Filtered by vendor Oracle
Subscribe
Total
9622 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-4762 | 1 Oracle | 1 E-business Suite | 2016-12-24 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Applications DBA component in Oracle E-Business Suite 12.2.3 and 12.2.4 allows remote authenticated users to affect confidentiality via unknown vectors related to Online patching. | |||||
| CVE-2015-4730 | 1 Oracle | 1 Mysql | 2016-12-24 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in Oracle MySQL 5.6.20 and earlier allows remote authenticated users to affect availability via unknown vectors related to Types. | |||||
| CVE-2015-3988 | 2 Openstack, Oracle | 2 Horizon, Solaris | 2016-12-24 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2015.1.0 allow remote authenticated users to inject arbitrary web script or HTML via the metadata to a (1) Glance image, (2) Nova flavor or (3) Host Aggregate. | |||||
| CVE-2015-3219 | 3 Debian, Openstack, Oracle | 3 Debian Linux, Horizon, Solaris | 2016-12-24 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in OpenStack Dashboard (Horizon) 2014.2 before 2014.2.4 and 2015.1.x before 2015.1.1 allows remote attackers to inject arbitrary web script or HTML via the description parameter in a heat template, which is not properly handled in the help_text attribute in the Field class. | |||||
| CVE-2015-3200 | 3 Hp, Lighttpd, Oracle | 3 Virtual Customer Access System, Lighttpd, Solaris | 2016-12-24 | 5.0 MEDIUM | 7.5 HIGH |
| mod_auth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a basic HTTP authentication string without a colon character, as demonstrated by a string containing a NULL and new line character. | |||||
| CVE-2015-2642 | 1 Oracle | 1 Solaris | 2016-12-24 | 4.4 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Gzip. | |||||
| CVE-2015-2633 | 1 Oracle | 1 Enterprise Manager Grid Control | 2016-12-24 | 3.6 LOW | N/A |
| Unspecified vulnerability in the Enterprise Manager Ops Center component in Oracle Enterprise Manager Grid Control 12.1.0.1 and 12.2.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Ops Center. | |||||
| CVE-2015-2608 | 1 Oracle | 1 Communications Applications | 2016-12-24 | 10.0 HIGH | N/A |
| Unspecified vulnerability in (1) the Oracle Communications Diameter Signaling Router (DSR) component in Oracle Communications Applications 4.1.6 and earlier, 5.1.0 and earlier, 6.0.2 and earlier, and 7.1.0 and earlier; (2) the Oracle Communications Performance Intelligence Center Software component in Oracle Communications Applications 9.0.3 and earlier and 10.1.5 and earlier; (3) the Oracle Communications Policy Management component in Oracle Communications Applications 9.9.0 and earlier, 10.5.0 and earlier, 11.5.0 and earlier, and 12.1.0 and earlier; and (4) the Oracle Communications Tekelec HLR Router component in Oracle Communications Applications 4.0.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to PMAC. | |||||
| CVE-2016-0618 | 1 Oracle | 1 Solaris | 2016-12-22 | 1.4 LOW | N/A |
| Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality via unknown vectors related to Zones. | |||||
| CVE-2016-0492 | 1 Oracle | 1 Application Testing Suite | 2016-12-22 | 6.4 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Load Testing for Web Apps, a different vulnerability than CVE-2016-0488. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a directory traversal vulnerability in the isAllowedUrl function, which allows remote attackers to bypass authentication via directory traversal sequences following a URI entry that does not require authentication, as demonstrated by olt/Login.do/../../olt/UploadFileUpload.do. | |||||
| CVE-2016-0489 | 1 Oracle | 1 Application Testing Suite | 2016-12-22 | 6.5 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Test Manager for Web Apps. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a directory traversal vulnerability in the ActionServlet servlet, which allows remote authenticated users to upload and execute arbitrary files via directory traversal sequences in the tempfilename parameter in a ReportImage action. | |||||
| CVE-2016-0491 | 1 Oracle | 1 Application Testing Suite | 2016-12-22 | 6.4 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect integrity and availability via unknown vectors related to Load Testing for Web Apps. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that the UploadFileAction servlet allows remote authenticated users to upload and execute arbitrary files via an * (asterisk) character in the fileType parameter. | |||||
| CVE-2016-0488 | 1 Oracle | 1 Application Testing Suite | 2016-12-22 | 6.4 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Load Testing for Web Apps, a different vulnerability than CVE-2016-0492. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a directory traversal vulnerability in the isAllowedUrl function in the admin pages, which allows remote attackers to bypass authentication and gain administrator access via directory traversal sequences following a URI entry that does not require authentication. | |||||
| CVE-2016-0490 | 1 Oracle | 1 Application Testing Suite | 2016-12-22 | 6.4 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Test Manager for Web Apps, a different vulnerability than CVE-2016-0487. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a directory traversal vulnerability in the UploadServlet servlet, which allows remote attackers to upload and execute arbitrary files via directory traversal sequences in a filename header. | |||||
| CVE-2016-0485 | 1 Oracle | 1 Application Testing Suite | 2016-12-22 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality via unknown vectors related to Test Manager for Web Apps, a different vulnerability than CVE-2016-0480, CVE-2016-0481, CVE-2016-0482, and CVE-2016-0486. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a directory traversal vulnerability in the DownloadServlet servlet, which allows remote attackers to read arbitrary files via directory traversal sequences in the reportName parameter. | |||||
| CVE-2016-0487 | 1 Oracle | 1 Application Testing Suite | 2016-12-22 | 6.4 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Test Manager for Web Apps, a different vulnerability than CVE-2016-0490. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a directory traversal vulnerability in the process method in the ActionServlet servlet, which allows remote attackers to bypass authentication via directory traversal sequences following an unspecified URI string. | |||||
| CVE-2016-0486 | 1 Oracle | 1 Application Testing Suite | 2016-12-22 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality via unknown vectors related to Test Manager for Web Apps, a different vulnerability than CVE-2016-0480, CVE-2016-0481, CVE-2016-0482, and CVE-2016-0485. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a directory traversal vulnerability in the DownloadServlet servlet, which allows remote attackers to read arbitrary files via directory traversal sequences in the exportFileName parameter. | |||||
| CVE-2015-4745 | 1 Oracle | 1 Fusion Middleware | 2016-12-22 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the Oracle Endeca Information Discovery Studio component in Oracle Fusion Middleware 2.2.2, 2.3, 2.4, 3.0, and 3.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Integrator, a different vulnerability than CVE-2015-2602, CVE-2015-2603, CVE-2015-2604, CVE-2015-2605, and CVE-2015-2606. | |||||
| CVE-2015-2606 | 1 Oracle | 1 Fusion Middleware | 2016-12-22 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the Oracle Endeca Information Discovery Studio component in Oracle Fusion Middleware 2.2.2, 2.3, 2.4, 3.0, and 3.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Integrator, a different vulnerability than CVE-2015-2602, CVE-2015-2603, CVE-2015-2604, CVE-2015-2605, and CVE-2015-4745. | |||||
| CVE-2015-2605 | 1 Oracle | 1 Fusion Middleware | 2016-12-22 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the Oracle Endeca Information Discovery Studio component in Oracle Fusion Middleware 2.2.2, 2.3, 2.4, 3.0, and 3.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Integrator, a different vulnerability than CVE-2015-2602, CVE-2015-2603, CVE-2015-2604, CVE-2015-2606, and CVE-2015-4745. | |||||