VYPR

Vendor CVEs

Oracle Corporation

All CVEs

10,082 total · sorted by risk
  • CVE-2016-5557HigOct 25, 2016
    risk 0.53cvss 8.2epss 0.02

    Unspecified vulnerability in the Oracle Advanced Pricing component in Oracle E-Business Suite 12.1.1 through 12.1.3 and 12.2.3 through 12.2.6 allows remote attackers to affect confidentiality and integrity via unknown vectors.

  • CVE-2016-5518HigOct 25, 2016
    risk 0.53cvss 8.1epss 0.02

    Unspecified vulnerability in the Oracle Agile Engineering Data Management component in Oracle Supply Chain Products Suite 6.1.3.0 and 6.2.0.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to webfileservices.

  • CVE-2016-5503HigOct 25, 2016
    risk 0.53cvss 8.2epss 0.00

    Unspecified vulnerability in the Sun ZFS Storage Appliance Kit (AK) component in Oracle Sun Systems Products Suite AK 2013 allows local users to affect confidentiality, integrity, and availability via vectors related to Core Services.

  • CVE-2016-5491HigOct 25, 2016
    risk 0.53cvss 8.2epss 0.01

    Unspecified vulnerability in the Oracle Commerce Service Center component in Oracle Commerce 10.0.3.5 and 10.2.0.5 allows remote attackers to affect confidentiality and integrity via unknown vectors.

  • CVE-2016-5489HigOct 25, 2016
    risk 0.53cvss 8.2epss 0.02

    Unspecified vulnerability in the Oracle iStore component in Oracle E-Business Suite 12.1.1 through 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality and integrity via vectors related to Runtime Catalog.

  • CVE-2016-5482HigOct 25, 2016
    risk 0.53cvss 8.2epss 0.01

    Unspecified vulnerability in the Oracle Commerce Guided Search component in Oracle Commerce 6.2.2, 6.3.0, 6.4.1.2, and 6.5.0 through 6.5.2 allows remote attackers to affect confidentiality and integrity via unknown vectors.

  • CVE-2016-5465HigJul 21, 2016
    risk 0.53cvss 8.2epss 0.02

    Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote attackers to affect confidentiality and integrity via vectors related to Panel Processor.

  • CVE-2016-5451HigJul 21, 2016
    risk 0.53cvss 8.1epss 0.02

    Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote authenticated users to affect confidentiality and integrity via vectors related to EAI, a different vulnerability than CVE-2016-5468.

  • CVE-2016-3564HigJul 21, 2016
    risk 0.53cvss 8.1epss 0.05

    Unspecified vulnerability in the Oracle TopLink component in Oracle Fusion Middleware 12.1.3.0, 12.2.1.0, and 12.2.1.1 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JPA-RS.

  • CVE-2016-3552HigJul 21, 2016
    risk 0.53cvss 8.1epss 0.00

    Unspecified vulnerability in Oracle Java SE 8u92 allows local users to affect confidentiality, integrity, and availability via vectors related to Install.

  • CVE-2016-3536HigJul 21, 2016
    risk 0.53cvss 8.2epss 0.02

    Unspecified vulnerability in the Oracle Marketing component in Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Deliverables. NOTE: the previous information is from the July 2016 CPU. Oracle…

  • CVE-2016-3506HigJul 21, 2016
    risk 0.53cvss 8.1epss 0.04

    Unspecified vulnerability in the JDBC component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2; the Oracle Retail Xstore Point of Service 5.5, 6.0, 6.5, 7.0, 7.1, 15.0, and 16.0; the Oracle Retail Warehouse Management System 14.04, 14.1.3, and 15.0.1; the Oracle…

  • CVE-2016-3487HigJul 21, 2016
    risk 0.53cvss 8.1epss 0.05

    Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 11.1.1.8, and 12.2.1.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

  • CVE-2016-3477HigJul 21, 2016
    risk 0.53cvss 8.1epss 0.00

    Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows local users to affect confidentiality, integrity, and availability via vectors related to…

  • CVE-2016-5386HigJul 19, 2016
    risk 0.53cvss 8.1epss 0.05

    The net/http package in Go through 1.6 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to…

  • CVE-2016-4555HigMay 10, 2016
    risk 0.53cvss 7.5epss 0.54

    client_side_request.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via crafted Edge Side Includes (ESI) responses.

