CVE List - 2017 / October
Showing 801 - 900 of 1398 CVEs for October 2017 (Page 9 of 14)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2017-10354 | 2017-10-19 | Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub component of Oracle PeopleSoft Products (subcomponent: Enterprise Portal). The supported version that is affected is 9.1.00. Easily exploitable vulnerability allows unauthenticated attacker... |
| CVE-2017-10355 | 2017-10-19 | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java... |
| CVE-2017-10356 | 2017-10-19 | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java... |
| CVE-2017-10357 | 2017-10-19 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE... |
| CVE-2017-10358 | 2017-10-19 | Vulnerability in the Oracle Hyperion Financial Reporting component of Oracle Hyperion (subcomponent: Workspace). The supported version that is affected is 11.1.2. Easily exploitable vulnerability allows low privileged attacker with network... |
| CVE-2017-10359 | 2017-10-19 | Vulnerability in the Oracle Hyperion BI+ component of Oracle Hyperion (subcomponent: UI and Visualization). The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows unauthenticated attacker with network... |
| CVE-2017-10360 | 2017-10-19 | Vulnerability in the Oracle WebCenter Content component of Oracle Fusion Middleware (subcomponent: Content Server). Supported versions that are affected are 11.1.1.9.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows unauthenticated attacker... |
| CVE-2017-10361 | 2017-10-19 | Vulnerability in the Oracle Hospitality Cruise Shipboard Property Management System component of Oracle Hospitality Applications (subcomponent: OHC DRS). The supported version that is affected is 8.0.2.0. Easily exploitable vulnerability allows... |
| CVE-2017-10362 | 2017-10-19 | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Sawbridge). Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with... |
| CVE-2017-10363 | 2017-10-19 | Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Security). Supported versions that are affected are 11.3, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0, 12.2.0, 12.3.0 and... |
| CVE-2017-10364 | 2017-10-19 | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Updates Environment Mgmt). Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitable vulnerability allows low... |
| CVE-2017-10365 | 2017-10-19 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network... |
| CVE-2017-10366 | 2017-10-19 | Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of Oracle PeopleSoft Products (subcomponent: Performance Monitor). Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated... |
| CVE-2017-10367 | 2017-10-19 | Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Engagement). Supported versions that are affected are 2.8 and 2.9. Easily exploitable vulnerability allows unauthenticated attacker with network... |
| CVE-2017-10368 | 2017-10-19 | Vulnerability in the PeopleSoft Enterprise SCM eProcurement component of Oracle PeopleSoft Products (subcomponent: Manage Requisition Status). Supported versions that are affected are 9.1.00 and 9.2.00. Easily exploitable vulnerability allows unauthenticated... |
| CVE-2017-10369 | 2017-10-19 | Vulnerability in the Oracle Virtual Directory component of Oracle Fusion Middleware (subcomponent: Virtual Directory Server). Supported versions that are affected are 11.1.1.7.0 and 11.1.1.9.0. Difficult to exploit vulnerability allows low... |
| CVE-2017-10370 | 2017-10-19 | Vulnerability in the Oracle Hospitality Guest Access component of Oracle Hospitality Applications (subcomponent: Base). Supported versions that are affected are 4.2.0 and 4.2.1. Easily exploitable vulnerability allows high privileged attacker... |
| CVE-2017-10372 | 2017-10-19 | Vulnerability in the Oracle Hospitality Guest Access component of Oracle Hospitality Applications (subcomponent: Base). Supported versions that are affected are 4.2.0 and 4.2.1. Easily exploitable vulnerability allows high privileged attacker... |
| CVE-2017-10373 | 2017-10-19 | Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of Oracle PeopleSoft Products (subcomponent: Health Center). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker... |
