VYPR

CVEs

100,082 total · page 1890 of 2,002

  • CVE-2017-3523HigApr 24, 2017
    risk 0.55cvss 8.5epss 0.03

    Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 5.1.40 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise…

  • CVE-2017-3519HigApr 24, 2017
    risk 0.49cvss 7.5epss 0.03

    Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Security). Supported versions that are affected are 8.54 and 8.55. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via HTTP to…

  • CVE-2017-3518HigApr 24, 2017
    risk 0.49cvss 7.5epss 0.03

    Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Grid Control (subcomponent: Discovery Framework). Supported versions that are affected are 12.1.0, 13.1.0 and 13.2.0. Easily "exploitable" vulnerability allows unauthenticated attacker…

  • CVE-2017-3516HigApr 24, 2017
    risk 0.50cvss 7.7epss 0.02

    Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel Zones virtualized NIC driver). The supported version that is affected is 11.3. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple…

  • CVE-2017-3514HigApr 24, 2017
    risk 0.54cvss 8.3epss 0.02

    Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise…

  • CVE-2017-3512HigApr 24, 2017
    risk 0.54cvss 8.3epss 0.03

    Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 7u131 and 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE.…

  • CVE-2017-3511HigApr 24, 2017
    risk 0.50cvss 7.7epss 0.01

    Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated…

  • CVE-2017-3507HigApr 24, 2017
    risk 0.48cvss 7.3epss 0.02

    Vulnerability in the Oracle Service Bus component of Oracle Fusion Middleware (subcomponent: Web Console Design). Supported versions that are affected are 12.1.3.0.0, 12.2.1.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily "exploitable" vulnerability allows unauthenticated attacker with…

  • CVE-2017-3506HigKEVApr 24, 2017
    risk 0.68cvss 7.4epss 0.96

    Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.0, 12.2.1.1 and 12.2.1.2. Difficult to exploit vulnerability allows unauthenticated attacker with…

  • CVE-2017-3500HigApr 24, 2017
    risk 0.57cvss 8.7epss 0.02

    Vulnerability in the Primavera Gateway component of Oracle Primavera Products Suite (subcomponent: Primavera Desktop Integration). Supported versions that are affected are 1.0, 1.1, 14.2, 15.1, 15.2, 16.1 and 16.2. Easily "exploitable" vulnerability allows high privileged…

  • CVE-2017-3499HigApr 24, 2017
    risk 0.49cvss 7.5epss 0.03

    Vulnerability in the Oracle Social Network component of Oracle Fusion Middleware (subcomponent: Android Client). The supported version that is affected is prior to 11.1.12.0.0 (17019101). Easily "exploitable" vulnerability allows unauthenticated attacker with network access via…

  • CVE-2017-3497HigApr 24, 2017
    risk 0.48cvss 7.3epss 0.02

    Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Remote Administration Daemon). The supported version that is affected is 11.3. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via multiple protocols…

  • CVE-2017-3493HigApr 24, 2017
    risk 0.55cvss 8.5epss 0.02

    Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 12.0.0 and 12.1.0. Easily "exploitable" vulnerability allows low…

  • CVE-2017-3486HigApr 24, 2017
    risk 0.47cvss 7.2epss 0.00

    Vulnerability in the SQL*Plus component of Oracle Database Server. Supported versions that are affected are 11.2.0.4 and 12.1.0.2. Difficult to exploit vulnerability allows high privileged attacker having Local Logon privilege with logon to the infrastructure where SQL*Plus…

  • CVE-2017-3476HigApr 24, 2017
    risk 0.46cvss 7.1epss 0.02

    Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Miscellaneous). Supported versions that are affected are 2.0.0, 2.0.1, 2.2.0.1 and 12.0.1. Easily "exploitable" vulnerability allows low privileged attacker…

  • CVE-2017-3472HigApr 24, 2017
    risk 0.53cvss 8.1epss 0.02

    Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Portfolio Management). Supported versions that are affected are 2.0.0, 2.0.1, 2.2.0.1 and 12.0.1. Easily "exploitable" vulnerability allows low privileged…

  • CVE-2017-3450HigApr 24, 2017
    risk 0.49cvss 7.5epss 0.04

    Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via multiple…

  • CVE-2017-3432HigApr 24, 2017
    risk 0.46cvss 7.1epss 0.02

    Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: Audience workbench). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily "exploitable" vulnerability allows unauthenticated attacker with network access…

