Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
CVE-2017-3285 — Oracle Service_fulfillment_manager: Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle
Vulnerability in the Oracle Service Fulfillment Manager component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Service Fulfillment Manager. Successful attacks require human interaction from a person other than the attacker and while the vulnerability CVSSv3.1 8.2 (HIGH)
CVE-2017-3284 — Oracle Service_fulfillment_manager: Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle
Vulnerability in the Oracle Service Fulfillment Manager component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Service Fulfillment Manager. Successful attacks require human interaction from a person other than the attacker and while the vulnerability CVSSv3.1 8.2 (HIGH)
CVE-2017-3279 — Oracle Leads_management: Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle
Vulnerability in the Oracle Leads Management component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Leads Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Leads Management, attacks may significant CVSSv3.1 8.2 (HIGH)
CVE-2017-3278 — Oracle One-to-one_fulfillment: Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle
Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: Request Confirmation). The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment, attacks may signi CVSSv3.1 8.2 (HIGH)
CVE-2017-3275 — Oracle Email_center: Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle
Vulnerability in the Oracle Email Center component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Email Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Email Center, att CVSSv3.1 8.2 (HIGH)
CVE-2017-3274 — Oracle Email_center: Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle
Vulnerability in the Oracle Email Center component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Email Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Email Center, att CVSSv3.1 8.2 (HIGH)
CVE-2017-3272 — Oracle Jdk: Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java CVSSv3.1 9.6 (CRITICAL)
CVE-2017-3271 — Oracle Outside_in_technology: Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle
Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters ). Supported versions that are affected are 8.5.2 and 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Outside In Technology accessible d CVSSv3.1 8.6 (HIGH)
CVE-2017-3266 — Oracle Outside_in_technology: Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle
Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.2 and 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in takeover of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development CVSSv3.1 9.8 (CRITICAL)
CVE-2017-3263 — Oracle Primavera_p6_enterprise_project_portfolio_management: Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise
Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Team Member). Supported versions that are affected are 8.2, 8.3, 8.4, 15.1, 15.2, 16.1 and 16.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion o CVSSv3.1 8.1 (HIGH)
CVE-2017-3260 — Oracle Jdk: Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 7u121 and 8u112. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of CVSSv3.1 8.3 (HIGH)
CVE-2017-3248 — Oracle Weblogic_server: Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.0 and 12.2.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS v3.0 Base Score 9.8 (Confidentiality, Integrity and Ava CVSSv3.1 9.8 (CRITICAL)
CVE-2017-3241 — Oracle Jdk: Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impac CVSSv3.1 9.0 (CRITICAL)
CVE-2016-9636 — Gstreamer Gstreamer: Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in
Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'write count' that goes beyond the initialized buffer. CVSSv3.1 9.8 (CRITICAL)
CVE-2016-9635 — Gstreamer Gstreamer: Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in
Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'skip count' that goes beyond initialized buffer. CVSSv3.1 9.8 (CRITICAL)
CVE-2016-9634 — Gstreamer Gstreamer: Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in
Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via the start_line parameter. CVSSv3.1 9.8 (CRITICAL)
CVE-2016-8325 — Oracle One-to-one_fulfillment: Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle
Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: Internal Operations). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to cri CVSSv3.1 9.1 (CRITICAL)
CVE-2016-8315 — Oracle Flexcube_investor_servicing: Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise
Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Infrastructure Code). Supported versions that are affected are 12.0.1, 12.0.2,12.0.4,12.1.0 and 12.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access CVSSv3.1 8.1 (HIGH)
CVE-2016-8312 — Oracle Flexcube_private_banking: Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle
Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Product / Instrument Search). Supported versions that are affected are 2.0.1, 2.2.0 and 12.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CVSSv3.1 8.2 (HIGH)
CVE-2016-8298 — Oracle Flexcube_private_banking: Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise
Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Product / Instrument Search). Supported versions that are affected are 2.0.1, 2.2.0 and 12.0.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical da CVSSv3.1 8.1 (HIGH)
CVE-2016-8297 — Oracle Flexcube_universal_banking: Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise
Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 and 12.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access CVSSv3.1 8.1 (HIGH)
CVE-2016-5528 — Oracle Glassfish_server: Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to
Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Security). Supported versions that are affected are 2.1.1, 3.0.1 and 3.1.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GlassFish Server. While the vulnerability is in Oracle GlassFish Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can res CVSSv3.1 9.0 (CRITICAL)
CVE-2016-8411 — Google Android: Buffer overflow vulnerability while processing QMI QOS TLVs.
Buffer overflow vulnerability while processing QMI QOS TLVs. Product: Android. Versions: versions that have qmi_qos_srvc.c. Android ID: 31805216. References: QC CR#912775. CVSSv3.1 9.8 (CRITICAL)
CVE-2016-9054 — Aerospike Database_server: An exploitable stack-based buffer overflow vulnerability exists in the querying functionality of Aerospike Database
An exploitable stack-based buffer overflow vulnerability exists in the querying functionality of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause a stack-based buffer overflow in the function as_sindex__simatch_list_by_set_binid resulting in remote code execution. An attacker can simply connect to the port to trigger this vulnerability. CVSSv3.1 9.8 (CRITICAL)
CVE-2016-9052 — Aerospike Database_server: An exploitable stack-based buffer overflow vulnerability exists in the querying functionality of Aerospike Database
An exploitable stack-based buffer overflow vulnerability exists in the querying functionality of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause a stack-based buffer overflow in the function as_sindex__simatch_by_iname resulting in remote code execution. An attacker can simply connect to the port to trigger this vulnerability. CVSSv3.1 9.8 (CRITICAL)