Search
Total
21119 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-0555 | 1 Oracle | 1 Fusion Middleware | 2017-12-07 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows remote attackers to affect confidentiality, integrity, and availability, related to Outside In Image Export SDK, a different vulnerability than CVE-2012-0554, CVE-2012-0556, and CVE-2012-0557. | |||||
| CVE-2012-0554 | 1 Oracle | 1 Fusion Middleware | 2017-12-07 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows remote attackers to affect confidentiality, integrity, and availability, related to Outside In Image Export SDK, a different vulnerability than CVE-2012-0555, CVE-2012-0556, and CVE-2012-0557. | |||||
| CVE-2012-0550 | 1 Oracle | 1 Glassfish Server | 2017-12-07 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in the GlassFish Enterprise Server component in Oracle Sun Products Suite GlassFish Enterprise Server 3.1.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Web Container. | |||||
| CVE-2012-1698 | 1 Sun | 1 Sunos | 2017-12-07 | 2.1 LOW | N/A |
| Unspecified vulnerability in Oracle Sun Solaris 11 allows remote authenticated users to affect confidentiality, related to Kernel/GLD. | |||||
| CVE-2012-0549 | 1 Oracle | 1 Supply Chain Products Suite | 2017-12-07 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the Oracle AutoVue Office component in Oracle Supply Chain Products Suite 20.1.1 allows remote attackers to affect confidentiality, integrity, and availability, related to Desktop API. | |||||
| CVE-2012-1691 | 1 Sun | 1 Sunos | 2017-12-07 | 6.6 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kernel/Privileges. | |||||
| CVE-2012-0513 | 1 Oracle | 1 E-business Suite | 2017-12-07 | 2.6 LOW | N/A |
| Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.0.6 and 12.1.3 allows remote attackers to affect integrity, related to REST Services. | |||||
| CVE-2012-1692 | 1 Sun | 1 Sunos | 2017-12-07 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect availability, related to SCTP. | |||||
| CVE-2012-0514 | 1 Oracle | 1 Peoplesoft Products | 2017-12-07 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the PeopleSoft Enterprise CRM component in Oracle PeopleSoft Products 9.1 allows remote authenticated users to affect confidentiality, related to SEC. | |||||
| CVE-2012-0515 | 1 Oracle | 1 Fusion Middleware | 2017-12-07 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the Identity Manager Connector component in Oracle Fusion Middleware 9.1.0.4 allows remote authenticated users to affect integrity via unknown vectors. | |||||
| CVE-2012-0580 | 1 Oracle | 1 Supply Chain Products Suite | 2017-12-07 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Agile PLM for Process component in Oracle Supply Chain Products Suite 5.2.2, 6.0.0, and 6.1.1 allows remote attackers to affect integrity via unknown vectors related to Supplier Portal. | |||||
| CVE-2012-0548 | 1 Oracle | 6 Sparc Enterprise M3000 Server, Sparc Enterprise M4000 Server, Sparc Enterprise M5000 Server and 3 more | 2017-12-07 | 2.1 LOW | N/A |
| Unspecified vulnerability in Oracle SPARC Enterprise M Series Servers XCP 1110 and earlier allows local users to affect confidentiality, related to XSCF Control Package (XCP). | |||||
| CVE-2012-0517 | 1 Oracle | 1 Peoplesoft Products | 2017-12-07 | 5.5 MEDIUM | N/A |
| Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to eCompensation Manager Desktop. | |||||
| CVE-2012-1002 | 1 Zakongroup | 1 Openconf | 2017-12-07 | 10.0 HIGH | N/A |
| SQL injection vulnerability in author/edit.php in OpenConf 4.x before 4.12 allows remote attackers to execute arbitrary SQL commands via the pid parameter. | |||||
| CVE-2012-0521 | 1 Oracle | 1 Peoplesoft Products | 2017-12-07 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.1 Bundle #9 allows remote authenticated users to affect confidentiality via unknown vectors related to Human Resources. | |||||
| CVE-2012-1693 | 1 Oracle | 6 Sparc Enterprise M3000 Server, Sparc Enterprise M4000 Server, Sparc Enterprise M5000 Server and 3 more | 2017-12-07 | 2.6 LOW | N/A |
| Unspecified vulnerability in Oracle SPARC Enterprise M Series Servers XCP 1110 allows remote attackers to affect availability, related to XSCF Control Package (XCP). | |||||
| CVE-2012-0543 | 1 Oracle | 1 Fusion Middleware | 2017-12-07 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the BI Publisher (formerly XML Publisher) component in Oracle Fusion Middleware 10.1.3.4.1 and 10.1.3.4.2 allows remote attackers to affect integrity via unknown vectors related to Administration. | |||||
| CVE-2012-0529 | 1 Oracle | 1 Peoplesoft Products | 2017-12-07 | 3.5 LOW | N/A |
| Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51 allows remote authenticated users to affect integrity via unknown vectors related to core. | |||||
| CVE-2012-0126 | 1 Hp | 1 Hp-ux | 2017-12-06 | 5.8 MEDIUM | N/A |
| Unspecified vulnerability in the WBEM implementation in HP HP-UX 11.11 and 11.23 allows remote attackers to obtain access to diagnostic information via unknown vectors, a related issue to CVE-2012-0125. | |||||