| CVE-2017-10375 | 2017-10-19 | Vulnerability in the Oracle Hospitality Guest Access component of Oracle Hospitality Applications (subcomponent: Base). Supported versions that are affected are 4.2.0 and 4.2.1. Easily exploitable vulnerability allows low privileged attacker... |
| CVE-2017-10378 | 2017-10-19 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.11 and earlier. Easily exploitable... |
| CVE-2017-10379 | 2017-10-19 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable... |
| CVE-2017-10380 | 2017-10-19 | Vulnerability in the Java Advanced Management Console component of Oracle Java SE (subcomponent: Server). The supported version that is affected is Java Advanced Management Console: 2.7. Difficult to exploit vulnerability... |
| CVE-2017-10381 | 2017-10-19 | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Core Technology). Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated... |
| CVE-2017-10382 | 2017-10-19 | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Core Technology). Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated... |
| CVE-2017-10383 | 2017-10-19 | Vulnerability in the Oracle Hospitality Guest Access component of Oracle Hospitality Applications (subcomponent: Interface). Supported versions that are affected are 4.2.0 and 4.2.1. Easily exploitable vulnerability allows unauthenticated attacker with... |
| CVE-2017-10384 | 2017-10-19 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.57 and earlier 5.6.37 and earlier 5.7.19 and earlier. Easily exploitable vulnerability... |
| CVE-2017-10385 | 2017-10-19 | Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 3.0.1 and 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with... |
| CVE-2017-10386 | 2017-10-19 | Vulnerability in the Java Advanced Management Console component of Oracle Java SE (subcomponent: Server). The supported version that is affected is Java Advanced Management Console: 2.7. Easily exploitable vulnerability allows... |
| CVE-2017-10387 | 2017-10-19 | Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: Preferences). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability... |
| CVE-2017-10388 | 2017-10-19 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE... |
| CVE-2017-10389 | 2017-10-19 | Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hospitality Applications (subcomponent: PMS). Supported versions that are affected are 8.10.1 and 8.10.2. Easily exploitable vulnerability allows low privileged attacker with... |
| CVE-2017-10391 | 2017-10-19 | Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Administration). Supported versions that are affected are 3.0.1 and 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network... |
| CVE-2017-10392 | 2017-10-19 | Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.30. Easily exploitable vulnerability allows high privileged attacker with... |
| CVE-2017-10393 | 2017-10-19 | Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 3.0.1 and 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with... |
| CVE-2017-10394 | 2017-10-19 | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Security). Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitable vulnerability allows low privileged attacker... |
| CVE-2017-10395 | 2017-10-19 | Vulnerability in the Oracle Hospitality Cruise Fleet Management component of Oracle Hospitality Applications (subcomponent: GangwayActivityWebApp). The supported version that is affected is 9.0.2.0. Easily exploitable vulnerability allows low privileged attacker... |
| CVE-2017-10396 | 2017-10-19 | Vulnerability in the Oracle Hospitality Cruise AffairWhere component of Oracle Hospitality Applications (subcomponent: AffairWhere). Supported versions that are affected are 2.2.5.0, 2.2.6.0 and 2.2.7.0. Easily exploitable vulnerability allows low privileged... |
| CVE-2017-10397 | 2017-10-19 | Vulnerability in the Oracle Hospitality Cruise Fleet Management component of Oracle Hospitality Applications (subcomponent: BaseMasterPage). The supported version that is affected is 9.0.2.0. Easily exploitable vulnerability allows unauthenticated attacker with... |
| CVE-2017-10398 | 2017-10-19 | Vulnerability in the Oracle Hospitality Cruise Fleet Management component of Oracle Hospitality Applications (subcomponent: BaseMasterPage). The supported version that is affected is 9.0.2.0. Easily exploitable vulnerability allows low privileged attacker... |
