Filtered by vendor Oracle
Subscribe
Search
Total
376 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-3546 | 1 Oracle | 1 Advanced Collections | 2017-09-01 | 9.4 HIGH | 9.1 CRITICAL |
| Unspecified vulnerability in the Oracle Advanced Collections component in Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Report JSPs. | |||||
| CVE-2016-3543 | 1 Oracle | 1 Common Applications Calendar | 2017-09-01 | 9.4 HIGH | 9.1 CRITICAL |
| Unspecified vulnerability in the Oracle Common Applications Calendar component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and integrity via vectors related to Tasks. | |||||
| CVE-2016-3541 | 1 Oracle | 1 Common Applications Calendar | 2017-09-01 | 9.4 HIGH | 9.1 CRITICAL |
| Unspecified vulnerability in the Oracle Common Applications Calendar component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and integrity via vectors related to Notes. | |||||
| CVE-2016-3527 | 1 Oracle | 1 Demand Planning | 2017-09-01 | 9.4 HIGH | 9.1 CRITICAL |
| Unspecified vulnerability in the Oracle Demand Planning component in Oracle Supply Chain Products Suite 12.1 and 12.2 allows remote attackers to affect confidentiality and integrity via vectors related to ODPDA Servlet. | |||||
| CVE-2016-3493 | 1 Oracle | 1 Hyperion Financial Reporting | 2017-09-01 | 10.0 HIGH | 9.8 CRITICAL |
| Unspecified vulnerability in the Hyperion Financial Reporting component in Oracle Hyperion 11.1.2.4 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Security Models. | |||||
| CVE-2016-3468 | 1 Oracle | 1 Agile Engineering Data Management | 2017-09-01 | 10.0 HIGH | 9.8 CRITICAL |
| Unspecified vulnerability in the Oracle Agile Engineering Data Management component in Oracle Supply Chain Products Suite 6.1.3.0 and 6.2.0.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Install. | |||||
| CVE-2016-3444 | 1 Oracle | 1 Retail Integration Bus | 2017-09-01 | 10.0 HIGH | 9.8 CRITICAL |
| Unspecified vulnerability in the Oracle Retail Integration Bus component in Oracle Retail Applications 13.0, 13.1, 13.2, 14.0, 14.1, and 15.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Install. | |||||
| CVE-2016-3504 | 1 Oracle | 1 Jdeveloper | 2017-09-01 | 7.5 HIGH | 9.8 CRITICAL |
| Unspecified vulnerability in the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, 11.1.2.4.0, 12.1.3.0.0, and 12.2.1.0.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to ADF Faces. | |||||
| CVE-2016-5605 | 1 Oracle | 1 Vm Virtualbox | 2017-07-29 | 6.4 MEDIUM | 9.1 CRITICAL |
| Unspecified vulnerability in the Oracle VM VirtualBox component before 5.1.4 in Oracle Virtualization allows remote attackers to affect confidentiality and integrity via vectors related to VRDE. | |||||
| CVE-2016-3551 | 1 Oracle | 1 Weblogic Server | 2017-07-29 | 10.0 HIGH | 9.8 CRITICAL |
| Unspecified vulnerability in the Oracle Web Services component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, 12.1.3.0.0, and 12.2.1.0.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXWS Web Services Stack. | |||||
| CVE-2016-5555 | 1 Oracle | 1 Database Server | 2017-07-29 | 6.5 MEDIUM | 9.1 CRITICAL |
| Unspecified vulnerability in the OJVM component in Oracle Database Server 11.2.0.4 and 12.1.0.2 allows remote administrators to affect confidentiality, integrity, and availability via unknown vectors. | |||||
| CVE-2017-3310 | 1 Oracle | 1 Database | 2017-07-26 | 6.0 MEDIUM | 9.0 CRITICAL |
| Vulnerability in the OJVM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4 and 12.1.0.2. Easily exploitable vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via multiple protocols to compromise OJVM. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in OJVM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of OJVM. CVSS v3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). | |||||
| CVE-2017-1000030 | 1 Oracle | 1 Glassfish Server | 2017-07-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| Oracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to Java Key Store Password Disclosure vulnerability, that makes it possible to provide an unauthenticated attacker plain text password of administrative user and grant access to the web-based administration interface. | |||||