  • CVE-2017-3393HigApr 24, 2017
    risk 0.46cvss 7.1epss 0.02

    Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: Interaction History). Supported versions that are affected are 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily "exploitable" vulnerability allows unauthenticated attacker with…

  • CVE-2017-3337HigApr 24, 2017
    risk 0.46cvss 7.1epss 0.02

    Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily "exploitable" vulnerability allows unauthenticated attacker with…

  • CVE-2017-3329HigApr 24, 2017
    risk 0.49cvss 7.5epss 0.04

    Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Thread Pooling). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows unauthenticated attacker with…

  • CVE-2017-3309HigApr 24, 2017
    risk 0.50cvss 7.7epss 0.03

    Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network…

  • CVE-2017-3308HigApr 24, 2017
    risk 0.50cvss 7.7epss 0.03

    Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access…

  • CVE-2017-3306HigApr 24, 2017
    risk 0.54cvss 8.3epss 0.02

    Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Server). Supported versions that are affected are 3.1.6.8003 and earlier, 3.2.1182 and earlier and 3.3.2.1162 and earlier. Easily "exploitable" vulnerability allows high privileged…

  • CVE-2017-3254HigApr 24, 2017
    risk 0.50cvss 7.6epss 0.01

    Vulnerability in the Oracle Retail Invoice Matching component of Oracle Retail Applications (subcomponent: Security). Supported versions that are affected are 12.0 and 13.0. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via HTTP to…

  • CVE-2017-3237HigApr 24, 2017
    risk 0.51cvss 7.8epss 0.00

    Vulnerability in the Automatic Service Request (ASR) component of Oracle Support Tools (subcomponent: ASR Manager). The supported version that is affected is Prior to 5.7. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where…

  • CVE-2017-3233HigApr 24, 2017
    risk 0.49cvss 7.5epss 0.01

    Vulnerability in the Automatic Service Request (ASR) component of Oracle Support Tools (subcomponent: ASR Manager). The supported version that is affected is Prior to 5.7. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via HTTP to…

  • CVE-2017-3230HigApr 24, 2017
    risk 0.56cvss 8.6epss 0.02

    Vulnerability in the Oracle Fusion Middleware MapViewer component of Oracle Fusion Middleware (subcomponent: Map Builder). Supported versions that are affected are 11.1.1.9, 12.2.1.1 and 12.2.1.2. Easily "exploitable" vulnerability allows unauthenticated attacker with network…

  • CVE-2016-6917HigApr 24, 2017
    risk 0.51cvss 7.8epss 0.00

    Buffer overflow in nvhost_job.c in the NVIDIA video driver for Android, Shield TV before OTA 3.3, Shield Table before OTA 4.4, and Shield Table TK1 before OTA 1.5.

  • CVE-2016-6916HigApr 24, 2017
    risk 0.51cvss 7.8epss 0.00

    Integer overflow in nvhost_job.c in the NVIDIA video driver for Android, Shield TV before OTA 3.3, Shield Table before OTA 4.4, and Shield Table TK1 before OTA 1.5 allows local users to cause a denial of service (system crash) via unspecified vectors, which triggers a buffer…

  • CVE-2011-3438HigApr 24, 2017
    risk 0.57cvss 8.8epss 0.02

    WebKit, as used in Safari 5.0.6, allows remote attackers to cause a denial of service (process crash) or arbitrary code execution.

  • CVE-2017-8101HigApr 24, 2017
    risk 0.57cvss 8.8epss 0.01

    There is CSRF in Serendipity 2.0.5, allowing attackers to install any themes via a GET request.

  • CVE-2017-8099HigApr 24, 2017
    risk 0.53cvss 8.1epss 0.01

    There is CSRF in the WHIZZ plugin before 1.1.1 for WordPress, allowing attackers to delete any WordPress users and change the plugin's status via a GET request.

  • CVE-2016-4313HigApr 24, 2017
    risk 0.54cvss 7.8epss 0.09

    Directory traversal vulnerability in unzip/extract feature in eXtplorer 2.1.9 allows remote attackers to execute arbitrary files via a .. (dot dot) in an archive file.

  • CVE-2016-3691HigApr 24, 2017
    risk 0.57cvss 8.8epss 0.01

    Routes in Kallithea before 0.3.2 allows remote attackers to bypass the CSRF protection by using the GET HTTP request method.