| CVE-2017-10399 | 2017-10-19 | Vulnerability in the Oracle Hospitality Cruise Fleet Management component of Oracle Hospitality Applications (subcomponent: GangwayActivityWebApp). The supported version that is affected is 9.0.2.0. Difficult to exploit vulnerability allows low privileged... |
| CVE-2017-10400 | 2017-10-19 | Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Administration Graphical User Interface). The supported version that is affected is 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker... |
| CVE-2017-10401 | 2017-10-19 | Vulnerability in the Oracle Hospitality Cruise Materials Management component of Oracle Hospitality Applications (subcomponent: MMSUpdater). The supported version that is affected is 7.30.564.0. Easily exploitable vulnerability allows low privileged attacker... |
| CVE-2017-10402 | 2017-10-19 | Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications (subcomponent: Report). Supported versions that are affected are 8.5.1 and 9.0.0. Easily exploitable vulnerability allows unauthenticated attacker... |
| CVE-2017-10403 | 2017-10-19 | Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications (subcomponent: iQuery). Supported versions that are affected are 8.5.1 and 9.0.0. Difficult to exploit vulnerability allows low... |
| CVE-2017-10404 | 2017-10-19 | Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications (subcomponent: iQuery). Supported versions that are affected are 8.5.1 and 9.0.0. Easily exploitable vulnerability allows low privileged... |
| CVE-2017-10405 | 2017-10-19 | Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications (subcomponent: Report). Supported versions that are affected are 8.5.1 and 9.0.0. Easily exploitable vulnerability allows unauthenticated attacker... |
| CVE-2017-10406 | 2017-10-19 | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Core Technology). Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated... |
| CVE-2017-10407 | 2017-10-19 | Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.30. Easily exploitable vulnerability allows high privileged attacker with... |
| CVE-2017-10408 | 2017-10-19 | Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.30. Easily exploitable vulnerability allows high privileged attacker with... |
| CVE-2017-10409 | 2017-10-19 | Vulnerability in the Oracle iStore component of Oracle E-Business Suite (subcomponent: Merchant UI). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable... |
| CVE-2017-10410 | 2017-10-19 | Vulnerability in the Oracle Knowledge Management component of Oracle E-Business Suite (subcomponent: Search). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable... |
| CVE-2017-10411 | 2017-10-19 | Vulnerability in the Oracle Knowledge Management component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily... |
| CVE-2017-10412 | 2017-10-19 | Vulnerability in the Oracle Knowledge Management component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily... |
| CVE-2017-10413 | 2017-10-19 | Vulnerability in the Oracle Mobile Field Service component of Oracle E-Business Suite (subcomponent: Multiplatform Based on HTML5). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6... |
| CVE-2017-10414 | 2017-10-19 | Vulnerability in the Oracle iStore component of Oracle E-Business Suite (subcomponent: Checkout and Order Placement). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7.... |
| CVE-2017-10415 | 2017-10-19 | Vulnerability in the Oracle iSupport component of Oracle E-Business Suite (subcomponent: Others). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability... |
| CVE-2017-10416 | 2017-10-19 | Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: Setup and Configuration). Supported versions that are affected are 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable... |
| CVE-2017-10417 | 2017-10-19 | Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: Setup and Configuration). Supported versions that are affected are 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable... |
| CVE-2017-10418 | 2017-10-19 | Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of Oracle PeopleSoft Products (subcomponent: PeopleSoft CDA). The supported version that is affected is 8.56. Easily exploitable vulnerability allows low privileged attacker... |
