VYPR

Vendor CVEs

Oracle Corporation

All CVEs

10,010 total · sorted by risk
  • CVE-2018-2787MedApr 19, 2018
    risk 0.36cvss 5.5epss 0.03

    Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to…

  • CVE-2018-2786MedApr 19, 2018
    risk 0.36cvss 5.5epss 0.03

    Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.…

  • CVE-2018-8107MedMar 14, 2018
    risk 0.36cvss 5.5epss 0.01

    The JPXStream::close function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.

  • CVE-2018-7453MedFeb 24, 2018
    risk 0.36cvss 5.5epss 0.01

    Infinite recursion in AcroForm::scanField in AcroForm.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file due to lack of loop checking, as demonstrated by pdftohtml.

  • CVE-2018-2647MedJan 18, 2018
    risk 0.36cvss 5.5epss 0.02

    Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple…

  • CVE-2018-2577MedJan 18, 2018
    risk 0.36cvss 5.5epss 0.00

    Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to…

  • CVE-2017-10231MedAug 8, 2017
    risk 0.36cvss 5.5epss 0.00

    Vulnerability in the Oracle Hospitality Cruise AffairWhere component of Oracle Hospitality Applications (subcomponent: AWExport). The supported version that is affected is 2.2.05.062. Easily exploitable vulnerability allows low privileged attacker with logon to the…

  • CVE-2017-10219MedAug 8, 2017
    risk 0.36cvss 5.5epss 0.00

    Vulnerability in the Oracle Hospitality Guest Access component of Oracle Hospitality Applications (subcomponent: Base). Supported versions that are affected are 4.2.0.0 and 4.2.1.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure…

  • CVE-2017-10201MedAug 8, 2017
    risk 0.36cvss 5.5epss 0.00

    Vulnerability in the Oracle Hospitality e7 component of Oracle Hospitality Applications (subcomponent: Other). The supported version that is affected is 4.2.1. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle…

  • CVE-2017-10189MedAug 8, 2017
    risk 0.36cvss 5.5epss 0.00

    Vulnerability in the Hospitality Suite8 component of Oracle Hospitality Applications (subcomponent: Leisure). The supported version that is affected is 8.10.x. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Hospitality…

  • CVE-2017-10188MedAug 8, 2017
    risk 0.36cvss 5.5epss 0.00

    Vulnerability in the Hospitality Hotel Mobile component of Oracle Hospitality Applications (subcomponent: Suite 8/Android). The supported version that is affected is 1.01. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where…

  • CVE-2017-10169MedAug 8, 2017
    risk 0.36cvss 5.5epss 0.00

    Vulnerability in the Oracle Hospitality 9700 component of Oracle Hospitality Applications (subcomponent: Operation Security). The supported version that is affected is 4.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where…

  • CVE-2017-10056MedAug 8, 2017
    risk 0.36cvss 5.5epss 0.00

    Vulnerability in the Oracle Hospitality 9700 component of Oracle Hospitality Applications (subcomponent: Property Management Systems). The supported version that is affected is 4.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure…

  • CVE-2017-10011MedAug 8, 2017
    risk 0.36cvss 5.5epss 0.00

    Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Miscellaneous). Supported versions that are affected are 2.0.0, 2.0.1, 2.2.0 and 12.0.1. Easily exploitable vulnerability allows low privileged attacker with…

  • CVE-2017-3619MedApr 24, 2017
    risk 0.36cvss 5.5epss 0.00

    Vulnerability in the Automatic Service Request (ASR) component of Oracle Support Tools (subcomponent: ASR Manager). The supported version that is affected is Prior to 5.7. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where…

  • CVE-2017-3454MedApr 24, 2017
    risk 0.36cvss 5.5epss 0.02

    Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.7.17 and earlier. Easily "exploitable" vulnerability allows high privileged attacker with network access via multiple protocols to compromise…

  • CVE-2017-3232MedApr 24, 2017
    risk 0.36cvss 5.5epss 0.00

    Vulnerability in the Automatic Service Request (ASR) component of Oracle Support Tools (subcomponent: ASR Manager). The supported version that is affected is Prior to 5.7. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where…

  • CVE-2016-2518MedJan 30, 2017
    risk 0.36cvss 5.3epss 0.15

    The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value.

  • CVE-2016-7440MedDec 13, 2016
    risk 0.36cvss 5.5epss 0.00

    The C software implementation of AES Encryption and Decryption in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover AES keys by leveraging cache-bank timing differences.

  • CVE-2016-5608MedOct 25, 2016
    risk 0.36cvss 5.5epss 0.00

    Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect availability via vectors related to Core, a different vulnerability than CVE-2016-5613.

  • CVE-2016-5576MedOct 25, 2016
    risk 0.36cvss 5.5epss 0.00

    Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via vectors related to Kernel Zones.

  • CVE-2016-5517MedOct 25, 2016
    risk 0.36cvss 5.5epss 0.00

    Unspecified vulnerability in the Oracle Applications DBA component in Oracle E-Business Suite 12.1.3 allows local users to affect confidentiality via vectors related to AD Utilities.

  • CVE-2016-5505MedOct 25, 2016
    risk 0.36cvss 5.5epss 0.00

    Unspecified vulnerability in the RDBMS Programmable Interface component in Oracle Database Server 11.2.0.4 and 12.1.0.2 allows local users to affect confidentiality via unknown vectors.