  • CVE-2016-3456HigApr 21, 2016
    risk 0.53cvss 8.2epss 0.01

    Unspecified vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul component in Oracle Supply Chain Products Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Dialog Box.

  • CVE-2016-3439HigApr 21, 2016
    risk 0.53cvss 8.2epss 0.02

    Unspecified vulnerability in the Oracle CRM Wireless component in Oracle E-Business Suite 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Call Phone Number Page.

  • CVE-2016-3438HigApr 21, 2016
    risk 0.53cvss 8.2epss 0.02

    Unspecified vulnerability in the Oracle Configurator component in Oracle Supply Chain Products Suite 12.0.6, 12.1, and 12.2 allows remote attackers to affect confidentiality and integrity via vectors related to JRAD Heartbeat. NOTE: the previous information is from the April…

  • CVE-2016-3437HigApr 21, 2016
    risk 0.53cvss 8.2epss 0.02

    Unspecified vulnerability in the Oracle CRM Wireless component in Oracle E-Business Suite 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Person Address Page.

  • CVE-2016-3436HigApr 21, 2016
    risk 0.53cvss 8.2epss 0.02

    Unspecified vulnerability in the Oracle Common Applications Calendar component in Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Tasks.

  • CVE-2016-1714HigApr 7, 2016
    risk 0.53cvss 8.1epss 0.06

    The (1) fw_cfg_write and (2) fw_cfg_read functions in hw/nvram/fw_cfg.c in QEMU before 2.4, when built with the Firmware Configuration device emulation support, allow guest OS users with the CAP_SYS_RAWIO privilege to cause a denial of service (out-of-bounds read or write access…

  • CVE-2016-0636HigMar 24, 2016
    risk 0.53cvss 8.1epss 0.06

    Unspecified vulnerability in Oracle Java SE 7u97, 8u73, and 8u74 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to the Hotspot sub-component.

  • CVE-2019-5436HigMay 28, 2019
    risk 0.52cvss 7.8epss 0.50

    A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.

  • CVE-2018-2601HigJan 18, 2018
    risk 0.52cvss 8.0epss 0.02

    Vulnerability in the Oracle Internet Directory component of Oracle Fusion Middleware (subcomponent: Oracle Directory Services Manager). Supported versions that are affected are 11.1.1.7.0, 11.1.1.9.0 and 12.2.1.3.0. Difficult to exploit vulnerability allows high privileged…

  • CVE-2016-8610HigNov 13, 2017
    risk 0.52cvss 7.5epss 0.40

    A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive…

  • CVE-2017-10403HigOct 19, 2017
    risk 0.52cvss 8.0epss 0.01

    Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications (subcomponent: iQuery). Supported versions that are affected are 8.5.1 and 9.0.0. Difficult to exploit vulnerability allows low privileged attacker with network access…

  • CVE-2016-2334HigDec 13, 2016
    risk 0.52cvss 7.8epss 0.15

    Heap-based buffer overflow in the NArchive::NHfs::CHandler::ExtractZlibFile method in 7zip before 16.00 and p7zip allows remote attackers to execute arbitrary code via a crafted HFS+ image.

  • CVE-2016-4957HigJul 5, 2016
    risk 0.52cvss 7.5epss 0.45

    ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-1547.

  • CVE-2016-2105HigMay 5, 2016
    risk 0.52cvss 7.5epss 0.40

    Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data.

  • CVE-2026-35266HigMay 28, 2026
    risk 0.51cvss 7.9epss 0.00

    Vulnerability in Oracle REST Data Services (component: Core). Supported versions that are affected are 24.2.0-26.1.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle REST Data Services. Successful attacks…

  • CVE-2026-35243HigApr 21, 2026
    risk 0.51cvss 7.8epss 0.00

    Vulnerability in the Oracle Application Development Framework (ADF) product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with logon to the…

  • CVE-2020-11113HigMar 31, 2020
    risk 0.51cvss 8.8epss 0.06

    FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).

