Filtered by vendor Oracle
Subscribe
Search
Total
3509 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-2429 | 1 Oracle | 1 Peoplesoft Products | 2014-04-16 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the PeopleSoft Enterprise CS Campus Self Service component in Oracle PeopleSoft Products 9.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Campus Mobile. | |||||
| CVE-2014-2411 | 1 Oracle | 2 Identity Analytics, Sun Role Manager | 2014-04-16 | 6.5 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Identity Analytics component in Oracle Fusion Middleware Oracle Identity Analytics 11.1.1.5 and Sun Role Manager 5.0 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Security. | |||||
| CVE-2014-2426 | 1 Oracle | 1 Fusion Middleware | 2014-04-16 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle OpenSSO component in Oracle Fusion Middleware 8.0 Update 2 Patch 5 allows remote authenticated users to affect integrity and availability via unknown vectors related to Admin Console. | |||||
| CVE-2014-2425 | 1 Oracle | 1 Fusion Middleware | 2014-04-16 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle OpenSSO component in Oracle Fusion Middleware 8.0 Update 2 Patch 5 allows remote authenticated users to affect confidentiality via unknown vectors. | |||||
| CVE-2014-2408 | 1 Oracle | 1 Database Server | 2014-04-16 | 6.6 MEDIUM | N/A |
| Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to the "Grant Any Object Privilege." | |||||
| CVE-2014-2450 | 1 Oracle | 1 Mysql | 2014-04-16 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. | |||||
| CVE-2014-2406 | 1 Oracle | 1 Database Server | 2014-04-16 | 8.5 HIGH | N/A |
| Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to "Advisor" and "Select Any Dictionary" privileges. | |||||
| CVE-2014-2444 | 1 Oracle | 1 Mysql | 2014-04-16 | 6.5 MEDIUM | N/A |
| Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to InnoDB. | |||||
| CVE-2014-2442 | 1 Oracle | 1 Mysql | 2014-04-16 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to MyISAM. | |||||
| CVE-2014-2451 | 1 Oracle | 1 Mysql | 2014-04-16 | 3.5 LOW | N/A |
| Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Privileges. | |||||
| CVE-2014-0465 | 1 Oracle | 1 Fusion Middleware | 2014-04-16 | 3.5 LOW | N/A |
| Unspecified vulnerability in the Oracle OpenSSO component in Oracle Fusion Middleware 8.0 Update 2 Patch 5 allows remote authenticated users to affect integrity via unknown vectors related to Admin Console. | |||||
| CVE-2014-2455 | 1 Oracle | 1 Hyperion | 2014-04-16 | 6.0 MEDIUM | N/A |
| Unspecified vulnerability in the Hyperion Common Admin component in Oracle Hyperion 11.1.2.2 and 11.1.2.3 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to User Interface. | |||||
| CVE-2014-2454 | 1 Oracle | 1 Hyperion | 2014-04-16 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the Hyperion Common Admin component in Oracle Hyperion 11.1.2.2 and 11.1.2.3 allows remote attackers to affect confidentiality via unknown vectors related to User Interface. | |||||
| CVE-2014-2453 | 1 Oracle | 1 Hyperion | 2014-04-16 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the Hyperion Common Admin component in Oracle Hyperion 11.1.2.2 and 11.1.2.3 allows remote attackers to affect integrity via unknown vectors related to User Interface. | |||||
| CVE-2014-0426 | 1 Oracle | 1 Fusion Middleware | 2014-04-16 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect integrity via vectors related to HTTP Request Handling, a different vulnerability than CVE-2014-0413. | |||||
| CVE-2014-0450 | 1 Oracle | 1 Fusion Middleware | 2014-04-16 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle WebCenter Portal component in Oracle Fusion Middleware 11.1.1.7 and 11.1.1.8 allows remote attackers to affect confidentiality via unknown vectors related to People Connection. | |||||
| CVE-2014-0442 | 2 Oracle, Sun | 2 Sunos, Sunos | 2014-04-16 | 4.6 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Solaris 9, 10, and 11.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Print Filter Utility. | |||||
| CVE-2014-0414 | 1 Oracle | 1 Fusion Middleware | 2014-04-16 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect confidentiality via vectors related to HTTP Request Handling. | |||||
| CVE-2014-0413 | 1 Oracle | 1 Fusion Middleware | 2014-04-16 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect integrity via vectors related to HTTP Request Handling, a different vulnerability than CVE-2014-0426. | |||||
| CVE-2013-0397 | 1 Oracle | 1 E-business Suite | 2014-03-16 | 6.4 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Diagnostics. | |||||