| CVE-2012-0127 | 1 Hp | 1 Performance Manager | 2017-12-06 | 10.0 HIGH | N/A |
| Unspecified vulnerability in HP Performance Manager 9.00 allows remote attackers to execute arbitrary code via unknown vectors. | |||||
| CVE-2012-0125 | 1 Hp | 1 Hp-ux | 2017-12-06 | 3.3 LOW | N/A |
| Unspecified vulnerability in the WBEM implementation in HP HP-UX 11.31 allows local users to obtain access to diagnostic information via unknown vectors, a related issue to CVE-2012-0126. | |||||
| CVE-2012-3135 | 1 Oracle | 1 Fusion Middleware | 2017-12-01 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Oracle JRockit component in Oracle Fusion Middleware 28.2.3 and before, and 27.7.2 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | |||||
| CVE-2013-3011 | 1 Ibm | 1 Java | 2017-11-29 | 9.3 HIGH | N/A |
| Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM Java 1.4.2 before 1.4.2 SR13-FP18, 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 allows remote attackers to affect confidentiality, availability, and integrity via unknown vectors, a different vulnerability than CVE-2013-3009 and CVE-2013-3012. | |||||
| CVE-2013-3009 | 1 Ibm | 1 Java | 2017-11-29 | 9.3 HIGH | N/A |
| The com.ibm.CORBA.iiop.ClientDelegate class in IBM Java 1.4.2 before 1.4.2 SR13-FP18, 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 improperly exposes the invoke method of the java.lang.reflect.Method class, which allows remote attackers to call setSecurityManager and bypass a sandbox protection mechanism via vectors related to the AccessController doPrivileged block. | |||||
| CVE-2013-3012 | 1 Ibm | 1 Java | 2017-11-29 | 9.3 HIGH | N/A |
| Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM Java 1.4.2 before 1.4.2 SR13-FP18, 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 allows remote attackers to affect confidentiality, availability, and integrity via unknown vectors, a different vulnerability than CVE-2013-3009 and CVE-2013-3011. | |||||
| CVE-2017-13832 | 1 Apple | 1 Mac Os X | 2017-11-28 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "802.1X" component. It allows attackers to have an unspecified impact by leveraging TLS 1.0 support. | |||||
| CVE-2017-13846 | 1 Apple | 1 Mac Os X | 2017-11-28 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the third-party "PCRE" product. Versions before 8.40 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. | |||||
| CVE-2017-13815 | 1 Apple | 1 Mac Os X | 2017-11-27 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the third-party "file" product. Versions before 5.31 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. | |||||
| CVE-2017-16521 | 1 Inedo | 1 Buildmaster | 2017-11-27 | 7.5 HIGH | 9.8 CRITICAL |
| In Inedo BuildMaster before 5.8.2, XslTransform was used where XslCompiledTransform should have been used. | |||||
| CVE-2017-15535 | 1 Mongodb | 1 Mongodb | 2017-11-22 | 6.4 MEDIUM | 9.1 CRITICAL |
| MongoDB 3.4.x before 3.4.10, and 3.5.x-development, has a disabled-by-default configuration setting, networkMessageCompressors (aka wire protocol compression), which exposes a vulnerability when enabled that could be exploited by a malicious attacker to deny service or modify memory. | |||||
| CVE-2016-4366 | 1 Hp | 1 Systems Insight Manager | 2017-11-18 | 7.5 HIGH | 9.8 CRITICAL |
| HPE Systems Insight Manager (SIM) before 7.5.1 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unspecified vectors. | |||||
| CVE-2013-3754 | 1 Oracle | 1 Oracle And Sun Systems Product Suite | 2017-11-18 | 7.2 HIGH | N/A |
| Unspecified vulnerability in the Solaris Cluster component in Oracle and Sun Systems Products Suite 3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to HA for TimesTen. | |||||
| CVE-2013-3746 | 1 Oracle | 1 Oracle And Sun Systems Product Suite | 2017-11-18 | 7.2 HIGH | N/A |
| Unspecified vulnerability in the Solaris Cluster component in Oracle and Sun Systems Products Suite 3.2, 3.3, and 4 prior to 4.1 SRU 3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Zone Cluster Infrastructure. | |||||
| CVE-2013-3744 | 1 Oracle | 2 Jdk, Jre | 2017-11-18 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2400. | |||||
| CVE-2015-8322 | 1 Netapp | 1 Data Ontap | 2017-11-16 | 6.5 MEDIUM | 8.8 HIGH |
| NetApp OnCommand System Manager 8.3.x before 8.3.2 allows remote authenticated users to execute arbitrary code via unspecified vectors. | |||||
| CVE-2016-5047 | 1 Netapp | 1 Oncommand System Manager | 2017-11-16 | 4.0 MEDIUM | 6.5 MEDIUM |
| NetApp OnCommand System Manager 8.3.x before 8.3.2P5 allows remote authenticated users to cause a denial of service via unspecified vectors. | |||||
| CVE-2014-3511 | 1 Openssl | 1 Openssl | 2017-11-15 | 4.3 MEDIUM | N/A |
| The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 1.0.1 before 1.0.1i allows man-in-the-middle attackers to force the use of TLS 1.0 by triggering ClientHello message fragmentation in communication between a client and server that both support later TLS versions, related to a "protocol downgrade" issue. | |||||
