Filtered by vendor Oracle
Subscribe
Search
Total
8935 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-14543 | 1 Oracle | 1 Hospitality Reporting And Analytics | 2020-07-17 | 4.4 MEDIUM | 7.3 HIGH |
| Vulnerability in the Oracle Hospitality Reporting and Analytics product of Oracle Food and Beverage Applications (component: Installation). The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Hospitality Reporting and Analytics executes to compromise Oracle Hospitality Reporting and Analytics. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality Reporting and Analytics. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H). | |||||
| CVE-2020-14587 | 1 Oracle | 1 Peoplesoft Products | 2020-07-17 | 5.5 MEDIUM | 5.4 MEDIUM |
| Vulnerability in the PeopleSoft Enterprise FIN Expenses product of Oracle PeopleSoft (component: Expenses). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FIN Expenses. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise FIN Expenses accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise FIN Expenses accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N). | |||||
| CVE-2020-14582 | 1 Oracle | 1 Istore | 2020-07-17 | 4.3 MEDIUM | 8.2 HIGH |
| Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: User Registration). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iStore, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iStore accessible data as well as unauthorized update, insert or delete access to some of Oracle iStore accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). | |||||
| CVE-2020-14584 | 1 Oracle | 1 Bi Publisher | 2020-07-17 | 4.3 MEDIUM | 8.2 HIGH |
| Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: BI Publisher Security). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle BI Publisher, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle BI Publisher accessible data as well as unauthorized update, insert or delete access to some of Oracle BI Publisher accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). | |||||
| CVE-2020-14585 | 1 Oracle | 1 Bi Publisher | 2020-07-17 | 4.3 MEDIUM | 8.2 HIGH |
| Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Mobile Service). Supported versions that are affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle BI Publisher, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle BI Publisher accessible data as well as unauthorized update, insert or delete access to some of Oracle BI Publisher accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). | |||||
| CVE-2020-14580 | 1 Oracle | 1 Communications Applications | 2020-07-17 | 6.0 MEDIUM | 8.2 HIGH |
| Vulnerability in the Oracle Communications Session Border Controller product of Oracle Communications Applications (component: System Admin). Supported versions that are affected are 8.1.0, 8.2.0 and 8.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via SSH to compromise Oracle Communications Session Border Controller. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Communications Session Border Controller, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Session Border Controller accessible data as well as unauthorized update, insert or delete access to some of Oracle Communications Session Border Controller accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Session Border Controller. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L). | |||||
| CVE-2020-14537 | 1 Oracle | 1 Solaris | 2020-07-17 | 4.7 MEDIUM | 5.5 MEDIUM |
| Vulnerability in the Oracle Solaris product of Oracle Systems (component: Packaging Scripts). The supported version that is affected is 11. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:N/I:N/A:H). | |||||
| CVE-2020-14549 | 1 Oracle | 1 Primavera Portfolio Management | 2020-07-17 | 4.0 MEDIUM | 5.9 MEDIUM |
| Vulnerability in the Primavera Portfolio Management product of Oracle Construction and Engineering (component: Web Server). Supported versions that are affected are 16.1.0.0-16.1.5.1, 18.0.0.0-18.0.2.0 and 19.0.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Primavera Portfolio Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Primavera Portfolio Management accessible data as well as unauthorized update, insert or delete access to some of Primavera Portfolio Management accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N). | |||||
| CVE-2020-14541 | 1 Oracle | 1 Hyperion Financial Close Management | 2020-07-17 | 2.1 LOW | 2.0 LOW |
| Vulnerability in the Hyperion Financial Close Management product of Oracle Hyperion (component: Close Manager). The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion Financial Close Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Hyperion Financial Close Management accessible data. CVSS 3.1 Base Score 2.0 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N). | |||||
| CVE-2020-2971 | 1 Oracle | 1 Application Express | 2020-07-17 | 4.9 MEDIUM | 5.4 MEDIUM |
