VYPR

Vendor CVEs

Oracle Corporation

All CVEs

10,078 total · sorted by risk
  • CVE-2020-11113HigMar 31, 2020
    risk 0.51cvss 8.8epss 0.06

    FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).

  • CVE-2019-2690HigApr 23, 2019
    risk 0.51cvss 7.8epss 0.00

    Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.28 and prior to 6.0.6. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure…

  • CVE-2019-2657HigApr 23, 2019
    risk 0.51cvss 7.8epss 0.01

    Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.28 and prior to 6.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where…

  • CVE-2018-12179HigMar 27, 2019
    risk 0.51cvss 7.8epss 0.00

    Improper configuration in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access.

  • CVE-2019-2548HigJan 16, 2019
    risk 0.51cvss 7.8epss 0.01

    Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where…

  • CVE-2019-2526HigJan 16, 2019
    risk 0.51cvss 7.8epss 0.00

    Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure…

  • CVE-2019-2523HigJan 16, 2019
    risk 0.51cvss 7.8epss 0.00

    Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure…

  • CVE-2019-2522HigJan 16, 2019
    risk 0.51cvss 7.8epss 0.00

    Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure…

  • CVE-2019-2521HigJan 16, 2019
    risk 0.51cvss 7.8epss 0.00

    Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure…

  • CVE-2019-2520HigJan 16, 2019
    risk 0.51cvss 7.8epss 0.00

    Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure…

  • CVE-2019-2414HigJan 16, 2019
    risk 0.51cvss 7.8epss 0.00

    Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: Web Listener). The supported version that is affected is 12.2.1.3. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle HTTP…

  • CVE-2018-12174HigNov 14, 2018
    risk 0.51cvss 7.8epss 0.00

    Heap overflow in Intel Trace Analyzer 2018 in Intel Parallel Studio XE 2018 Update 3 may allow an authenticated user to potentially escalate privileges via local access.

  • CVE-2018-2569HigJan 18, 2018
    risk 0.51cvss 7.8epss 0.01

    Vulnerability in the Java ME SDK component of Oracle Java Micro Edition (subcomponent: Installer). The supported version that is affected is 8.3. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Java ME SDK executes to…

  • CVE-2017-3620HigApr 24, 2017
    risk 0.51cvss 7.8epss 0.00

    Vulnerability in the Automatic Service Request (ASR) component of Oracle Support Tools (subcomponent: ASR Manager). The supported version that is affected is Prior to 5.7. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where…

  • CVE-2017-3584HigApr 24, 2017
    risk 0.51cvss 7.8epss 0.00

    Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: RAS subsystems). The supported version that is affected is AK 2013. Difficult to exploit vulnerability allows low privileged attacker with logon to the…

  • CVE-2017-3581HigApr 24, 2017
    risk 0.51cvss 7.8epss 0.00

    Vulnerability in the Automatic Service Request (ASR) component of Oracle Support Tools (subcomponent: ASR Manager). The supported version that is affected is Prior to 5.7. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where…

  • CVE-2017-3565HigApr 24, 2017
    risk 0.51cvss 7.9epss 0.00

    Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: RBAC). The supported version that is affected is 11.3. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to…

  • CVE-2017-3559HigApr 24, 2017
    risk 0.51cvss 7.9epss 0.00

    Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure…

  • CVE-2017-3237HigApr 24, 2017
    risk 0.51cvss 7.8epss 0.00

    Vulnerability in the Automatic Service Request (ASR) component of Oracle Support Tools (subcomponent: ASR Manager). The supported version that is affected is Prior to 5.7. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where…

  • CVE-2017-3290HigJan 27, 2017
    risk 0.51cvss 7.9epss 0.00

    Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Shared Folder). Supported versions that are affected are VirtualBox prior to 5.0.32 and prior to 5.1.14. Easily exploitable vulnerability allows high privileged attacker with logon to the…

  • CVE-2016-5563HigOct 25, 2016
    risk 0.51cvss 7.9epss 0.01

    Unspecified vulnerability in the Oracle Hospitality OPERA 5 Property Services component in Oracle Hospitality Applications 5.4.0.0 through 5.4.3.0, 5.5.0.0, and 5.5.1.0 allows remote administrators to affect confidentiality, integrity, and availability via vectors related to…

  • CVE-2016-5544HigOct 25, 2016
    risk 0.51cvss 7.8epss 0.00

    Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect confidentiality, integrity, and availability via vectors related to Kernel/X86.

  • CVE-2016-5501HigOct 25, 2016
    risk 0.51cvss 7.8epss 0.00

    Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality, integrity, and availability via vectors related to Core, a different vulnerability than CVE-2016-5538.

  • CVE-2016-3945HigSep 21, 2016
    risk 0.51cvss 7.8epss 0.03

    Multiple integer overflows in the (1) cvt_by_strip and (2) cvt_by_tile functions in the tiff2rgba tool in LibTIFF 4.0.6 and earlier, when -b mode is enabled, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted TIFF image, which…

  • CVE-2016-6302HigSep 16, 2016
    risk 0.51cvss 7.5epss 0.26

    The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length, which allows remote attackers to cause a denial of service via a ticket that is too short.

  • CVE-2016-2181HigSep 16, 2016
    risk 0.51cvss 7.5epss 0.23

    The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large sequence number, which allows remote attackers to cause a denial of service (false-positive packet drops) via spoofed DTLS records,…

  • CVE-2016-2179HigSep 16, 2016
    risk 0.51cvss 7.5epss 0.27

    The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial of service (memory consumption) by maintaining many crafted DTLS sessions…

  • CVE-2016-6185HigAug 2, 2016
    risk 0.51cvss 7.8epss 0.01

    The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory.

