Filtered by vendor Oracle
Subscriptions
Total
9762 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-15095 | 5 Debian, Fasterxml, Netapp and 2 more | 31 Debian Linux, Jackson-databind, Oncommand Balance and 28 more | 2024-09-16 | 9.8 Critical |
| A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used maliciously. | ||||
| CVE-2018-1257 | 3 Oracle, Redhat, Vmware | 32 Agile Product Lifecycle Management, Application Testing Suite, Big Data Discovery and 29 more | 2024-09-16 | 6.5 Medium |
| Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack. | ||||
| CVE-2018-3639 | 12 Arm, Canonical, Debian and 9 more | 330 Cortex-a, Ubuntu Linux, Debian Linux and 327 more | 2024-09-16 | 5.5 Medium |
| Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4. | ||||
| CVE-2021-32553 | 2 Canonical, Oracle | 2 Ubuntu Linux, Openjdk | 2024-09-16 | 7.3 High |
| It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-17 package apport hooks, it could expose private data to other local users. | ||||
| CVE-2017-6257 | 5 Freebsd, Linux, Microsoft and 2 more | 5 Freebsd, Kernel, Windows and 2 more | 2024-09-16 | N/A |
| NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where a NULL pointer dereference may lead to denial of service or potential escalation of privileges | ||||
| CVE-2020-5359 | 2 Dell, Oracle | 3 Bsafe Micro-edition-suite, Database, Weblogic Server Proxy Plug-in | 2024-09-16 | 5.8 Medium |
| Dell BSAFE Micro Edition Suite, versions prior to 4.5, are vulnerable to an Unchecked Return Value Vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability to modify and corrupt the encrypted data. | ||||
| CVE-2011-0795 | 1 Oracle | 1 Fusion Middleware | 2024-09-16 | N/A |
| Unspecified vulnerability in the Single Sign On component in Oracle Fusion Middleware 10.1.2.3 allows remote authenticated users to affect integrity via unknown vectors related to Administration and Monitoring. | ||||
| CVE-2021-23841 | 8 Apple, Debian, Netapp and 5 more | 27 Ipados, Iphone Os, Macos and 24 more | 2024-09-16 | 5.9 Medium |
| The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. The function X509_issuer_and_serial_hash() is never directly called by OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on certificates that may have been obtained from untrusted sources. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x). | ||||
| CVE-2002-1921 | 1 Oracle | 1 Mysql | 2024-09-16 | N/A |
| The default configuration of MySQL 3.20.32 through 3.23.52, when running on Windows, does set the bind address to the loopback interface, which allows remote attackers to connect to the database. | ||||
| CVE-2011-0854 | 1 Oracle | 1 Peoplesoft Enterprise Hrms | 2024-09-16 | N/A |
| Unspecified vulnerability in Oracle PeopleSoft Enterprise HRMS 9.1 Bundle #5 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to ePerformance. | ||||
| CVE-2011-0825 | 1 Oracle | 6 Enterpriseone Tools, Jd Edwards Enterpriseone, Jd Edwards Enterpriseone Ep and 3 more | 2024-09-16 | N/A |
| Unspecified vulnerability in Oracle JD Edwards EnterpriseOne Tools 8.9 GA through 8.98.4.1 and OneWorld Tools through 24.1.3 allows remote attackers to affect confidentiality, integrity, and availability, related to Enterprise Infrastructure SEC. | ||||
| CVE-2022-22318 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, Curam Social Program Management and 4 more | 2024-09-16 | 9.8 Critical |
| IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. | ||||
| CVE-2013-5828 | 1 Oracle | 3 Enterprise Manager Database Control, Enterprise Manager Grid Control, Enterprise Manager Plugin For Database Control | 2024-09-16 | N/A |
| Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5 and 11.1.0.1; EM DB Control 11.1.0.7, 11.2.0.2, and 11.2.0.3; and EM Plugin for DB 12.1.0.2 and 12.1.0.3 allows remote attackers to affect integrity via unknown vectors related to Storage Management. | ||||
| CVE-2017-5753 | 14 Arm, Canonical, Debian and 11 more | 396 Cortex-a12, Cortex-a12 Firmware, Cortex-a15 and 393 more | 2024-09-16 | 5.6 Medium |
| Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. | ||||
| CVE-2022-1292 | 6 Debian, Fedoraproject, Netapp and 3 more | 57 Debian Linux, Fedora, A250 and 54 more | 2024-09-16 | 9.8 Critical |
| The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n). Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd). | ||||
| CVE-2020-28500 | 4 Lodash, Oracle, Redhat and 1 more | 25 Lodash, Banking Corporate Lending Process Management, Banking Credit Facilities Process Management and 22 more | 2024-09-16 | 5.3 Medium |
| Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions. | ||||
| CVE-2003-1480 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2024-09-16 | N/A |
| MySQL 3.20 through 4.1.0 uses a weak algorithm for hashed passwords, which makes it easier for attackers to decrypt the password via brute force methods. | ||||
| CVE-2021-29754 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2024-09-16 | 8.8 High |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a privilege escalation vulnerability when using the SAML Web Inbound Trust Association Interceptor (TAI). IBM X-Force ID: 202006. | ||||
| CVE-2020-29505 | 2 Dell, Oracle | 3 Bsafe Crypto-c-micro-edition, Bsafe Micro-edition-suite, Retail Customer Insights | 2024-09-16 | 7.1 High |
| Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain a Key Management Error Vulnerability. | ||||
| CVE-2011-0827 | 1 Oracle | 2 Peoplesoft And Jdedwards Product Suite, Peoplesoft Enterprise | 2024-09-16 | N/A |
| Unspecified vulnerability in the PeopleSoft Enterprise component in Oracle PeopleSoft Products 8.50 GA through 8.50.17 and 8.51 GA through 8.51.07 allows remote authenticated users to affect integrity via unknown vectors related to PeopleTools. | ||||