Vulnerabilities > Oracle > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-19 | CVE-2017-10155 | Unspecified vulnerability in Oracle Mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth). | 7.5 |
| 2017-10-19 | CVE-2017-10065 | Unspecified vulnerability in Oracle Retail Point-Of-Service Vulnerability in the Oracle Retail Point-of-Service component of Oracle Retail Applications (subcomponent: Security). | 8.5 |
| 2017-10-19 | CVE-2017-10060 | Unspecified vulnerability in Oracle Business Intelligence Vulnerability in the Oracle Business Intelligence Enterprise Edition component of Oracle Fusion Middleware (subcomponent: Analytics Web General). | 8.2 |
| 2017-10-19 | CVE-2017-10050 | Unspecified vulnerability in Oracle Hospitality Suite8 8.10.1/8.10.2 Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hospitality Applications (subcomponent: WebConnect). | 8.2 |
| 2017-10-19 | CVE-2017-10037 | Information Exposure vulnerability in Oracle Business Intelligence Publisher 11.1.1.7.0/11.1.1.9.0 Vulnerability in the Oracle BI Publisher component of Oracle Fusion Middleware (subcomponent: Web Service API). | 7.5 |
| 2017-10-19 | CVE-2017-10034 | Unspecified vulnerability in Oracle Business Intelligence Publisher 11.1.1.7.0/11.1.1.9.0 Vulnerability in the Oracle BI Publisher component of Oracle Fusion Middleware (subcomponent: Core Formatting API). | 8.2 |
| 2017-10-19 | CVE-2017-10026 | Unspecified vulnerability in Oracle SOA Suite 11.1.1.7.0 Vulnerability in the Oracle SOA Suite component of Oracle Fusion Middleware (subcomponent: Fabric Layer). | 8.2 |
| 2017-10-04 | CVE-2017-12617 | Unrestricted Upload of File with Dangerous Type vulnerability in multiple products When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. | 8.1 |
| 2017-08-11 | CVE-2016-6796 | A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 was able to bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet. | 7.5 |
| 2017-08-10 | CVE-2016-6797 | Incorrect Authorization vulnerability in multiple products The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked to the web application. | 7.5 |