| CVE-2013-0381 | 1 Oracle | 1 E-business Suite | 2014-03-16 | 6.4 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Application Framework. | |||||
| CVE-2013-0366 | 1 Oracle | 1 Database Mobile\/lite Server | 2014-03-16 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Mobile Server component in Oracle Database Mobile/Lite Server (formerly Oracle Database Lite) 10.3.0.3 and 11.1.0.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2013-0361. | |||||
| CVE-2013-0364 | 1 Oracle | 2 Database Lite, Database Mobile\/lite Server | 2014-03-16 | 7.8 HIGH | N/A |
| Unspecified vulnerability in the Mobile Server component in Oracle Database Mobile/Lite Server (formerly Oracle Database Lite) 10.3.0.3 and 11.1.0.0 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2013-0362 and CVE-2013-0363. | |||||
| CVE-2013-0363 | 1 Oracle | 1 Database Mobile\/lite Server | 2014-03-16 | 7.8 HIGH | N/A |
| Unspecified vulnerability in the Mobile Server component in Oracle Database Mobile/Lite Server (formerly Oracle Database Lite) 10.3.0.3 and 11.1.0.0 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2013-0362 and CVE-2013-0364. | |||||
| CVE-2013-0361 | 1 Oracle | 2 Database Lite, Database Mobile\/lite Server | 2014-03-16 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Mobile Server component in Oracle Database Mobile/Lite Server (formerly Oracle Database Lite) 10.3.0.3 and 11.1.0.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2013-0366. | |||||
| CVE-2013-0354 | 1 Oracle | 2 Enterprise Manager Database Control, Enterprise Manager Grid Control | 2014-03-16 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5, and EM DB Control 11.1.0.7, 11.2.0.2, and 11.2.0.3, allows remote attackers to affect integrity via unknown vectors related to Policy Framework. | |||||
| CVE-2012-3190 | 1 Oracle | 1 E-business Suite | 2014-03-16 | 6.4 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Universal Work Queue component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity, related to UWQ Server Issues. | |||||
| CVE-2014-0378 | 1 Oracle | 1 Database Server | 2014-03-06 | 4.1 MEDIUM | N/A |
| Unspecified vulnerability in the Spatial component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors. | |||||
| CVE-2014-0377 | 1 Oracle | 1 Database Server | 2014-03-06 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect confidentiality via vectors related to SYS tables. | |||||
| CVE-2013-5853 | 1 Oracle | 1 Database Server | 2014-03-06 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, and 12.1.0.1 allows remote attackers to affect availability via unknown vectors. | |||||
| CVE-2013-5764 | 1 Oracle | 1 Database Server | 2014-03-06 | 3.5 LOW | N/A |
| Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, and 12.1.0.1 allows remote authenticated users to affect availability via unknown vectors. | |||||
| CVE-2013-2395 | 1 Oracle | 1 Mysql | 2014-02-21 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language, a different vulnerability than CVE-2013-1567. | |||||
| CVE-2013-2381 | 1 Oracle | 1 Mysql | 2014-02-21 | 3.5 LOW | N/A |
| Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server Privileges. | |||||
| CVE-2013-1570 | 1 Oracle | 1 Mysql | 2014-02-21 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote attackers to affect availability via unknown vectors related to MemCached. | |||||
| CVE-2013-1567 | 1 Oracle | 1 Mysql | 2014-02-21 | 3.5 LOW | N/A |
| Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language, a different vulnerability than CVE-2013-2395. | |||||
| CVE-2013-1566 | 1 Oracle | 1 Mysql | 2014-02-21 | 3.5 LOW | N/A |
| Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB. | |||||
| CVE-2013-1532 | 1 Oracle | 1 Mysql | 2014-02-21 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Information Schema. | |||||
| CVE-2013-1526 | 1 Oracle | 1 Mysql | 2014-02-21 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Replication. | |||||
| CVE-2013-0422 | 1 Oracle | 2 Jdk, Jre | 2014-02-21 | 10.0 HIGH | N/A |
| Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute arbitrary code by (1) using the public getMBeanInstantiator method in the JmxMBeanServer class to obtain a reference to a private MBeanInstantiator object, then retrieving arbitrary Class references using the findClass method, and (2) using the Reflection API with recursion in a way that bypasses a security check by the java.lang.invoke.MethodHandles.Lookup.checkSecurityManager method due to the inability of the sun.reflect.Reflection.getCallerClass method to skip frames related to the new reflection API, as exploited in the wild in January 2013, as demonstrated by Blackhole and Nuclear Pack, and a different vulnerability than CVE-2012-4681 and CVE-2012-3174. NOTE: some parties have mapped the recursive Reflection API issue to CVE-2012-3174, but CVE-2012-3174 is for a different vulnerability whose details are not public as of 20130114. CVE-2013-0422 covers both the JMX/MBean and Reflection API issues. NOTE: it was originally reported that Java 6 was also vulnerable, but the reporter has retracted this claim, stating that Java 6 is not exploitable because the relevant code is called in a way that does not bypass security checks. NOTE: as of 20130114, a reliable third party has claimed that the findClass/MBeanInstantiator vector was not fixed in Oracle Java 7 Update 11. If there is still a vulnerable condition, then a separate CVE identifier might be created for the unfixed issue. | |||||
| CVE-2012-5614 | 2 Mariadb, Oracle | 2 Mariadb, Mysql | 2014-02-21 | 4.0 MEDIUM | N/A |
| Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (mysqld crash) via a SELECT command with an UpdateXML command containing XML with a large number of unique, nested elements. | |||||
| CVE-2012-5613 | 3 Linux, Mariadb, Oracle | 3 Linux, Mariadb, Mysql | 2014-02-21 | 6.0 MEDIUM | N/A |
| ** DISPUTED ** MySQL 5.5.19 and possibly other versions, and MariaDB 5.5.28a and possibly other versions, when configured to assign the FILE privilege to users who should not have administrative privileges, allows remote authenticated users to gain privileges by leveraging the FILE privilege to create files as the MySQL administrator. NOTE: the vendor disputes this issue, stating that this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation. NOTE: it could be argued that this should not be included in CVE because it is a configuration issue. | |||||
| CVE-2012-3174 | 1 Oracle | 2 Jdk, Jre | 2014-02-21 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Oracle Java 7 before Update 11 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2013-0422. NOTE: some parties have mapped CVE-2012-3174 to an issue involving recursive use of the Reflection API, but that issue is already covered as part of CVE-2013-0422. This identifier is for a different vulnerability whose details are not public as of 20130114. | |||||
| CVE-2012-2122 | 2 Mariadb, Oracle | 2 Mariadb, Mysql | 2014-02-21 | 5.1 MEDIUM | N/A |
| sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62, 5.2.x before 5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23, when running in certain environments with certain implementations of the memcmp function, allows remote attackers to bypass authentication by repeatedly authenticating with the same incorrect password, which eventually causes a token comparison to succeed due to an improperly-checked return value. | |||||
| CVE-2014-0445 | 1 Oracle | 1 Peoplesoft Products | 2014-02-07 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote attackers to affect integrity via vectors related to PIA Core Technology, a different vulnerability than CVE-2014-0381. | |||||
| CVE-2014-0444 | 1 Oracle | 1 Supply Chain Products Suite | 2014-02-07 | 3.5 LOW | N/A |
| Unspecified vulnerability in the Oracle AutoVue Electro-Mechanical Professional component in Oracle Supply Chain Products Suite 20.1.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Web General, a different vulnerability than CVE-2013-5868 and CVE-2013-5871. | |||||
| CVE-2014-0443 | 1 Oracle | 1 Peoplesoft Products | 2014-02-07 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 allows remote attackers to affect integrity via unknown vectors related to Security. | |||||
| CVE-2014-0441 | 1 Oracle | 1 Peoplesoft Products | 2014-02-07 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote attackers to affect availability via unknown vectors related to Integration Broker. | |||||
| CVE-2014-0440 | 1 Oracle | 1 Peoplesoft Products | 2014-02-07 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote authenticated users to affect availability via vectors related to PIA Core Technology. | |||||
| CVE-2014-0439 | 1 Oracle | 1 Peoplesoft Products | 2014-02-07 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote authenticated users to affect integrity via unknown vectors related to Report Distribution. | |||||
| CVE-2014-0438 | 1 Oracle | 1 Peoplesoft Products | 2014-02-07 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote authenticated users to affect confidentiality via unknown vectors related to Panel Processor. | |||||