  • CVE-2016-5472HigJul 21, 2016
    risk 0.51cvss 7.8epss 0.00

    Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 and 8.55 allows local users to affect confidentiality, integrity, and availability via vectors related to Install and Packaging.

  • CVE-2016-5126HigJun 1, 2016
    risk 0.51cvss 7.8epss 0.01

    Heap-based buffer overflow in the iscsi_aio_ioctl function in block/iscsi.c in QEMU allows local guest OS users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl call.

  • CVE-2016-4951HigMay 23, 2016
    risk 0.51cvss 7.8epss 0.01

    The tipc_nl_publ_dump function in net/tipc/socket.c in the Linux kernel through 4.6 does not verify socket existence, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a dumpit…

  • CVE-2016-4913HigMay 23, 2016
    risk 0.51cvss 7.8epss 0.01

    The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel before 4.5.5 mishandles NM (aka alternate name) entries containing \0 characters, which allows local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via…

  • CVE-2016-4805HigMay 23, 2016
    risk 0.51cvss 7.8epss 0.00

    Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel before 4.5.2 allows local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to…

  • CVE-2016-4556HigMay 10, 2016
    risk 0.51cvss 7.5epss 0.23

    Double free vulnerability in Esi.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via a crafted Edge Side Includes (ESI) response.

  • CVE-2016-3441HigApr 21, 2016
    risk 0.51cvss 7.8epss 0.00

    Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect confidentiality, integrity, and availability via vectors related to Filesystem.

  • CVE-2016-3418HigApr 21, 2016
    risk 0.51cvss 7.8epss 0.00

    Unspecified vulnerability in the DataStore component in Oracle Berkeley DB 11.2.5.0.32, 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, 12.1.6.0.35, and 12.1.6.1.26 allows local users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability…

  • CVE-2016-0694HigApr 21, 2016
    risk 0.51cvss 7.8epss 0.00

    Unspecified vulnerability in the DataStore component in Oracle Berkeley DB 11.2.5.0.32, 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, 12.1.6.0.35, and 12.1.6.1.26 allows local users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability…

  • CVE-2016-0692HigApr 21, 2016
    risk 0.51cvss 7.8epss 0.00

    Unspecified vulnerability in the DataStore component in Oracle Berkeley DB 11.2.5.0.32, 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, 12.1.6.0.35, and 12.1.6.1.26 allows local users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability…

  • CVE-2016-0689HigApr 21, 2016
    risk 0.51cvss 7.8epss 0.00

    Unspecified vulnerability in the DataStore component in Oracle Berkeley DB 11.2.5.0.32, 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, 12.1.6.0.35, and 12.1.6.1.26 allows local users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability…

  • CVE-2016-0682HigApr 21, 2016
    risk 0.51cvss 7.8epss 0.00

    Unspecified vulnerability in the DataStore component in Oracle Berkeley DB 11.2.5.0.32, 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, 12.1.6.0.35, and 12.1.6.1.26 allows local users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability…

  • CVE-2016-0681HigApr 21, 2016
    risk 0.51cvss 7.8epss 0.01

    Unspecified vulnerability in the Oracle OLAP component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows local users to affect confidentiality, integrity, and availability via unspecified vectors.

  • CVE-2002-0969HigOct 11, 2002
    risk 0.51cvss 7.8epss 0.01

    Buffer overflow in MySQL daemon (mysqld) before 3.23.50, and 4.0 beta before 4.02, on the Win32 platform, allows local users to execute arbitrary code via a long "datadir" parameter in the my.ini initialization file, whose permissions on Windows allow Full Control to the…

  • CVE-2026-46823HigMay 28, 2026
    risk 0.50cvss 7.7epss 0.00

    Vulnerability in the Oracle Public Sector Financials (International) product of Oracle E-Business Suite (component: Authorization). Supported versions that are affected are 12.2.6-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via…

  • CVE-2026-46821HigMay 28, 2026
    risk 0.50cvss 7.7epss 0.00

    Vulnerability in the Oracle Financials Common Modules product of Oracle E-Business Suite (component: Common Components). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to…

  • CVE-2023-21985HigApr 18, 2023
    risk 0.50cvss 7.7epss 0.00

    Vulnerability in the Oracle Solaris product of Oracle Systems (component: Utility). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise…

  • CVE-2023-21932HigApr 18, 2023
    risk 0.50cvss 7.2epss 0.45

    Vulnerability in the Oracle Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications (component: OXI). The supported version that is affected is 5.6. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to…

  • CVE-2022-34169HigJul 19, 2022
    risk 0.50cvss 7.5epss 0.18

    The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update…

  • CVE-2022-21382HigJan 19, 2022
    risk 0.50cvss 7.7epss 0.01

    Vulnerability in the Oracle Enterprise Session Border Controller product of Oracle Communications (component: WebUI). Supported versions that are affected are 8.4 and 9.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise…

  • CVE-2021-35653HigOct 20, 2021
    risk 0.50cvss 7.7epss 0.01

    Vulnerability in the Essbase Administration Services product of Oracle Essbase (component: EAS Console). The supported versions that are affected are Prior to 11.1.2.4.046 and Prior to 21.3. Easily exploitable vulnerability allows low privileged attacker with network access via…

  • CVE-2021-2189HigApr 22, 2021
    risk 0.50cvss 7.5epss 0.15

    Vulnerability in the Oracle Sales Offline product of Oracle E-Business Suite (component: Template). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to…

Page 27 of 202