Total
28625 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-10426 | 1 Oracle | 1 Peoplesoft Enterprise Staffing Front Office | 2024-02-28 | 4.0 MEDIUM | 2.7 LOW |
Vulnerability in the PeopleSoft Enterprise FSCM component of Oracle PeopleSoft Products (subcomponent: Staffing Front Office). The supported version that is affected is 9.2. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FSCM. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise FSCM accessible data. CVSS 3.0 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N). | |||||
CVE-2017-1129 | 1 Ibm | 2 Expeditor, Inotes | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. If a user is persuaded to click on a malicious link, it could cause the Notes client to hang and have to be restarted. IBM X-Force ID: 121370. | |||||
CVE-2017-7728 | 1 Ismartalarm | 2 Cubeone, Cubeone Firmware | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
On iSmartAlarm cube devices, there is authentication bypass leading to remote execution of commands (e.g., setting the alarm on/off), related to incorrect cryptography. | |||||
CVE-2017-0640 | 1 Google | 1 Android | 2024-02-28 | 7.1 HIGH | 5.5 MEDIUM |
A remote denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33129467. | |||||
CVE-2017-15627 | 1 Tp-link | 76 Er5110g, Er5110g Firmware, Er5120g and 73 more | 2024-02-28 | 9.0 HIGH | 7.2 HIGH |
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-pns variable in the pptp_client.lua file. | |||||
CVE-2017-1569 | 1 Ibm | 1 Websphere Commerce | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
IBM WebSphere Commerce 7.0 and 8.0 contains an unspecified vulnerability in Marketing ESpot's that could cause a denial of service. IBM X-Force ID: 131779. | |||||
CVE-2017-0832 | 1 Google | 1 Android | 2024-02-28 | 9.3 HIGH | 7.8 HIGH |
A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62887820. | |||||
CVE-2017-10284 | 1 Oracle | 1 Mysql | 2024-02-28 | 4.0 MEDIUM | 4.9 MEDIUM |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Stored Procedure). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||||
CVE-2017-10198 | 5 Debian, Netapp, Oracle and 2 more | 27 Debian Linux, Active Iq Unified Manager, Cloud Backup and 24 more | 2024-02-28 | 4.3 MEDIUM | 6.8 MEDIUM |
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N). | |||||
CVE-2017-5688 | 1 Intel | 1 Solid State Drive Toolbox | 2024-02-28 | 7.2 HIGH | 6.7 MEDIUM |
There is an escalation of privilege vulnerability in the Intel Solid State Drive Toolbox versions before 3.4.5 which allow a local administrative attacker to load and execute arbitrary code. | |||||
CVE-2017-13675 | 1 Symantec | 1 Endpoint Encryption | 2024-02-28 | 2.3 LOW | 4.2 MEDIUM |
A denial of service (DoS) attack in Symantec Endpoint Encryption before SEE 11.1.3HF2 allows remote attackers to make a particular machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a specific host within a network. | |||||
CVE-2017-8735 | 1 Microsoft | 3 Edge, Windows 10, Windows Server 2016 | 2024-02-28 | 4.3 MEDIUM | 4.3 MEDIUM |
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to trick a user by redirecting the user to a specially crafted website, due to the way that Microsoft Edge parses HTTP content, aka "Microsoft Edge Spoofing Vulnerability". This CVE ID is unique from CVE-2017-8724. | |||||
CVE-2017-15044 | 1 Docuware | 1 Fulltext Server | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
The default installation of DocuWare Fulltext Search server through 6.11 allows remote users to connect to and download searchable text from the embedded Solr service, bypassing DocuWare's access control features of the DocuWare user interfaces and API. An attacker can also gain privileges by modifying text. The default installation is unsafe because the server listens on the network interface, not the localhost interface. | |||||
CVE-2017-3648 | 2 Debian, Oracle | 2 Debian Linux, Mysql | 2024-02-28 | 4.0 MEDIUM | 4.4 MEDIUM |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||||
CVE-2017-10370 | 1 Oracle | 1 Hospitality Guest Access | 2024-02-28 | 4.9 MEDIUM | 6.9 MEDIUM |
Vulnerability in the Oracle Hospitality Guest Access component of Oracle Hospitality Applications (subcomponent: Base). Supported versions that are affected are 4.2.0 and 4.2.1. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Hospitality Guest Access. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Hospitality Guest Access, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Guest Access accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality Guest Access accessible data. CVSS 3.0 Base Score 6.9 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N). | |||||
CVE-2017-14482 | 2 Debian, Gnu | 2 Debian Linux, Emacs | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
GNU Emacs before 25.3 allows remote attackers to execute arbitrary code via email with crafted "Content-Type: text/enriched" data containing an x-display XML element that specifies execution of shell commands, related to an unsafe text/enriched extension in lisp/textmodes/enriched.el, and unsafe Gnus support for enriched and richtext inline MIME objects in lisp/gnus/mm-view.el. In particular, an Emacs user can be instantly compromised by reading a crafted email message (or Usenet news article). | |||||
CVE-2017-0642 | 1 Google | 1 Android | 2024-02-28 | 7.1 HIGH | 5.5 MEDIUM |
A remote denial of service vulnerability in libhevc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34819017. | |||||
CVE-2017-15942 | 1 Paloaltonetworks | 1 Pan-os | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.13, and 8.0.x before 8.0.6 allows remote attackers to cause a denial of service via vectors related to the management interface. | |||||
CVE-2017-10077 | 1 Oracle | 1 Applications Dba | 2024-02-28 | 5.5 MEDIUM | 6.5 MEDIUM |
Vulnerability in the Oracle Applications DBA component of Oracle E-Business Suite (subcomponent: AD Utilities). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Applications DBA. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Applications DBA accessible data as well as unauthorized access to critical data or complete access to all Oracle Applications DBA accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N). | |||||
CVE-2017-13226 | 1 Google | 1 Android | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
An elevation of privilege vulnerability in the MediaTek mtk. Product: Android. Versions: Android kernel. Android ID: A-32591194. References: M-ALPS03149184. |