Filtered by vendor Oracle
Subscribe
Total
9593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-1527 | 4 Fedoraproject, Google, Mozilla and 1 more | 4 Fedora, Android, Firefox and 1 more | 2016-11-17 | 5.0 MEDIUM | N/A |
| Mozilla Firefox before 29.0 on Android allows remote attackers to spoof the address bar via crafted JavaScript code that uses DOM events to prevent the reemergence of the actual address bar after scrolling has taken it off of the screen. | |||||
| CVE-2015-4496 | 2 Mozilla, Oracle | 2 Firefox, Solaris | 2016-11-15 | 9.3 HIGH | N/A |
| Multiple integer overflows in libstagefright in Mozilla Firefox before 38.0 allow remote attackers to execute arbitrary code via crafted sample metadata in an MPEG-4 video file, a related issue to CVE-2015-1538. | |||||
| CVE-2014-1506 | 3 Google, Mozilla, Oracle | 3 Android, Firefox, Solaris | 2016-11-15 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in Android Crash Reporter in Mozilla Firefox before 28.0 on Android allows attackers to trigger the transmission of local files to arbitrary servers, or cause a denial of service (application crash), via a crafted application that specifies Android Crash Reporter arguments. | |||||
| CVE-2014-1507 | 2 Mozilla, Oracle | 2 Firefoxos, Solaris | 2016-11-15 | 9.3 HIGH | N/A |
| Directory traversal vulnerability in the DeviceStorage API in Mozilla FirefoxOS before 1.2.2 allows attackers to bypass the media sandbox protection mechanism, and read or modify arbitrary files, via a crafted application that uses a relative pathname for a DeviceStorageFile object. | |||||
| CVE-2012-0577 | 1 Oracle | 1 Financial Services Software | 2016-11-04 | 3.5 LOW | N/A |
| Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software 10.0.0 through 10.5.0 and 11.0.0 through 11.4.0 allows remote authenticated users to affect availability via unknown vectors related to Core. | |||||
| CVE-2012-0576 | 1 Oracle | 1 Financial Services Software | 2016-11-04 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 6.0.1 and 6.2.0 allows remote authenticated users to affect integrity via unknown vectors related to Core-Help. | |||||
| CVE-2012-0579 | 1 Oracle | 1 Financial Services Software | 2016-11-04 | 3.5 LOW | N/A |
| Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software 10.0.0 through 10.5.0 and 11.0.0 through 11.4.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Core. | |||||
| CVE-2012-0573 | 1 Oracle | 1 Financial Services Software | 2016-11-04 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software 10.0.0 through 10.5.0 and 11.0.0 through 11.4.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Core. | |||||
| CVE-2012-0575 | 1 Oracle | 1 Financial Services Software | 2016-11-04 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software 10.0.0 through 10.5.0 and 11.0.0 through 11.2.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Core. | |||||
| CVE-2015-0973 | 3 Apple, Libpng, Oracle | 3 Mac Os X, Libpng, Solaris | 2016-10-20 | 7.5 HIGH | N/A |
| Buffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng before 1.5.21 and 1.6.x before 1.6.16 allows context-dependent attackers to execute arbitrary code via IDAT data with a large width, a different vulnerability than CVE-2014-9495. | |||||
| CVE-2005-4549 | 1 Oracle | 1 Application Server Discussion Forum Portlet | 2016-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Oracle Application Server (OracleAS) Discussion Forum Portlet allows remote attackers to inject arbitrary web script or HTML via the (1) RowKeyValue parameter in the PORTAL schema; and the (2) title and (3) content input fields when creating an forum article. | |||||
| CVE-2005-2983 | 1 Oracle | 1 Reports | 2016-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Oracle Reports that use Lexical References allows remote attackers to execute arbitrary SQL commands via the values in the parameter form that appears when the paramform parameter is set to yes. | |||||
| CVE-2005-2379 | 1 Oracle | 1 Reports | 2016-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Oracle Reports 9.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) debug parameter to showenv, (2) test parameter to parsequery, or (3) delimiter or (4) CELLWRAPPER parameter to rwservlet. | |||||
| CVE-2005-2372 | 1 Oracle | 1 Forms | 2016-10-18 | 7.2 HIGH | N/A |
| Oracle Forms 4.5 through 10g starts form executables from arbitrary directories and executes them as the Oracle or System user, which allows attackers to execute arbitrary code by uploading a malicious .fmx file and referencing it using an absolute pathname argument in the (1) form or (2) module parameters to f90servlet. | |||||
| CVE-2005-2291 | 1 Oracle | 1 Jdeveloper | 2016-10-18 | 4.6 MEDIUM | N/A |
| Oracle JDeveloper 9.0.4, 9.0.5, and 10.1.2 passes the cleartext password as a parameter when starting sqlplus, which allows local users to gain sensitive information. | |||||
| CVE-2005-1197 | 1 Oracle | 1 Database Server | 2016-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the SYS.DBMS_CDC_IPUBLISH.CREATE_SCN_CHANGE_SET procedure in Oracle Database Server 10g allows remote attackers to execute arbitrary SQL commands via the CHANGE_SET_NAME parameter. | |||||
| CVE-2005-0873 | 1 Oracle | 1 10g Reports Server | 2016-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in test.jsp in Oracle Reports Server 10g (9.0.4.3.3) allow remote attackers to inject arbitrary web script or HTML via the (1) desname or (2) repprod parameter. | |||||
| CVE-2005-0701 | 1 Oracle | 1 Database Server | 2016-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Oracle Database Server 8i and 9i allows remote attackers to read or rename arbitrary files via "\\.\\.." (modified dot dot backslash) sequences to UTL_FILE functions such as (1) UTL_FILE.FOPEN or (2) UTL_FILE.frename. | |||||
| CVE-2005-0297 | 1 Oracle | 1 Database Server | 2016-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Oracle Database 9i and 10g allows remote attackers to execute arbitrary SQL commands and gain privileges. | |||||
| CVE-2004-1367 | 1 Oracle | 9 Application Server, Collaboration Suite, E-business Suite and 6 more | 2016-10-18 | 4.4 MEDIUM | N/A |
| Oracle 10g Database Server, when installed with a password that contains an exclamation point ("!") for the (1) DBSNMP or (2) SYSMAN user, generates an error that logs the password in the world-readable postDBCreation.log file, which could allow local users to obtain that password and use it against SYS or SYSTEM accounts, which may have been installed with the same password. | |||||