| Vulnerability in the Oracle Application Express component of Oracle Database Server. Supported versions that are affected are 5.1-19.2. Easily exploitable vulnerability allows low privileged attacker having SQL Workshop privilege with network access via HTTP to compromise Oracle Application Express. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Express accessible data as well as unauthorized read access to a subset of Oracle Application Express accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). | |||||
| CVE-2020-14605 | 1 Oracle | 1 Financial Services Analytical Applications Infrastructure | 2020-07-17 | 4.0 MEDIUM | 6.5 MEDIUM |
| Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 8.0.6-8.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.1 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N). | |||||
| CVE-2020-14606 | 1 Oracle | 1 Sd-wan Edge | 2020-07-17 | 10.0 HIGH | 10.0 CRITICAL |
| Vulnerability in the Oracle SD-WAN Edge product of Oracle Communications Applications (component: User Interface). Supported versions that are affected are 8.2 and 9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle SD-WAN Edge. While the vulnerability is in Oracle SD-WAN Edge, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle SD-WAN Edge. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). | |||||
| CVE-2020-14546 | 1 Oracle | 1 Hyperion Financial Close Management | 2020-07-16 | 2.1 LOW | 4.2 MEDIUM |
| Vulnerability in the Hyperion Financial Close Management product of Oracle Hyperion (component: Close Manager). The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion Financial Close Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Hyperion Financial Close Management accessible data. CVSS 3.1 Base Score 4.2 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N). | |||||
| CVE-2020-14613 | 1 Oracle | 1 Webcenter Sites | 2020-07-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: Advanced User Interface). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Sites, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebCenter Sites accessible data as well as unauthorized read access to a subset of Oracle WebCenter Sites accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). | |||||
| CVE-2020-14615 | 1 Oracle | 1 Financial Services Analytical Applications Infrastructure | 2020-07-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 8.0.6-8.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Analytical Applications Infrastructure, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Analytical Applications Infrastructure accessible data as well as unauthorized read access to a subset of Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). | |||||
| CVE-2020-14610 | 1 Oracle | 1 Applications Framework | 2020-07-16 | 3.5 LOW | 7.6 HIGH |
| Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Attachments / File Upload). The supported version that is affected is 12.2.9. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Applications Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Applications Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Applications Framework accessible data as well as unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data. CVSS 3.1 Base Score 7.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N). | |||||
| CVE-2020-14607 | 1 Oracle | 1 Fusion Middleware Mapviewer | 2020-07-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| Vulnerability in the Oracle Fusion Middleware MapViewer product of Oracle Fusion Middleware (component: Tile Server). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Fusion Middleware MapViewer. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Fusion Middleware MapViewer, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Fusion Middleware MapViewer accessible data as well as unauthorized read access to a subset of Oracle Fusion Middleware MapViewer accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). | |||||
| CVE-2020-14609 | 1 Oracle | 1 Business Intelligence | 2020-07-16 | 7.5 HIGH | 8.6 HIGH |
| Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web Answers). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L). | |||||
| CVE-2020-14616 | 1 Oracle | 1 Food And Beverage Applications | 2020-07-16 | 4.0 MEDIUM | 2.7 LOW |
| Vulnerability in the Oracle Hospitality Reporting and Analytics product of Oracle Food and Beverage Applications (component: Reporting). The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Hospitality Reporting and Analytics. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Hospitality Reporting and Analytics accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N). | |||||
| CVE-2020-14612 | 1 Oracle | 1 Peoplesoft Enterprise Human Capital Management Candidate Gateway | 2020-07-16 | 5.5 MEDIUM | 5.4 MEDIUM |
