VYPR

Vendor CVEs

Oracle Corporation

All CVEs

10,063 total · sorted by risk
  • CVE-2017-3531HigApr 24, 2017
    risk 0.47cvss 7.2epss 0.02

    Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Servlet Runtime). Supported versions that are affected are 12.1.3.0, 12.2.1.0, 12.2.1.1 and 12.2.1.2. Easily "exploitable" vulnerability allows unauthenticated attacker with network…

  • CVE-2017-3486HigApr 24, 2017
    risk 0.47cvss 7.2epss 0.00

    Vulnerability in the SQL*Plus component of Oracle Database Server. Supported versions that are affected are 11.2.0.4 and 12.1.0.2. Difficult to exploit vulnerability allows high privileged attacker having Local Logon privilege with logon to the infrastructure where SQL*Plus…

  • CVE-2016-5590HigJan 27, 2017
    risk 0.47cvss 7.2epss 0.02

    Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Agent). Supported versions that are affected are 3.1.3.7856 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via TLS to compromise…

  • CVE-2016-5539HigOct 25, 2016
    risk 0.47cvss 7.3epss 0.01

    Unspecified vulnerability in the Oracle Retail Xstore Payment component in Oracle Retail Applications 1.x allows local users to affect confidentiality, integrity, and availability via unknown vectors.

  • CVE-2016-3483HigJul 21, 2016
    risk 0.47cvss 7.2epss 0.03

    Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote attackers to affect confidentiality and availability via vectors related to File Processing.

  • CVE-2016-1181HigJul 4, 2016
    risk 0.47cvss 8.1epss 0.13

    ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles multithreaded access to an ActionForm instance, which allows remote attackers to execute arbitrary code or cause a denial of service (unexpected memory access) via a multipart request, a related issue to…

  • CVE-2016-3461HigApr 21, 2016
    risk 0.47cvss 7.2epss 0.02

    Unspecified vulnerability in the MySQL Enterprise Monitor component in Oracle MySQL 3.0.25 and earlier and 3.1.2 and earlier allows remote administrators to affect confidentiality, integrity, and availability via vectors related to Monitoring: Server.

  • CVE-2016-0777MedJan 14, 2016
    risk 0.47cvss 6.5epss 0.63

    The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.

  • CVE-2023-21980HigApr 18, 2023
    risk 0.46cvss 7.1epss 0.01

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs). Supported versions that are affected are 5.7.41 and prior and 8.0.32 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols…

  • CVE-2023-21896HigApr 18, 2023
    risk 0.46cvss 7.0epss 0.00

    Vulnerability in the Oracle Solaris product of Oracle Systems (component: NSSwitch). Supported versions that are affected are 10 and 11. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to…

  • CVE-2022-21593HigOct 18, 2022
    risk 0.46cvss 7.1epss 0.01

    Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: OHS Config MBeans). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to…

  • CVE-2022-21544HigJul 19, 2022
    risk 0.46cvss 7.1epss 0.01

    Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.1-12.4, 14.0-14.3 and 14.5. Difficult to exploit vulnerability allows low privileged attacker with…

  • CVE-2022-21351HigJan 19, 2022
    risk 0.46cvss 7.1epss 0.01

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL…

  • CVE-2022-21278HigJan 19, 2022
    risk 0.46cvss 7.1epss 0.01

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL…

  • CVE-2021-35619HigOct 20, 2021
    risk 0.46cvss 7.1epss 0.01

    Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 19c and 21c. Difficult to exploit vulnerability allows low privileged attacker having Create Procedure privilege with network access via Oracle Net to…

  • CVE-2021-35610HigOct 20, 2021
    risk 0.46cvss 7.1epss 0.02

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL…

  • CVE-2021-41617HigSep 26, 2021
    risk 0.46cvss 7.0epss 0.02

    sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with…

  • CVE-2021-2454HigJul 21, 2021
    risk 0.46cvss 7.0epss 0.00

    Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.24. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox…

  • CVE-2021-2287HigApr 22, 2021
    risk 0.46cvss 7.1epss 0.00

    Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox…

  • CVE-2021-2286HigApr 22, 2021
    risk 0.46cvss 7.1epss 0.00

    Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox…

  • CVE-2021-2285HigApr 22, 2021
    risk 0.46cvss 7.1epss 0.00

    Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox…

  • CVE-2021-2284HigApr 22, 2021
    risk 0.46cvss 7.1epss 0.00

    Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox…

  • CVE-2021-2283HigApr 22, 2021
    risk 0.46cvss 7.1epss 0.00

    Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox…

  • CVE-2021-2282HigApr 22, 2021
    risk 0.46cvss 7.1epss 0.00

    Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox…

  • CVE-2021-2281HigApr 22, 2021
    risk 0.46cvss 7.1epss 0.00

    Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox…

  • CVE-2021-2280HigApr 22, 2021
    risk 0.46cvss 7.1epss 0.00

    Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox…

  • CVE-2021-23840HigFeb 16, 2021
    risk 0.46cvss 7.5epss 0.51

    Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will…

  • CVE-2020-36183HigJan 7, 2021
    risk 0.46cvss 8.1epss 0.05

    FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.

