Filtered by vendor Oracle
Subscribe
Total
10321 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-0493 | 1 Oracle | 1 Solaris | 2025-04-12 | 3.3 LOW | N/A |
|
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect integrity and availability via unknown vectors related to Kernel Cryptography.
|
|||||
| CVE-2015-2582 | 5 Canonical, Debian, Mariadb and 2 more | 11 Ubuntu Linux, Debian Linux, Mariadb and 8 more | 2025-04-12 | 4.0 MEDIUM | N/A |
|
Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to GIS.
|
|||||
| CVE-2015-4485 | 4 Canonical, Mozilla, Opensuse and 1 more | 4 Ubuntu Linux, Firefox, Opensuse and 1 more | 2025-04-12 | 10.0 HIGH | N/A |
|
Heap-based buffer overflow in the resize_context_buffers function in libvpx in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code via malformed WebM video data.
|
|||||
| CVE-2014-2454 | 1 Oracle | 1 Hyperion | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Unspecified vulnerability in the Hyperion Common Admin component in Oracle Hyperion 11.1.2.2 and 11.1.2.3 allows remote attackers to affect confidentiality via unknown vectors related to User Interface.
|
|||||
| CVE-2014-6494 | 4 Juniper, Mariadb, Oracle and 1 more | 8 Junos Space, Mariadb, Mysql and 5 more | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL, a different vulnerability than CVE-2014-6496.
|
|||||
| CVE-2014-4210 | 1 Oracle | 1 Fusion Middleware | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0 and 10.3.6.0 allows remote attackers to affect confidentiality via vectors related to WLS - Web Services.
|
|||||
| CVE-2014-6563 | 1 Oracle | 1 Database Server | 2025-04-12 | 4.0 MEDIUM | N/A |
|
Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4294, CVE-2014-4295, and CVE-2014-6538.
|
|||||
| CVE-2016-5497 | 1 Oracle | 1 Database | 2025-04-12 | 4.4 MEDIUM | 6.4 MEDIUM |
|
Unspecified vulnerability in the RDBMS Security component in Oracle Database Server 12.1.0.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors.
|
|||||
| CVE-2014-0414 | 1 Oracle | 1 Fusion Middleware | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect confidentiality via vectors related to HTTP Request Handling.
|
|||||
| CVE-2016-5634 | 1 Oracle | 1 Mysql | 2025-04-12 | 4.0 MEDIUM | 4.9 MEDIUM |
|
Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to RBR.
|
|||||
| CVE-2016-5620 | 1 Oracle | 1 Flexcube Universal Banking | 2025-04-12 | 5.5 MEDIUM | 5.4 MEDIUM |
|
Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications 11.3.0, 11.4.0, 12.0.1 through 12.0.3, 12.1.0, and 12.2.0 allows remote authenticated users to affect confidentiality and integrity via vectors related to INFRA, a different vulnerability than CVE-2016-5619.
|
|||||
| CVE-2015-2317 | 6 Canonical, Debian, Djangoproject and 3 more | 6 Ubuntu Linux, Debian Linux, Django and 3 more | 2025-04-12 | 4.3 MEDIUM | N/A |
|
The utils.http.is_safe_url function in Django before 1.4.20, 1.5.x, 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1 does not properly validate URLs, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a control character in a URL, as demonstrated by a \x08javascript: URL.
|
|||||
| CVE-2016-5542 | 1 Oracle | 2 Jdk, Jre | 2025-04-12 | 4.3 MEDIUM | 3.1 LOW |
|
Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect integrity via vectors related to Libraries.
|
|||||
| CVE-2016-3423 | 1 Oracle | 1 Peoplesoft Enterprise Peopletools | 2025-04-12 | 3.5 LOW | 5.4 MEDIUM |
|
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote authenticated users to affect confidentiality and integrity via vectors related to Rich Text Editor, a different vulnerability than CVE-2016-0698.