| Vulnerability in the PeopleSoft Enterprise HRMS product of Oracle PeopleSoft (component: Time and Labor). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise HRMS. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise HRMS accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise HRMS accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N). | |||||
| CVE-2020-14611 | 1 Oracle | 1 Webcenter Portal | 2020-07-16 | 7.5 HIGH | 8.6 HIGH |
| Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Composer). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Portal. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebCenter Portal accessible data as well as unauthorized read access to a subset of Oracle WebCenter Portal accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle WebCenter Portal. CVSS 3.1 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L). | |||||
| CVE-2016-1181 | 2 Apache, Oracle | 3 Struts, Banking Platform, Portal | 2020-07-15 | 6.8 MEDIUM | 8.1 HIGH |
| ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles multithreaded access to an ActionForm instance, which allows remote attackers to execute arbitrary code or cause a denial of service (unexpected memory access) via a multipart request, a related issue to CVE-2015-0899. | |||||
| CVE-2017-3571 | 1 Oracle | 1 Peoplesoft Ebill Payment | 2020-07-01 | 6.5 MEDIUM | 6.5 MEDIUM |
| Vulnerability in the PeopleSoft Enterprise SCM eBill Payment component of Oracle PeopleSoft Products (subcomponent: Security). The supported version that is affected is 9.2. Easily "exploitable" vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise SCM eBill Payment. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise SCM eBill Payment accessible data as well as unauthorized access to critical data or complete access to all PeopleSoft Enterprise SCM eBill Payment accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N). | |||||
| CVE-2015-3253 | 2 Apache, Oracle | 6 Groovy, Health Sciences Clinical Development Center, Retail Order Broker Cloud Service and 3 more | 2020-06-24 | 7.5 HIGH | 9.8 CRITICAL |
| The MethodClosure class in runtime/MethodClosure.java in Apache Groovy 1.7.0 through 2.4.3 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted serialized object. | |||||
| CVE-2020-4320 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Mq and 3 more | 2020-06-23 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM MQ Appliance and IBM MQ AMQP Channels 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD do not correctly block or allow clients based on the certificate distinguished name SSLPEER setting. IBM X-Force ID: 177403. | |||||
| CVE-2020-4310 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, Mq and 4 more | 2020-06-20 | 5.0 MEDIUM | 7.5 HIGH |
| IBM MQ and MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 C are vulnerable to a denial of service attack due to an error within the Data Conversion logic. IBM X-Force ID: 177081. | |||||
| CVE-2015-7703 | 5 Debian, Netapp, Ntp and 2 more | 13 Debian Linux, Clustered Data Ontap, Data Ontap and 10 more | 2020-06-18 | 4.3 MEDIUM | 7.5 HIGH |
| The "pidfile" or "driftfile" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, when ntpd is configured to allow remote configuration, allows remote attackers with an IP address that is allowed to send configuration requests, and with knowledge of the remote configuration password to write to arbitrary files via the :config command. | |||||
| CVE-2016-4957 | 5 Novell, Ntp, Opensuse and 2 more | 9 Suse Manager, Ntp, Leap and 6 more | 2020-06-18 | 5.0 MEDIUM | 7.5 HIGH |
| ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-1547. | |||||
| CVE-2015-7702 | 5 Debian, Netapp, Ntp and 2 more | 13 Debian Linux, Clustered Data Ontap, Data Ontap and 10 more | 2020-06-18 | 4.0 MEDIUM | 6.5 MEDIUM |
| The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750. | |||||
| CVE-2015-7701 | 5 Debian, Netapp, Ntp and 2 more | 13 Debian Linux, Clustered Data Ontap, Data Ontap and 10 more | 2020-06-18 | 5.0 MEDIUM | 7.5 HIGH |
| Memory leak in the CRYPTO_ASSOC function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (memory consumption). | |||||
| CVE-2015-7692 | 5 Debian, Netapp, Ntp and 2 more | 13 Debian Linux, Clustered Data Ontap, Data Ontap and 10 more | 2020-06-18 | 5.0 MEDIUM | 7.5 HIGH |
| The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750. | |||||
| CVE-2015-7691 | 5 Debian, Netapp, Ntp and 2 more | 13 Debian Linux, Clustered Data Ontap, Data Ontap and 10 more | 2020-06-18 | 5.0 MEDIUM | 7.5 HIGH |
| The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted packets containing particular autokey operations. NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750. | |||||
| CVE-2014-9750 | 4 Debian, Ntp, Oracle and 1 more | 6 Debian Linux, Ntp, Linux and 3 more | 2020-06-18 | 5.8 MEDIUM | N/A |
| ntp_crypto.c in ntpd in NTP 4.x before 4.2.8p1, when Autokey Authentication is enabled, allows remote attackers to obtain sensitive information from process memory or cause a denial of service (daemon crash) via a packet containing an extension field with an invalid value for the length of its value field. | |||||
