Filtered by vendor Oracle
Subscribe
Total
9593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-4614 | 4 Ibm, Linux, Microsoft and 1 more | 5 Mq, Mq Appliance, Linux Kernel and 2 more | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM MQ and IBM MQ Appliance 8.0 and 9.0 LTS client connecting to a Queue Manager could cause a SIGSEGV denial of service caused by converting an invalid message. IBM X-Force ID: 168639. | |||||
| CVE-2020-14639 | 1 Oracle | 1 Weblogic Server | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Sample apps). Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). | |||||
| CVE-2020-14542 | 1 Oracle | 1 Solaris | 2021-07-21 | 2.1 LOW | 3.3 LOW |
| Vulnerability in the Oracle Solaris product of Oracle Systems (component: libsuri). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Solaris accessible data. CVSS 3.1 Base Score 3.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). | |||||
| CVE-2020-14635 | 1 Oracle | 1 Application Object Library | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: Logging). Supported versions that are affected are 12.2.5-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Application Object Library accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). | |||||
| CVE-2020-14548 | 1 Oracle | 1 Business Intelligence | 2021-07-21 | 2.1 LOW | 3.4 LOW |
| Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web General). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 3.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N). | |||||
| CVE-2020-2838 | 1 Oracle | 1 Customer Relationship Management Gateway For Mobile Devices | 2021-07-21 | 5.0 MEDIUM | 8.6 HIGH |
| Vulnerability in the Oracle CRM Gateway for Mobile Devices product of Oracle E-Business Suite (component: Setup of Mobile Applications). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Gateway for Mobile Devices. While the vulnerability is in Oracle CRM Gateway for Mobile Devices, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle CRM Gateway for Mobile Devices accessible data. CVSS 3.0 Base Score 8.6 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N). | |||||
| CVE-2019-4656 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, Mq and 5 more | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD is vulnerable to a denial of service attack that would allow an authenticated user to crash the queue and require a restart due to an error processing error messages. IBM X-Force ID: 170967. | |||||
| CVE-2020-14636 | 1 Oracle | 1 Weblogic Server | 2021-07-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Sample apps). Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). | |||||
| CVE-2019-4568 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, Mq and 4 more | 2021-07-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM MQ and IBM MQ Appliance 8.0 and 9.0 LTS could allow a remote attacker with intimate knowledge of the server to cause a denial of service when receiving data on the channel. IBM X-Force ID: 166629. | |||||
| CVE-2020-14544 | 1 Oracle | 1 Transportation Management | 2021-07-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Vulnerability in the Oracle Transportation Management product of Oracle Supply Chain (component: Data, Domain & Function Security). The supported version that is affected is 6.4.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Transportation Management. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Transportation Management accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). | |||||
| CVE-2020-9314 | 1 Oracle | 1 Iplanet Web Server | 2021-07-21 | 4.9 MEDIUM | 4.8 MEDIUM |
| ** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** Oracle iPlanet Web Server 7.0.x allows image injection in the Administration console via the productNameSrc parameter to an admingui URI. This issue exists because of an incomplete fix for CVE-2012-0516. NOTE: a related support policy can be found in the www.oracle.com references attached to this CVE. | |||||
| CVE-2020-2907 | 2 Opensuse, Oracle | 2 Leap, Vm Virtualbox | 2021-07-21 | 4.6 MEDIUM | 7.5 HIGH |
| Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H). | |||||
| CVE-2020-2864 | 1 Oracle | 1 Isupplier Portal | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Vulnerability in the Oracle iSupplier Portal product of Oracle E-Business Suite (component: Accounts). Supported versions that are affected are 12.1.3 and 12.2.5-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iSupplier Portal. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle iSupplier Portal accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). | |||||
| CVE-2020-14571 | 1 Oracle | 1 Bi Publisher | 2021-07-21 | 6.4 MEDIUM | 7.2 HIGH |
| Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Mobile Service). Supported versions that are affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle BI Publisher. While the vulnerability is in Oracle BI Publisher, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle BI Publisher accessible data as well as unauthorized read access to a subset of Oracle BI Publisher accessible data. CVSS 3.1 Base Score 7.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N). | |||||
| CVE-2020-2575 | 1 Oracle | 1 Vm Virtualbox | 2021-07-21 | 4.4 MEDIUM | 7.5 HIGH |
| Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H). | |||||
| CVE-2020-4299 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, I and 4 more | 2021-07-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.1 could expose sensitive information to a user through a specially crafted HTTP request. IBM X-Force ID: 176606. | |||||
| CVE-2020-2583 | 7 Canonical, Debian, Mcafee and 4 more | 24 Ubuntu Linux, Debian Linux, Epolicy Orchestrator and 21 more | 2021-07-21 | 4.3 MEDIUM | 3.7 LOW |
| Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). | |||||
| CVE-2020-2889 | 1 Oracle | 1 Customer Relationship Management Technical Foundation | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle CRM Technical Foundation accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). | |||||
| CVE-2016-4953 | 5 Ntp, Opensuse, Oracle and 2 more | 15 Ntp, Leap, Opensuse and 12 more | 2021-07-16 | 5.0 MEDIUM | 7.5 HIGH |
| ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time. | |||||
| CVE-2009-0983 | 1 Oracle | 1 Application Server | 2021-07-13 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the Portal component in Oracle Application Server 10.1.2.3 and 10.1.4.2 allows remote attackers to affect integrity via unknown vectors, a different vulnerability than CVE-2009-0974 and CVE-2009-3407. | |||||