|
|||||
| CVE-2015-0477 | 1 Oracle | 2 Jdk, Jre | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect integrity via unknown vectors related to Beans.
|
|||||
| CVE-2014-2427 | 3 Canonical, Debian, Oracle | 4 Ubuntu Linux, Debian Linux, Jdk and 1 more | 2025-04-12 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound.
|
|||||
| CVE-2016-5687 | 2 Imagemagick, Oracle | 2 Imagemagick, Solaris | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
|
The VerticalFilter function in the DDS coder in ImageMagick before 6.9.4-3 and 7.x before 7.0.1-4 allows remote attackers to have unspecified impact via a crafted DDS file, which triggers an out-of-bounds read.
|
|||||
| CVE-2014-4300 | 1 Oracle | 1 Database Server | 2025-04-12 | 4.0 MEDIUM | N/A |
|
Unspecified vulnerability in the SQLJ component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4298, CVE-2014-4299, CVE-2014-6452, CVE-2014-6454, and CVE-2014-6542.
|
|||||
| CVE-2015-4835 | 1 Oracle | 2 Jdk, Jre | 2025-04-12 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2015-4881.
|
|||||
| CVE-2016-3508 | 1 Oracle | 4 Jdk, Jre, Jrockit and 1 more | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2016-3500.
|
|||||
| CVE-2015-0365 | 1 Oracle | 1 Siebel Crm | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Unspecified vulnerability in the Siebel Core - Server Infrastructure component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect confidentiality via unknown vectors related to Security.
|
|||||
| CVE-2014-6500 | 3 Juniper, Mariadb, Oracle | 4 Junos Space, Mariadb, Mysql and 1 more | 2025-04-12 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to SERVER:SSL:yaSSL, a different vulnerability than CVE-2014-6491.
|
|||||
| CVE-2014-3144 | 4 Canonical, Debian, Linux and 1 more | 4 Ubuntu Linux, Debian Linux, Linux Kernel and 1 more | 2025-04-12 | 4.9 MEDIUM | N/A |
|
The (1) BPF_S_ANC_NLATTR and (2) BPF_S_ANC_NLATTR_NEST extension implementations in the sk_run_filter function in net/core/filter.c in the Linux kernel through 3.14.3 do not check whether a certain length value is sufficiently large, which allows local users to cause a denial of service (integer underflow and system crash) via crafted BPF instructions. NOTE: the affected code was moved to the __skb_get_nlattr and __skb_get_nlattr_nest functions before the vulnerability was announced.
|
|||||
| CVE-2016-0468 | 1 Oracle | 1 Business Intelligence | 2025-04-12 | 3.5 LOW | 5.4 MEDIUM |
|
Unspecified vulnerability in the Oracle Business Intelligence Enterprise Edition component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, and 12.2.1.0.0 allows remote authenticated users to affect confidentiality and integrity via vectors related to Analytics Web General.
|
|||||
| CVE-2015-7546 | 2 Openstack, Oracle | 3 Keystone, Keystonemiddleware, Solaris | 2025-04-12 | 6.0 MEDIUM | 7.5 HIGH |
|
The identity service in OpenStack Identity (Keystone) before 2015.1.3 (Kilo) and 8.0.x before 8.0.2 (Liberty) and keystonemiddleware (formerly python-keystoneclient) before 1.5.4 (Kilo) and Liberty before 2.3.3 does not properly invalidate authorization tokens when using the PKI or PKIZ token providers, which allows remote authenticated users to bypass intended access restrictions and gain access to cloud resources by manipulating byte fields within a revoked token.
|
|||||
| CVE-2016-0427 | 1 Oracle | 1 Enterprise Manager Grid Control | 2025-04-12 | 4.0 MEDIUM | N/A |
|
Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 11.1.0.1, 11.2.0.4, 12.1.0.4, and 12.1.0.5 allows remote authenticated users to affect confidentiality via unknown vectors related to UI Framework.