  • CVE-2015-7570HigApr 24, 2017
    risk 0.50cvss 7.2epss 0.06

    Multiple server-side request forgery (SSRF) vulnerabilities in Yeager CMS 1.2.1 allow remote attackers to trigger outbound requests and enumerate open ports via the dbhost parameter to libs/org/adodb_lite/tests/test_adodb_lite.php, libs/org/adodb_lite/tests/test_datadictionary.ph…

  • CVE-2015-7569HigApr 24, 2017
    risk 0.60cvss 8.8epss 0.03

    SQL injection vulnerability in "yeager/y.php/tab_USERLIST" in Yeager CMS 1.2.1 allows local users to execute arbitrary SQL commands via the "pagedir_orderby" parameter.

  • CVE-2015-7245HigApr 24, 2017
    risk 0.55cvss 7.5epss 0.45

    Directory traversal vulnerability in D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 allows remote attackers to read sensitive information via a .. (dot dot) in the errorpage parameter.

  • CVE-2017-1000361HigApr 24, 2017
    risk 0.49cvss 7.5epss 0.01

    DOMRpcImplementationNotAvailableException when sending Port-Status packets to OpenDaylight. Controller launches exceptions and consumes more CPU resources. Component: OpenDaylight is vulnerable to this flaw. Version: The tested versions are OpenDaylight 3.3 and 4.0.

  • CVE-2017-1000357HigApr 24, 2017
    risk 0.49cvss 7.5epss 0.01

    Denial of Service attack when the switch rejects to receive packets from the controller. Component: This vulnerability affects OpenDaylight odl-l2switch-switch, which is the feature responsible for the OpenFlow communication. Version: OpenDaylight versions 3.3 (Lithium-SR3), 3.4…

  • CVE-2017-2334HigApr 24, 2017
    risk 0.49cvss 7.5epss 0.01

    An information leak vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a network-based malicious attacker to perform a man-in-the-middle attack, thereby stealing authentic credentials from encrypted paths which are…

  • CVE-2017-2332HigApr 24, 2017
    risk 0.57cvss 8.8epss 0.02

    An insufficient authentication vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a malicious, network based, unauthenticated attacker to perform privileged actions to gain complete control over the environment.

  • CVE-2017-2331HigApr 24, 2017
    risk 0.48cvss 7.3epss 0.01

    A firewall bypass vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a network-based malicious attacker to bypass firewall policies, leading to authentication bypass methods, information disclosure, modification of…

  • CVE-2017-2323HigApr 24, 2017
    risk 0.49cvss 7.5epss 0.01

    A denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a malicious attacker crafting packets destined to the device to cause a persistent denial of service to the path computation server service.

  • CVE-2017-2321HigApr 24, 2017
    risk 0.56cvss 8.6epss 0.01

    A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause various system services partial to full denials of services, modification of system states and…

  • CVE-2017-2319HigApr 24, 2017
    risk 0.54cvss 8.3epss 0.01

    A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a malicious attacker to compromise the systems confidentiality or integrity without authentication, leading to managed systems being compromised or services being…

  • CVE-2017-2317HigApr 24, 2017
    risk 0.56cvss 8.6epss 0.01

    A denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause denials of services to underlying database tables leading to potential…

  • CVE-2017-2315HigApr 24, 2017
    risk 0.49cvss 7.5epss 0.02

    On Juniper Networks EX Series Ethernet Switches running affected Junos OS versions, a vulnerability in IPv6 processing has been discovered that may allow a specially crafted IPv6 Neighbor Discovery (ND) packet destined to an EX Series Ethernet Switch to cause a slow memory leak.…

  • CVE-2017-2313HigApr 24, 2017
    risk 0.49cvss 7.5epss 0.02

    Juniper Networks devices running affected Junos OS versions may be impacted by the receipt of a crafted BGP UPDATE which can lead to an rpd (routing process daemon) crash and restart. Repeated crashes of the rpd daemon can result in an extended denial of service condition. The…

  • CVE-2017-7852HigApr 24, 2017
    risk 0.61cvss 8.8epss 0.04

    D-Link DCS cameras have a weak/insecure CrossDomain.XML file that allows sites hosting malicious Flash objects to access and/or change the device's settings via a CSRF attack. This is because of the 'allow-access-from domain' child element set to *, thus accepting requests from…