| CVE-2012-1622 | 1 Apache | 1 Ofbiz | 2017-11-14 | 7.5 HIGH | 9.8 CRITICAL |
| Apache OFBiz 10.04.x before 10.04.02 allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2017-14351 | 1 Hp | 1 Ucmdb Configuration Manager | 2017-11-11 | 7.5 HIGH | 9.8 CRITICAL |
| A potential security vulnerability has been identified in HP UCMDB Configuration Manager versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.23. These vulnerabilities could be remotely exploited to allow code execution. | |||||
| CVE-2017-3260 | 1 Oracle | 2 Jdk, Jre | 2017-11-10 | 5.1 MEDIUM | 8.3 HIGH |
| Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 7u121 and 8u112. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). | |||||
| CVE-2017-10342 | 1 Oracle | 1 Java Advanced Management Console | 2017-11-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| Vulnerability in the Java Advanced Management Console component of Oracle Java SE (subcomponent: Server). The supported version that is affected is Java Advanced Management Console: 2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java Advanced Management Console. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java Advanced Management Console. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). | |||||
| CVE-2015-2575 | 3 Debian, Mysql, Suse | 5 Debian Linux, Mysql, Linux Enterprise Desktop and 2 more | 2017-11-10 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in the MySQL Connectors component in Oracle MySQL 5.1.34 and earlier allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Connector/J. | |||||
| CVE-2014-0379 | 1 Oracle | 2 Supply Chain Products Suite, Supply Chain Products Suite Sql-server | 2017-11-08 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 7.2.0.3 SQL-Server, 7.3.0.x, 7.3.1.x, 12.2.0, 12.2.1, and 12.2.2 allows remote attackers to affect integrity via unknown vectors related to DM Others. | |||||
| CVE-2016-3461 | 1 Oracle | 1 Mysql Enterprise Monitor | 2017-11-03 | 4.3 MEDIUM | 7.2 HIGH |
| Unspecified vulnerability in the MySQL Enterprise Monitor component in Oracle MySQL 3.0.25 and earlier and 3.1.2 and earlier allows remote administrators to affect confidentiality, integrity, and availability via vectors related to Monitoring: Server. | |||||
| CVE-2017-3294 | 1 Oracle | 1 Outside In Technology | 2017-11-03 | 5.0 MEDIUM | 7.5 HIGH |
| Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters ). Supported versions that are affected are 8.5.2 and 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS v3.0 Base Score 7.5 (Availability impacts). | |||||
| CVE-2016-4360 | 1 Hp | 2 Loadrunner, Performance Center | 2017-11-03 | 6.4 MEDIUM | 9.1 CRITICAL |
| web/admin/data.js in the Performance Center Virtual Table Server (VTS) component in HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.20 through patch 2, and 12.50 through patch 1 do not restrict file paths sent to an unlink call, which allows remote attackers to delete arbitrary files via the path parameter to data/import_csv, aka ZDI-CAN-3555. | |||||
| CVE-2017-10275 | 1 Oracle | 1 Solaris Ak | 2017-10-24 | 6.3 MEDIUM | 5.0 MEDIUM |
| Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: Filesystem). The supported version that is affected is AK 2013. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Sun ZFS Storage Appliance Kit (AK) executes to compromise Sun ZFS Storage Appliance Kit (AK). Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Sun ZFS Storage Appliance Kit (AK). CVSS 3.0 Base Score 5.0 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H). | |||||
| CVE-2017-10264 | 1 Oracle | 1 Siebel Ui Framework | 2017-10-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM (subcomponent: UIF Open UI). Supported versions that are affected are 16.0 and 17.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Siebel UI Framework. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). | |||||
| CVE-2017-10260 | 1 Oracle | 1 Integrated Lights Out Manager Firmware | 2017-10-24 | 7.8 HIGH | 7.5 HIGH |
| Vulnerability in the Oracle Integrated Lights Out Manager (ILOM) component of Oracle Sun Systems Products Suite (subcomponent: System Management). The supported version that is affected is Prior to 3.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Integrated Lights Out Manager (ILOM). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Integrated Lights Out Manager (ILOM). CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2016-8395 | 1 Linux | 1 Linux Kernel | 2017-10-19 | 7.1 HIGH | 4.7 MEDIUM |
| A denial of service vulnerability in the NVIDIA camera driver could enable an attacker to cause a local permanent denial of service, which may require reflashing the operating system to repair the device. This issue is rated as High due to the possibility of local permanent denial of service. Product: Android. Versions: Kernel-3.10. Android ID: A-31403040. References: N-CVE-2016-8395. | |||||