|
|||||
| CVE-2016-0443 | 1 Oracle | 1 Enterprise Manager Grid Control | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 11.1.0.1, 12.1.0.4, and 12.1.0.5 allows remote attackers to affect confidentiality via unknown vectors related to Agent Next Gen.
|
|||||
| CVE-2015-4914 | 1 Oracle | 1 Fusion Middleware | 2025-04-12 | 3.5 LOW | N/A |
|
Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 10.1.3.5, 11.1.1.7, 11.1.1.9, 12.1.2.0, and 12.1.3.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Web Listener.
|
|||||
| CVE-2015-4867 | 1 Oracle | 1 Fusion Middleware | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 10.1.3.5.1 allows remote attackers to affect integrity via unknown vectors related to Content Server, a different vulnerability than CVE-2015-4880.
|
|||||
| CVE-2016-0415 | 1 Oracle | 1 Enterprise Manager Grid Control | 2025-04-12 | 6.8 MEDIUM | N/A |
|
Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 11.1.0.1, 12.1.0.4, and 12.1.0.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to UI Framework.
|
|||||
| CVE-2016-4556 | 3 Canonical, Oracle, Squid-cache | 3 Ubuntu Linux, Linux, Squid | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
|
Double free vulnerability in Esi.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via a crafted Edge Side Includes (ESI) response.
|
|||||
| CVE-2015-4779 | 1 Oracle | 1 Berkeley Db | 2025-04-12 | 3.3 LOW | N/A |
|
Unspecified vulnerability in the Data Store component in Oracle Berkeley DB 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, and 12.1.6.0.35 allows local users to affect integrity and availability via unknown vectors, a different vulnerability than CVE-2015-4774 and CVE-2015-4788.
|
|||||
| CVE-2016-3498 | 1 Oracle | 2 Jdk, Jre | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 allows remote attackers to affect availability via vectors related to JavaFX.
|
|||||
| CVE-2016-0676 | 1 Oracle | 1 Solaris | 2025-04-12 | 4.0 MEDIUM | 4.7 MEDIUM |
|
Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect availability via vectors related to the kernel.
|
|||||
| CVE-2016-0431 | 1 Oracle | 1 Solaris | 2025-04-12 | 1.2 LOW | N/A |
|
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to Solaris Kernel Zones, a different vulnerability than CVE-2016-0419.
|
|||||
| CVE-2014-2431 | 3 Mariadb, Oracle, Redhat | 9 Mariadb, Mysql, Solaris and 6 more | 2025-04-12 | 2.6 LOW | N/A |
|
Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect availability via unknown vectors related to Options.
|
|||||
| CVE-2015-4916 | 1 Oracle | 3 Javafx, Jdk, Jre | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in Oracle Java SE 8u60 and JavaFX 2.2.85 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2015-4906 and CVE-2015-4908.
|
|||||
| CVE-2014-6485 | 1 Oracle | 1 Jre | 2025-04-12 | 9.3 HIGH | N/A |
|
Unspecified vulnerability in Oracle Java SE 8u20 and JavaFX 2.2.65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
|
|||||
| CVE-2015-3152 | 6 Debian, Fedoraproject, Mariadb and 3 more | 12 Debian Linux, Fedora, Mariadb and 9 more | 2025-04-12 | 4.3 MEDIUM | 5.9 MEDIUM |
|
Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3, and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, aka a "BACKRONYM" attack.
|
|||||
| CVE-2016-3578 | 1 Oracle | 1 Outside In Technology | 2025-04-12 | 9.0 HIGH | 8.6 HIGH |
|
Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-3574, CVE-2016-3575, CVE-2016-3576, CVE-2016-3577, CVE-2016-3579, CVE-2016-3580, CVE-2016-3581, CVE-2016-3582, CVE-2016-3583, CVE-2016-3590, CVE-2016-3591, CVE-2016-3592, CVE-2016-3593, CVE-2016-3594, CVE-2016-3595, and C ...
Show More |
|||||