  • CVE-2020-11112HigMar 31, 2020
    risk 0.51cvss 8.8epss 0.04

    FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).

  • CVE-2018-2569HigJan 18, 2018
    risk 0.51cvss 7.8epss 0.01

    Vulnerability in the Java ME SDK component of Oracle Java Micro Edition (subcomponent: Installer). The supported version that is affected is 8.3. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Java ME SDK executes to…

  • CVE-2017-3620HigApr 24, 2017
    risk 0.51cvss 7.8epss 0.00

    Vulnerability in the Automatic Service Request (ASR) component of Oracle Support Tools (subcomponent: ASR Manager). The supported version that is affected is Prior to 5.7. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where…

  • CVE-2017-3584HigApr 24, 2017
    risk 0.51cvss 7.8epss 0.00

    Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: RAS subsystems). The supported version that is affected is AK 2013. Difficult to exploit vulnerability allows low privileged attacker with logon to the…

  • CVE-2017-3581HigApr 24, 2017
    risk 0.51cvss 7.8epss 0.00

    Vulnerability in the Automatic Service Request (ASR) component of Oracle Support Tools (subcomponent: ASR Manager). The supported version that is affected is Prior to 5.7. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where…

  • CVE-2017-3565HigApr 24, 2017
    risk 0.51cvss 7.9epss 0.00

    Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: RBAC). The supported version that is affected is 11.3. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to…

  • CVE-2017-3559HigApr 24, 2017
    risk 0.51cvss 7.9epss 0.00

    Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure…

  • CVE-2017-3237HigApr 24, 2017
    risk 0.51cvss 7.8epss 0.00

    Vulnerability in the Automatic Service Request (ASR) component of Oracle Support Tools (subcomponent: ASR Manager). The supported version that is affected is Prior to 5.7. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where…

  • CVE-2017-3290HigJan 27, 2017
    risk 0.51cvss 7.9epss 0.00

    Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Shared Folder). Supported versions that are affected are VirtualBox prior to 5.0.32 and prior to 5.1.14. Easily exploitable vulnerability allows high privileged attacker with logon to the…

  • CVE-2016-5563HigOct 25, 2016
    risk 0.51cvss 7.9epss 0.01

    Unspecified vulnerability in the Oracle Hospitality OPERA 5 Property Services component in Oracle Hospitality Applications 5.4.0.0 through 5.4.3.0, 5.5.0.0, and 5.5.1.0 allows remote administrators to affect confidentiality, integrity, and availability via vectors related to…

  • CVE-2016-5544HigOct 25, 2016
    risk 0.51cvss 7.8epss 0.00

    Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect confidentiality, integrity, and availability via vectors related to Kernel/X86.

  • CVE-2016-5501HigOct 25, 2016
    risk 0.51cvss 7.8epss 0.00

    Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality, integrity, and availability via vectors related to Core, a different vulnerability than CVE-2016-5538.

  • CVE-2016-3945HigSep 21, 2016
    risk 0.51cvss 7.8epss 0.03

    Multiple integer overflows in the (1) cvt_by_strip and (2) cvt_by_tile functions in the tiff2rgba tool in LibTIFF 4.0.6 and earlier, when -b mode is enabled, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted TIFF image, which…

  • CVE-2016-6302HigSep 16, 2016
    risk 0.51cvss 7.5epss 0.26

    The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length, which allows remote attackers to cause a denial of service via a ticket that is too short.

  • CVE-2016-2181HigSep 16, 2016
    risk 0.51cvss 7.5epss 0.23

    The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large sequence number, which allows remote attackers to cause a denial of service (false-positive packet drops) via spoofed DTLS records,…

  • CVE-2016-2179HigSep 16, 2016
    risk 0.51cvss 7.5epss 0.27

    The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial of service (memory consumption) by maintaining many crafted DTLS sessions…

  • CVE-2016-6185HigAug 2, 2016
    risk 0.51cvss 7.8epss 0.01

    The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory.

Page 14 of 202