CVE-2017-10388 – OpenJDK: use of unprotected sname in Kerberos client (Libraries, 8178794)
https://notcve.org/view.php?id=CVE-2017-10388
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. • http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.securityfocus.com/bid/101321 http://www.securitytracker.com/id/1039596 https://access.redhat.com/errata/RHSA-2017:2998 https://access.redhat.com/errata/RHSA-2017:2999 https://access.redhat.com/errata/RHSA-2017:3046 https://access.redhat.com/errata/RHSA-2017:3047 https://access.redhat.com/errata/RHSA-2017:3264 https://access.redhat.com/errata/RHSA-2017:3267 https://access.redhat.com/errata/ • CWE-345: Insufficient Verification of Data Authenticity •
CVE-2017-10309 – Oracle Java SE - Web Start jnlp XML External Entity Processing Information Disclosure
https://notcve.org/view.php?id=CVE-2017-10309
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 8u144 and 9. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. • https://www.exploit-db.com/exploits/43103 http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.securityfocus.com/bid/101328 http://www.securitytracker.com/id/1039596 https://access.redhat.com/errata/RHSA-2017:2999 https://access.redhat.com/errata/RHSA-2017:3264 https://access.redhat.com/errata/RHSA-2017:3267 https://access.redhat.com/errata/RHSA-2017:3453 https://security.gentoo.org/glsa/201710-31 https://security.netapp.com/advisory/ntap-201710 •
CVE-2017-10286 – mysql: Server: InnoDB unspecified vulnerability (CPU Oct 2017)
https://notcve.org/view.php?id=CVE-2017-10286
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). • http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.securityfocus.com/bid/101397 http://www.securitytracker.com/id/1039597 https://access.redhat.com/errata/RHSA-2017:3265 https://access.redhat.com/errata/RHSA-2017:3442 https://access.redhat.com/errata/RHSA-2018:0279 https://access.redhat.com/errata/RHSA-2018:0574 https://security.netapp.com/advisory/ntap-20171019-0002 https://access.redhat.com/security/cve/CVE-2017-10286 https://bugzilla.redhat. •
CVE-2017-10365 – mysql: Server: InnoDB unspecified vulnerability (CPU Oct 2017)
https://notcve.org/view.php?id=CVE-2017-10365
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.0 Base Score 3.8 (Integrity and Availability impacts). • http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.securityfocus.com/bid/101429 http://www.securitytracker.com/id/1039597 https://access.redhat.com/errata/RHSA-2017:3442 https://security.netapp.com/advisory/ntap-20171019-0002 https://access.redhat.com/security/cve/CVE-2017-10365 https://bugzilla.redhat.com/show_bug.cgi?id=1503682 •
CVE-2017-10268 – mysql: Server: Replication unspecified vulnerability (CPU Oct 2017)
https://notcve.org/view.php?id=CVE-2017-10268
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 4.1 (Confidentiality impacts). • http://www.debian.org/security/2017/dsa-4002 http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.securityfocus.com/bid/101390 http://www.securitytracker.com/id/1039597 https://access.redhat.com/errata/RHSA-2017:3265 https://access.redhat.com/errata/RHSA-2017:3442 https://access.redhat.com/errata/RHSA-2018:0279 https://access.redhat.com/errata/RHSA-2018:0574 https://access.redhat.com/errata/RHSA-2018:2439 https://access.redhat.com/errata/RH •