Filtered by vendor Oracle
Subscribe
Total
9252 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-3159 | 4 Debian, Fedoraproject, Oracle and 1 more | 4 Debian Linux, Fedora, Vm Server and 1 more | 2019-02-21 | 1.7 LOW | 3.8 LOW |
| The fpu_fxrstor function in arch/x86/i387.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-2076. | |||||
| CVE-2016-3614 | 2 Canonical, Oracle | 2 Ubuntu Linux, Mysql | 2019-02-21 | 3.5 LOW | 5.3 MEDIUM |
| Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Security: Encryption. | |||||
| CVE-2016-3501 | 2 Canonical, Oracle | 2 Ubuntu Linux, Mysql | 2019-02-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer. | |||||
| CVE-2016-3486 | 2 Canonical, Oracle | 2 Ubuntu Linux, Mysql | 2019-02-21 | 6.8 MEDIUM | 6.5 MEDIUM |
| Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: FTS. | |||||
| CVE-2016-3459 | 2 Mariadb, Oracle | 2 Mariadb, Mysql | 2019-02-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows remote administrators to affect availability via vectors related to Server: InnoDB. | |||||
| CVE-2016-0639 | 2 Oracle, Redhat | 2 Mysql, Enterprise Linux | 2019-02-19 | 10.0 HIGH | 9.8 CRITICAL |
| Unspecified vulnerability in Oracle MySQL 5.6.29 and earlier and 5.7.11 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Pluggable Authentication. | |||||
| CVE-2016-0592 | 2 Debian, Oracle | 2 Debian Linux, Vm Virtualbox | 2019-02-19 | 2.1 LOW | N/A |
| Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.36 and before 5.0.14 allows local users to affect availability via unknown vectors related to Core. | |||||
| CVE-2016-0495 | 2 Debian, Oracle | 2 Debian Linux, Vm Virtualbox | 2019-02-14 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.36 and 5.0.14 allows remote attackers to affect availability via unknown vectors related to Core. | |||||
| CVE-2015-8104 | 5 Canonical, Debian, Linux and 2 more | 6 Ubuntu Linux, Debian Linux, Linux Kernel and 3 more | 2019-02-13 | 4.7 MEDIUM | N/A |
| The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c. | |||||
| CVE-2015-4896 | 2 Debian, Oracle | 2 Debian Linux, Vm Virtualbox | 2019-02-12 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.0.34, 4.1.42, 4.2.34, 4.3.32, and 5.0.8, when a VM has the Remote Display feature (RDP) enabled, allows remote attackers to affect availability via unknown vectors related to Core. | |||||
| CVE-2015-4737 | 3 Canonical, Debian, Oracle | 4 Ubuntu Linux, Debian Linux, Mysql and 1 more | 2019-02-12 | 3.5 LOW | N/A |
| Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Pluggable Auth. | |||||
| CVE-2015-4813 | 2 Debian, Oracle | 2 Debian Linux, Vm Virtualbox | 2019-02-11 | 2.1 LOW | N/A |
| Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 4.0.34, 4.1.42, 4.2.34, 4.3.32, and 5.0.8, when using a Windows guest, allows local users to affect availability via unknown vectors related to Core. | |||||
| CVE-2018-20732 | 6 Hpe, Ibm, Linux and 3 more | 6 Hp-ux Ipfilter, Aix, Linux Kernel and 3 more | 2019-02-07 | 7.5 HIGH | 9.8 CRITICAL |
| SAS Web Infrastructure Platform before 9.4M6 allows remote attackers to execute arbitrary code via a Java deserialization variant. | |||||
| CVE-2015-2594 | 2 Debian, Oracle | 2 Debian Linux, Vm Virtualbox | 2019-02-05 | 6.6 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 4.0.32, 4.1.40, 4.2.32, and 4.3.30 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core. | |||||
| CVE-2018-20733 | 6 Hpe, Ibm, Linux and 3 more | 6 Hp-ux Ipfilter, Aix, Linux Kernel and 3 more | 2019-02-01 | 5.0 MEDIUM | 7.5 HIGH |
| BI Web Services in SAS Web Infrastructure Platform before 9.4M6 allows XXE. | |||||
| CVE-2015-9281 | 6 Hpe, Ibm, Linux and 3 more | 6 Hp-ux Ipfilter, Aix, Linux Kernel and 3 more | 2019-01-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| Logon Manager in SAS Web Infrastructure Platform before 9.4M3 allows reflected XSS on the Timeout page. | |||||
| CVE-2015-7940 | 3 Bouncycastle, Opensuse, Oracle | 7 Bouncy Castle Crypto Package, Leap, Opensuse and 4 more | 2019-01-16 | 5.0 MEDIUM | N/A |
| The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman (ECDH) key exchanges, aka an "invalid curve attack." | |||||
| CVE-2018-19439 | 1 Oracle | 1 Secure Global Desktop | 2019-01-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in the Administration Console in Oracle Secure Global Desktop 4.4 20080807152602 (but was fixed in later versions including 5.4). helpwindow.jsp has reflected XSS via all parameters, as demonstrated by the sgdadmin/faces/com_sun_web_ui/help/helpwindow.jsp windowTitle parameter. | |||||
| CVE-2018-19753 | 1 Oracle | 1 Tarantella Enterprise | 2018-12-26 | 5.0 MEDIUM | 7.5 HIGH |
| Tarantella Enterprise before 3.11 allows Directory Traversal. | |||||
| CVE-2018-16954 | 1 Oracle | 1 Webcenter Interaction | 2018-12-13 | 5.8 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3. The login function of the portal is vulnerable to insecure redirection (also called an open redirect). The in_hi_redirect parameter is not validated by the application after a successful login. NOTE: this CVE is assigned by MITRE and isn't validated by Oracle because Oracle WebCenter Interaction Portal is out of support. | |||||