| CVE-2016-8325 | 1 Oracle | 1 One-to-one Fulfillment | 2017-02-11 | 6.4 MEDIUM | 9.1 CRITICAL |
| Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: Internal Operations). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle One-to-One Fulfillment accessible data as well as unauthorized access to critical data or complete access to all Oracle One-to-One Fulfillment accessible data. CVSS v3.0 Base Score 9.1 (Confidentiality and Integrity impacts). | |||||
| CVE-2016-5528 | 1 Oracle | 1 Glassfish Server | 2017-01-31 | 6.8 MEDIUM | 9.0 CRITICAL |
| Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Security). Supported versions that are affected are 2.1.1, 3.0.1 and 3.1.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GlassFish Server. While the vulnerability is in Oracle GlassFish Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle GlassFish Server. CVSS v3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). | |||||
| CVE-2016-5687 | 2 Imagemagick, Oracle | 2 Imagemagick, Solaris | 2016-12-16 | 7.5 HIGH | 9.8 CRITICAL |
| The VerticalFilter function in the DDS coder in ImageMagick before 6.9.4-3 and 7.x before 7.0.1-4 allows remote attackers to have unspecified impact via a crafted DDS file, which triggers an out-of-bounds read. | |||||
| CVE-2016-5689 | 2 Imagemagick, Oracle | 2 Imagemagick, Solaris | 2016-12-16 | 7.5 HIGH | 9.8 CRITICAL |
| The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of NULL pointer checks. | |||||
| CVE-2016-5691 | 2 Imagemagick, Oracle | 2 Imagemagick, Solaris | 2016-12-16 | 7.5 HIGH | 9.8 CRITICAL |
| The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of validation of (1) pixel.red, (2) pixel.green, and (3) pixel.blue. | |||||
| CVE-2016-5690 | 2 Imagemagick, Oracle | 2 Imagemagick, Solaris | 2016-12-16 | 7.5 HIGH | 9.8 CRITICAL |
| The ReadDCMImage function in DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact via vectors involving the for statement in computing the pixel scaling table. | |||||
| CVE-2016-5841 | 2 Imagemagick, Oracle | 2 Imagemagick, Solaris | 2016-12-15 | 7.5 HIGH | 9.8 CRITICAL |
| Integer overflow in MagickCore/profile.c in ImageMagick before 7.0.2-1 allows remote attackers to cause a denial of service (segmentation fault) or possibly execute arbitrary code via vectors involving the offset variable. | |||||
| CVE-2016-3454 | 1 Oracle | 1 Database | 2016-12-03 | 7.6 HIGH | 9.0 CRITICAL |
| Unspecified vulnerability in the Java VM component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | |||||
| CVE-2016-3466 | 1 Oracle | 1 Field Service | 2016-12-03 | 6.4 MEDIUM | 9.1 CRITICAL |
| Unspecified vulnerability in the Oracle Field Service component in Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Wireless. | |||||
| CVE-2016-0699 | 1 Oracle | 1 Flexcube Direct Banking | 2016-12-03 | 9.4 HIGH | 9.1 CRITICAL |
| Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 12.0.2 and 12.0.3 allows remote attackers to affect confidentiality and integrity via vectors related to the Login sub-component. | |||||
| CVE-2016-0693 | 1 Oracle | 1 Solaris | 2016-12-03 | 10.0 HIGH | 9.8 CRITICAL |
| Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to the PAM LDAP module. | |||||
| CVE-2016-5599 | 1 Oracle | 1 Advanced Supply Chain Planning | 2016-11-28 | 6.4 MEDIUM | 9.1 CRITICAL |
| Unspecified vulnerability in the Oracle Advanced Supply Chain Planning component in Oracle Supply Chain Products Suite 12.2.3 through 12.2.5 allows remote attackers to affect confidentiality and integrity via vectors related to MscObieeSrvlt. | |||||
| CVE-2016-5580 | 1 Oracle | 1 Secure Global Desktop | 2016-11-28 | 5.5 MEDIUM | 9.6 CRITICAL |
| Unspecified vulnerability in the Secure Global Desktop component in Oracle Virtualization 4.7 and 5.2 allows remote authenticated users to affect confidentiality and availability via vectors through Web Services. | |||||