| CVE-2015-7852 | 5 Debian, Netapp, Ntp and 2 more | 14 Debian Linux, Clustered Data Ontap, Data Ontap and 11 more | 2020-06-18 | 4.3 MEDIUM | 5.9 MEDIUM |
| ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted mode 6 response packets. | |||||
| CVE-2020-2801 | 1 Oracle | 1 Weblogic Server | 2020-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. Note: The patch for this issue will address the vulnerability only if the WLS instance is using JDK 1.7.0_191 or later, or JDK 1.8.0_181 or later. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). | |||||
| CVE-2018-2839 | 3 Canonical, Netapp, Oracle | 7 Ubuntu Linux, Oncommand Insight, Oncommand Unified Manager and 4 more | 2020-06-16 | 4.0 MEDIUM | 4.9 MEDIUM |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2020-2585 | 1 Oracle | 2 Jdk, Jre | 2020-06-15 | 4.3 MEDIUM | 5.9 MEDIUM |
| Vulnerability in the Java SE product of Oracle Java SE (component: JavaFX). The supported version that is affected is Java SE: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N). | |||||
| CVE-2020-2883 | 1 Oracle | 1 Weblogic Server | 2020-06-04 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). | |||||
| CVE-2015-3646 | 2 Openstack, Oracle | 2 Keystone, Solaris | 2020-06-02 | 4.0 MEDIUM | N/A |
| OpenStack Identity (Keystone) before 2014.1.5 and 2014.2.x before 2014.2.4 logs the backend_argument configuration option content, which allows remote authenticated users to obtain passwords and other sensitive backend information by reading the Keystone logs. | |||||
| CVE-2015-7546 | 2 Openstack, Oracle | 3 Keystone, Keystonemiddleware, Solaris | 2020-06-02 | 6.0 MEDIUM | 7.5 HIGH |
| The identity service in OpenStack Identity (Keystone) before 2015.1.3 (Kilo) and 8.0.x before 8.0.2 (Liberty) and keystonemiddleware (formerly python-keystoneclient) before 1.5.4 (Kilo) and Liberty before 2.3.3 does not properly invalidate authorization tokens when using the PKI or PKIZ token providers, which allows remote authenticated users to bypass intended access restrictions and gain access to cloud resources by manipulating byte fields within a revoked token. | |||||
| CVE-2020-2767 | 2 Netapp, Oracle | 7 Active Iq Unified Manager, E-series Santricity Os Controller, Snapmanager and 4 more | 2020-06-02 | 5.8 MEDIUM | 4.8 MEDIUM |
| Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N). | |||||
| CVE-2020-2778 | 2 Netapp, Oracle | 7 Active Iq Unified Manager, E-series Santricity Os Controller, Snapmanager and 4 more | 2020-06-02 | 4.3 MEDIUM | 3.7 LOW |
| Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). | |||||
| CVE-2020-2798 | 1 Oracle | 1 Weblogic Server | 2020-05-26 | 6.5 MEDIUM | 7.2 HIGH |
| Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Web Services). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). | |||||
| CVE-2020-2828 | 1 Oracle | 1 Weblogic Server | 2020-05-26 | 5.0 MEDIUM | 7.5 HIGH |
| Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Web Services). The supported version that is affected is 10.3.6.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). | |||||
| CVE-2020-2915 | 1 Oracle | 1 Coherence | 2020-05-26 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching, CacheStore, Invocation). Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle Coherence. Successful attacks of this vulnerability can result in takeover of Oracle Coherence. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). | |||||
| CVE-2020-2884 | 1 Oracle | 1 Weblogic Server | 2020-05-26 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). | |||||
| CVE-2020-2963 | 1 Oracle | 1 Weblogic Server | 2020-05-26 | 6.5 MEDIUM | 7.2 HIGH |
| Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). | |||||
| CVE-2014-9584 | 7 Canonical, Debian, Linux and 4 more | 19 Ubuntu Linux, Debian Linux, Linux Kernel and 16 more | 2020-05-21 | 2.1 LOW | N/A |
| The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sensitive information from kernel memory via a crafted iso9660 image. | |||||
| CVE-2015-0239 | 5 Canonical, Debian, Linux and 2 more | 7 Ubuntu Linux, Debian Linux, Linux Kernel and 4 more | 2020-05-21 | 4.4 MEDIUM | N/A |
| The em_sysenter function in arch/x86/kvm/emulate.c in the Linux kernel before 3.18.5, when the guest OS lacks SYSENTER MSR initialization, allows guest OS users to gain guest OS privileges or cause a denial of service (guest OS crash) by triggering use of a 16-bit code segment for emulation of a SYSENTER instruction. | |||||
| CVE-2014-9644 | 4 Canonical, Debian, Linux and 1 more | 4 Ubuntu Linux, Debian Linux, Linux Kernel and 1 more | 2020-05-21 | 2.1 LOW | N/A |
| The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a parenthesized module template expression in the salg_name field, as demonstrated by the vfat(aes) expression, a different vulnerability than CVE-2013-7421. | |||||