| CVE-2017-10419 | 2017-10-19 | Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hospitality Applications (subcomponent: PMS). Supported versions that are affected are 8.10.1 and 8.10.2. Easily exploitable vulnerability allows unauthenticated attacker with logon... |
| CVE-2017-10420 | 2017-10-19 | Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hospitality Applications (subcomponent: Leisure). Supported versions that are affected are 8.10.1 and 8.10.2. Easily exploitable vulnerability allows low privileged attacker with... |
| CVE-2017-10421 | 2017-10-19 | Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hospitality Applications (subcomponent: Leisure). Supported versions that are affected are 8.10.1 and 8.10.2. Easily exploitable vulnerability allows low privileged attacker with... |
| CVE-2017-10422 | 2017-10-19 | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Updates Change Assistant). The supported version that is affected is 8.54. Difficult to exploit vulnerability allows unauthenticated attacker... |
| CVE-2017-10423 | 2017-10-19 | Vulnerability in the Oracle Retail Back Office component of Oracle Retail Applications (subcomponent: Security). Supported versions that are affected are 13.2, 13.3, 13.4, 14.0 and 14.1. Easily exploitable vulnerability allows... |
| CVE-2017-10424 | 2017-10-19 | Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Web). Supported versions that are affected are 3.2.8.2223 and earlier, 3.3.4.3247 and earlier and 3.4.2.4181 and earlier. Easily... |
| CVE-2017-10425 | 2017-10-19 | Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Service Host). Supported versions that are affected are 2.6, 2.7, 2.8 and 2.9. Easily exploitable vulnerability allows low... |
| CVE-2017-10426 | 2017-10-19 | Vulnerability in the PeopleSoft Enterprise FSCM component of Oracle PeopleSoft Products (subcomponent: Staffing Front Office). The supported version that is affected is 9.2. Easily exploitable vulnerability allows high privileged attacker... |
| CVE-2017-10427 | 2017-10-19 | Vulnerability in the Oracle Retail Xstore Point of Service component of Oracle Retail Applications (subcomponent: Point of Sale). Supported versions that are affected are 6.0.11, 6.5.11, 7.0.6, 7.1.6 and 15.0.1.... |
| CVE-2017-10428 | 2017-10-19 | Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.30. Difficult to exploit vulnerability allows high privileged attacker... |
| CVE-2017-3444 | 2017-10-19 | Vulnerability in the Oracle Trade Management component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable... |
| CVE-2017-3445 | 2017-10-19 | Vulnerability in the Oracle Trade Management component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable... |
| CVE-2017-3446 | 2017-10-19 | Vulnerability in the Oracle Trade Management component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable... |
| CVE-2017-3588 | 2017-10-19 | Vulnerability in the Solaris Cluster component of Oracle Sun Systems Products Suite (subcomponent: HA for MySQL). Supported versions that are affected are 3.3 and 4.3. Easily exploitable vulnerability allows unauthenticated... |
| CVE-2017-10271 | 2017-10-19 | Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Security). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows unauthenticated... |
| CVE-2017-10955 | 2017-10-19 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Data Protection Advisor 6.3.0. Authentication is required to exploit this vulnerability. The specific flaw exists within... |
| CVE-2017-15639 | 2017-10-19 | tasks/feed/readRSS.cfm in Mura CMS before 6.2 allows attackers to bypass intended access restrictions by leveraging the "draggable feeds" feature. |
| CVE-2017-15642 | 2017-10-19 | In lsx_aiffstartread in aiff.c in Sound eXchange (SoX) 14.4.2, there is a Use-After-Free vulnerability triggered by supplying a malformed AIFF file. |
| CVE-2012-6707 | 2017-10-19 | WordPress through 4.8.2 uses a weak MD5-based password hashing algorithm, which makes it easier for attackers to determine cleartext values by leveraging access to the hash values. NOTE: the approach... |
| CVE-2017-5635 | 2017-10-19 | In Apache NiFi before 0.7.2 and 1.x before 1.1.2 in a cluster environment, if an anonymous user request is replicated to another node, the originating node identity is used rather... |
