Vulnerabilities (CVE)

Vendor filter

Oracle Subscribe

Filter

6114 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-3772 2 Pivotal Software, Oracle 2 Spring Integration, Retail Customer Management And Segmentation Foundation 2019-10-09 7.5
Spring Integration (spring-integration-xml and spring-integration-ws modules), versions 4.3.18, 5.0.10, 5.1.1, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.
CVE-2018-1656 3 Ibm, Redhat, Oracle 7 Java Sdk, Sdk, Satellite and 4 more 2019-10-09 4.3
The IBM Java Runtime Environment's Diagnostic Tooling Framework for Java (DTFJ) (IBM SDK, Java Technology Edition 6.0 , 7.0, and 8.0) does not protect against path traversal attacks when extracting compressed dump files. IBM X-Force ID: 144882.
CVE-2018-12539 2 Eclipse, Oracle 2 Openj9, Enterprise Manager Base Platform 2019-10-09 4.6
In Eclipse OpenJ9 version 0.8, users other than the process owner may be able to use Java Attach API to connect to an Eclipse OpenJ9 or IBM JVM on the same machine and use Attach API operations, which includes the ability to execute untrusted...
CVE-2018-10933 6 Libssh, Canonical, Debian and 3 more 8 Libssh, Ubuntu Linux, Debian Linux and 5 more 2019-10-09 6.4
A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access.
CVE-2016-9583 3 Jasper Project, Redhat, Oracle 9 Jasper, Enterprise Linux, Enterprise Linux Desktop and 6 more 2019-10-09 6.8
An out-of-bounds heap read vulnerability was found in the jpc_pi_nextpcrl() function of jasper before 2.0.6 when processing crafted input.
CVE-2015-4000 12 Google, Openssl, Apple and 9 more 25 Safari, Network Security Services, Ie and 22 more 2019-10-09 4.3
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a...
CVE-2014-3566 11 Openssl, Apple, Redhat and 8 more 21 Vios, Suse Linux Enterprise Software Development Kit, Aix and 18 more 2019-10-09 4.3
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.
CVE-2013-0169 3 Openssl, Oracle, Polarssl 3 Polarssl, Openjdk, Openssl 2019-10-09 2.6
The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC...
CVE-2012-0508 1 Oracle 1 Javafx 2019-10-09 10.0
Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX, 1.3.0 and earlier, and 1.2.2 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
CVE-2008-2594 1 Oracle 1 Oracle Application Server 2019-10-09 6.4
Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 10.1.2.3 and 10.1.4.2 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-2593.
CVE-2008-2593 1 Oracle 2 Application Server 10g, Oracle Portal Component 2019-10-09 4.3
Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 10.1.2.3 and 10.1.4.2 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-2594.
CVE-2007-5533 1 Oracle 1 Peoplesoft Enterprise 2019-10-09 6.5
Unspecified vulnerability in the People Tools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.47.14, 8.48.13, 8.49.05 has unknown impact and remote attack vectors, aka PSE02.
CVE-2007-5532 1 Oracle 1 Peoplesoft Enterprise 2019-10-09 7.5
Unspecified vulnerability in the People Tools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.22.17, 8.47.14, 8.48.13, 8.49.05 has unknown impact and remote attack vectors, aka PSE01.
CVE-2007-5531 1 Oracle 3 Database Server, Enterprise Manager, Application Server 2019-10-09 10.0
Unspecified vulnerability in Oracle Help for Web, as used in Oracle Application Server, Oracle Database 10.2.0.3, and Enterprise Manager 10.1.0.6, has unknown impact and remote attack vectors, aka EM02.
CVE-2004-0835 3 Mysql, Debian, Oracle 3 Mysql, Debian Linux, Mysql 2019-10-07 7.5
MySQL 3.x before 3.23.59, 4.x before 4.0.19, 4.1.x before 4.1.2, and 5.x before 5.0.1, checks the CREATE/INSERT rights of the original table instead of the target table in an ALTER TABLE RENAME operation, which could allow attackers to conduct...
CVE-2012-1696 3 Mysql, Oracle, Sun 6 Mysql, Mysql Community Server, Mysql and 3 more 2019-10-07 4.0
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.19 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
CVE-2012-3166 2 Mysql, Oracle 2 Mysql, Mysql 2019-10-07 4.0
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
CVE-2012-3177 2 Mysql, Oracle 2 Mysql, Mysql 2019-10-07 6.8
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server.
CVE-2006-4226 2 Mysql, Oracle 2 Mysql, Mysql 2019-10-07 3.6
MySQL before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when run on case-sensitive filesystems, allows remote authenticated users to create or access a database when the database name differs only in case from a database for which they...
CVE-2012-1697 2 Mysql, Oracle 2 Mysql, Mysql 2019-10-07 4.0
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.