  • CVE-2016-5486MedOct 25, 2016
    risk 0.36cvss 5.5epss 0.00

    Unspecified vulnerability in the Sun ZFS Storage Appliance Kit (AK) component in Oracle Sun Systems Products Suite AK 2013 allows local users to affect confidentiality via vectors related to Core Services.

  • CVE-2016-0617MedSep 30, 2016
    risk 0.36cvss 5.5epss 0.00

    Unspecified vulnerability in the kernel-uek component in Oracle Linux 6 allows local users to affect availability via unknown vectors.

  • CVE-2015-8922MedSep 20, 2016
    risk 0.36cvss 5.5epss 0.02

    The read_CodersInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted 7z file, related to the _7z_folder struct.

  • CVE-2016-6198MedAug 6, 2016
    risk 0.36cvss 5.5epss 0.01

    The filesystem layer in the Linux kernel before 4.5.5 proceeds with post-rename operations after an OverlayFS file is renamed to a self-hardlink, which allows local users to cause a denial of service (system crash) via a rename system call, related to fs/namei.c and fs/open.c.

  • CVE-2016-6197MedAug 6, 2016
    risk 0.36cvss 5.5epss 0.00

    fs/overlayfs/dir.c in the OverlayFS filesystem implementation in the Linux kernel before 4.6 does not properly verify the upper dentry before proceeding with unlink and rename system-call processing, which allows local users to cause a denial of service (system crash) via a…

  • CVE-2016-5265MedAug 5, 2016
    risk 0.36cvss 5.5epss 0.01

    Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow user-assisted remote attackers to bypass the Same Origin Policy, and conduct Universal XSS (UXSS) attacks or read arbitrary files, by arranging for the presence of a crafted HTML document and a crafted shortcut…

  • CVE-2016-5403MedAug 2, 2016
    risk 0.36cvss 5.5epss 0.01

    The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion.

  • CVE-2016-5471MedJul 21, 2016
    risk 0.36cvss 5.5epss 0.00

    Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via vectors related to Kernel, a different vulnerability than CVE-2016-3497 and CVE-2016-5469.

  • CVE-2016-5469MedJul 21, 2016
    risk 0.36cvss 5.5epss 0.00

    Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via vectors related to Kernel, a different vulnerability than CVE-2016-3497 and CVE-2016-5471.

  • CVE-2016-5452MedJul 21, 2016
    risk 0.36cvss 5.5epss 0.00

    Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect confidentiality via vectors related to Verified Boot.

  • CVE-2016-3597MedJul 21, 2016
    risk 0.36cvss 5.5epss 0.00

    Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 5.0.26 allows local users to affect availability via vectors related to Core.

  • CVE-2016-3497MedJul 21, 2016
    risk 0.36cvss 5.5epss 0.00

    Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via vectors related to Kernel, a different vulnerability than CVE-2016-5469 and CVE-2016-5471.

  • CVE-2016-3453MedJul 21, 2016
    risk 0.36cvss 5.5epss 0.00

    Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect availability via vectors related to Kernel.

  • CVE-2016-4956MedJul 5, 2016
    risk 0.36cvss 5.3epss 0.16

    ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broadcast packet. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-1548.

  • CVE-2016-4470MedJun 27, 2016
    risk 0.36cvss 5.5epss 0.01

    The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command.

  • CVE-2016-2178MedJun 20, 2016
    risk 0.36cvss 5.5epss 0.01

    The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack.

  • CVE-2016-4581MedMay 23, 2016
    risk 0.36cvss 5.5epss 0.01

    fs/pnode.c in the Linux kernel before 4.5.4 does not properly traverse a mount propagation tree in a certain case involving a slave mount, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted series of mount system calls.

  • CVE-2016-3712MedMay 11, 2016
    risk 0.36cvss 5.5epss 0.01

    Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode.

  • CVE-2016-3465MedApr 21, 2016
    risk 0.36cvss 5.5epss 0.00

    Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect availability via vectors related to ZFS.

  • CVE-2016-3462MedApr 21, 2016
    risk 0.36cvss 5.5epss 0.00

    Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via vectors related to Network Configuration Service.

  • CVE-2016-0666MedApr 21, 2016
    risk 0.36cvss 5.5epss 0.02

    Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to Security: Privileges.

  • CVE-2016-0665MedApr 21, 2016
    risk 0.36cvss 5.5epss 0.01

    Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier allows local users to affect availability via vectors related to Security: Encryption.

  • CVE-2016-0662MedApr 21, 2016
    risk 0.36cvss 5.5epss 0.01

    Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows local users to affect availability via vectors related to Partition.

  • CVE-2016-0659MedApr 21, 2016
    risk 0.36cvss 5.5epss 0.01

    Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows local users to affect availability via vectors related to Optimizer.

  • CVE-2016-0658MedApr 21, 2016
    risk 0.36cvss 5.5epss 0.01

    Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows local users to affect availability via vectors related to Optimizer.

  • CVE-2016-0657MedApr 21, 2016
    risk 0.36cvss 5.5epss 0.01

    Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows local users to affect confidentiality via vectors related to JSON.

  • CVE-2016-0656MedApr 21, 2016
    risk 0.36cvss 5.5epss 0.01

    Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows local users to affect availability via vectors related to InnoDB, a different vulnerability than CVE-2016-0654.

Page 72 of 201