| CVE-2017-5636 | 2017-10-19 | In Apache NiFi before 0.7.2 and 1.x before 1.1.2 in a cluster environment, the proxy chain serialization/deserialization is vulnerable to an injection attack where a carefully crafted username could impersonate... |
| CVE-2016-8748 | 2017-10-19 | In Apache NiFi before 1.0.1 and 1.1.x before 1.1.1, there is a cross-site scripting vulnerability in connection details dialog when accessed by an authorized user. The user supplied text was... |
| CVE-2012-4379 | 2017-10-19 | MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not send a restrictive X-Frame-Options HTTP header, which allows remote attackers to conduct clickjacking attacks via an embedded API response in an... |
| CVE-2012-4380 | 2017-10-19 | MediaWiki before 1.18.5, and 1.19.x before 1.19.2 allows remote attackers to bypass GlobalBlocking extension IP address blocking and create an account via unspecified vectors. |
| CVE-2012-4382 | 2017-10-19 | MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not properly protect user block metadata, which allows remote administrators to read a user block reason via a reblock attempt. |
| CVE-2015-4421 | 2017-10-19 | The tzdriver module in Huawei Mate 7 (Mate7-TL10) smartphones before V100R001CHNC00B126SP03 allows local users to gain privileges or cause a denial of service (memory corruption) via an unspecified input. |
| CVE-2015-4422 | 2017-10-19 | The TEEOS module in Huawei Mate 7 (Mate7-TL10) smartphones before V100R001CHNC00B126SP03 allows local users with root permissions to gain privileges or cause a denial of service (memory corruption) via a... |
| CVE-2015-6668 | 2017-10-19 | The Job Manager plugin before 0.7.25 allows remote attackers to read arbitrary CV files via a brute force attack to the WordPress upload directory structure, related to an insecure direct... |
| CVE-2017-10933 | 2017-10-19 | All versions prior to V2.06.00.00 of ZTE ZXDT22 SF01, an monitoring system of ZTE energy product, are impacted by directory traversal vulnerability that allows remote attackers to read arbitrary files... |
| CVE-2017-15649 | 2017-10-19 | net/packet/af_packet.c in the Linux kernel before 4.13.6 allows local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving... |
| CVE-2017-15643 | 2017-10-19 | An active network attacker (MiTM) can achieve remote code execution on a machine that runs IKARUS Anti Virus 2.16.7. IKARUS AV for Windows uses cleartext HTTP for updates along with... |
| CVE-2017-15644 | 2017-10-19 | SSRF exists in Webmin 1.850 via the PATH_INFO to tunnel/link.cgi, as demonstrated by a GET request for tunnel/link.cgi/http://INTRANET-IP:8000. |
| CVE-2017-15645 | 2017-10-19 | CSRF exists in Webmin 1.850. By sending a GET request to at/create_job.cgi containing dir=/&cmd= in the URI, an attacker to execute arbitrary commands. |
| CVE-2017-15646 | 2017-10-19 | Webmin before 1.860 has XSS with resultant remote code execution. Under the 'Others/File Manager' menu, there is a 'Download from remote URL' option to download a file from a remote... |
| CVE-2017-15647 | 2017-10-19 | On FiberHome routers, Directory Traversal exists in /cgi-bin/webproc via the getpage parameter in conjunction with a crafted var:page value. |
| CVE-2017-15648 | 2017-10-19 | In PHPSUGAR PHP Melody before 2.7.3, page_manager.php has XSS via the page_title parameter. |
| CVE-2017-14017 | 2017-10-19 | An Uncontrolled Search Path Element issue was discovered in Progea Movicon Version 11.5.1181 and prior. An uncontrolled search path element vulnerability has been identified, which may allow a remote attacker... |
| CVE-2017-14019 | 2017-10-19 | An Unquoted Search Path or Element issue was discovered in Progea Movicon Version 11.5.1181 and prior. An unquoted search path or element vulnerability has been identified, which may allow an... |
| CVE-2017-15650 | 2017-10-19 | musl libc before 1.1.17 has a buffer overflow via crafted DNS replies because dns_parse_callback in network/lookup_name.c does not restrict the number of addresses, and thus an attacker can provide an... |
| CVE-2017-15651 | 2017-10-20 | PRTG Network Monitor 17.3.33.2830 allows remote authenticated administrators to execute arbitrary code by uploading a .exe file and then proceeding in spite of the error message. |