. Oracle Customer Intelligence is one of the Web-based customer information viewer, customer data analyzer and customer performance monitor components. A remote vulnerability exists i...
Oracle E-Business Suite Remote Security Vulnerability (CNVD-2017-00650)
Oracle E-Business Suite E-Business Suite is Oracle's fully integrated suite of global business management software. oracle iStore is one of the e-business applications that enable merchants to efficiently build, deploy, manage, and personalize their Internet storefronts. iStore is an e-commerce...
Oracle E-Business Suite Remote Security Vulnerability (CNVD-2017-00652)
Oracle E-Business Suite E-Business Suite is a set of fully integrated global business management software from Oracle Oracle. The software provides customer relationship management, service management, financial management and other functions. A remote vulnerability exists in Oracle Installed Bas...
Oracle E-Business Suite Remote Security Vulnerability (CNVD-2017-00640)
Oracle E-Business Suite is a suite of fully integrated, global business management software from Oracle Corporation. Oracle Common Applications also known as Oracle Common Application Calendar, CAC is one of the components that can simplify the management of daily activities, appointments, and...
Oracle FLEXCUBE Private Banking Security Bypass Vulnerability
Oracle FLEXCUBE Private Banking is a product of Oracle Corporation USA. It plans, records, tracks and manages client wealth across a range of asset classes and tools to increase financial advisor productivity and improve client relationships. A remote security bypass vulnerability exists in Oracl...
Unspecified Vulnerability in Oracle FLEXCUBE Universal Banking (CNVD-2017-00945)
Oracle FLEXCUBE Universal Banking is the United States Oracle Oracle company's set of real-time, online coverage of retail, group, investment banking, a comprehensive solution. The program supports multi-currency, multi-language and multi-entity operations. A remote security vulnerability exists ...
H2O use-after-free vulnerability
Overview H2O is an open source web server software. H2O contains a use-after-free vulnerability CWE-416 due to a flaw in the process of upgrading from HTTP/1 to HTTP/2. Kazuho Oku reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and Kazuho Oku coordinated...