  • CVE-2020-14843HigOct 21, 2020
    risk 0.46cvss 7.1epss 0.01

    Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Actions). Supported versions that are affected are 5.5.0.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated…

  • CVE-2020-14807HigOct 21, 2020
    risk 0.46cvss 7.1epss 0.01

    Vulnerability in the Oracle Hospitality Suite8 product of Oracle Hospitality Applications (component: WebConnect). Supported versions that are affected are 8.10.2 and 8.11-8.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to…

  • CVE-2020-14780HigOct 21, 2020
    risk 0.46cvss 7.1epss 0.01

    Vulnerability in the BI Publisher product of Oracle Fusion Middleware (component: BI Publisher Security). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network…

  • CVE-2020-14766HigOct 21, 2020
    risk 0.46cvss 7.1epss 0.01

    Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web Administration). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows…

  • CVE-2020-16969HigOct 16, 2020
    risk 0.46cvss 7.1epss 0.03

    An information disclosure vulnerability exists in how Microsoft Exchange validates tokens when handling certain messages. An attacker who successfully exploited the vulnerability could use this to gain further information from a user. To exploit the vulnerability, an…

  • CVE-2020-2984HigJul 15, 2020
    risk 0.46cvss 7.1epss 0.01

    Vulnerability in the Oracle Configuration Manager product of Oracle Enterprise Manager (component: Discovery and collection script). The supported version that is affected is 12.1.2.0.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP…

  • CVE-2020-2983HigJul 15, 2020
    risk 0.46cvss 7.1epss 0.01

    Vulnerability in the Oracle Data Masking and Subsetting product of Oracle Enterprise Manager (component: Data Masking). Supported versions that are affected are 13.3.0.0 and 13.4.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to…

  • CVE-2020-2982HigJul 15, 2020
    risk 0.46cvss 7.1epss 0.01

    Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). Supported versions that are affected are 13.3.0.0 and 13.4.0.0. Easily exploitable vulnerability allows low privileged attacker with network…

  • CVE-2020-2981HigJul 15, 2020
    risk 0.46cvss 7.0epss 0.00

    Vulnerability in the Data Store component of Oracle Berkeley DB. The supported version that is affected is Prior to 18.1.40. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store.…

  • CVE-2020-14709HigJul 15, 2020
    risk 0.46cvss 7.1epss 0.01

    Vulnerability in the Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Card). Supported versions that are affected are 16.0, 17.0 and 18.0. Easily exploitable vulnerability allows low privileged attacker with network access via…

  • CVE-2020-14691HigJul 15, 2020
    risk 0.46cvss 7.1epss 0.01

    Vulnerability in the Oracle Financial Services Liquidity Risk Management product of Oracle Financial Services Applications (component: User Interface). The supported version that is affected is 8.0.6. Easily exploitable vulnerability allows low privileged attacker with network…

  • CVE-2020-14602HigJul 15, 2020
    risk 0.46cvss 7.1epss 0.01

    Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 8.0.6-8.1.0. Easily exploitable vulnerability allows low privileged…

  • CVE-2020-14570HigJul 15, 2020
    risk 0.46cvss 7.1epss 0.01

    Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Mobile Service). Supported versions that are affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP…

  • CVE-2020-14060HigJun 14, 2020
    risk 0.46cvss 8.1epss 0.09

    FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).

  • CVE-2020-14062HigJun 14, 2020
    risk 0.46cvss 8.1epss 0.08

    FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).

  • CVE-2020-2964HigApr 15, 2020
    risk 0.46cvss 7.1epss 0.01

    Vulnerability in the Oracle Financial Services Data Foundation product of Oracle Financial Services Applications (component: User Interface). Supported versions that are affected are 8.0.6 - 8.0.9. Easily exploitable vulnerability allows low privileged attacker with network…

  • CVE-2020-2945HigApr 15, 2020
    risk 0.46cvss 7.1epss 0.01

    Vulnerability in the Oracle Financial Services Deposit Insurance Calculations for Liquidity Risk Management product of Oracle Financial Services Applications (component: User Interfaces). Supported versions that are affected are 8.0.7 and 8.0.8. Easily exploitable vulnerability…

  • CVE-2020-2943HigApr 15, 2020
    risk 0.46cvss 7.1epss 0.01

    Vulnerability in the Oracle Financial Services Liquidity Risk Measurement and Management product of Oracle Financial Services Applications (component: User Interface). Supported versions that are affected are 8.0.7 and 8.0.8. Easily exploitable vulnerability allows low…

  • CVE-2020-2942HigApr 15, 2020
    risk 0.46cvss 7.1epss 0.01

    Vulnerability in the Oracle Financial Services Price Creation and Discovery product of Oracle Financial Services Applications (component: User Interface). The supported version that is affected is 8.0.7. Easily exploitable vulnerability allows low privileged attacker with…

  • CVE-2020-2941HigApr 15, 2020
    risk 0.46cvss 7.1epss 0.01

    Vulnerability in the Oracle Financial Services Funds Transfer Pricing product of Oracle Financial Services Applications (component: User Interface). Supported versions that are affected are 8.0.6 and 8.0.7. Easily exploitable vulnerability allows low privileged attacker with…

  • CVE-2020-2940HigApr 15, 2020
    risk 0.46cvss 7.1epss 0.01

    Vulnerability in the Oracle Financial Services Profitability Management product of Oracle Financial Services Applications (component: User Interface). Supported versions that are affected are 8.0.6 and 8.0.7. Easily exploitable vulnerability allows low privileged attacker with…

  • CVE-2020-2939HigApr 15, 2020
    risk 0.46cvss 7.1epss 0.01

    Vulnerability in the Oracle Financial Services Asset Liability Management product of Oracle Financial Services Applications (component: User Interface). Supported versions that are affected are 8.0.6 and 8.0.7. Easily exploitable vulnerability allows low privileged attacker with…

Page 38 of 202