Filtered by vendor Oracle
Subscriptions
Total
9762 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2017-15707 | 3 Apache, Netapp, Oracle | 12 Struts, Oncommand Balance, Agile Plm Framework and 9 more | 2024-09-16 | N/A |
In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an outdated JSON-lib library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted JSON payload. | ||||
CVE-2002-2345 | 1 Oracle | 1 Application Server | 2024-09-16 | N/A |
Oracle 9i Application Server 9.0.2 stores the web cache administrator interface password in plaintext, which allows remote attackers to gain access. | ||||
CVE-2011-3573 | 1 Oracle | 1 Communications Unified | 2024-09-16 | N/A |
Unspecified vulnerability in Oracle Communications Unified 7.0 allows remote authenticated users to affect availability via unknown vectors related to Calendar Server. | ||||
CVE-2012-1712 | 1 Oracle | 1 Glassfish Web Space Server10.0 | 2024-09-16 | N/A |
Directory traversal vulnerability in the Liferay component in Oracle Sun GlassFish Web Space Server before 10.0 Update 7 Patch 2 has unknown impact and attack vectors. | ||||
CVE-2011-0847 | 1 Oracle | 1 Sun Products Suite | 2024-09-16 | N/A |
Unspecified vulnerability in the OpenSSO Enterprise and Sun Java System Access Manager components in Oracle Sun Products Suite 7.1 and 8.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Authentication. | ||||
CVE-2011-0789 | 1 Oracle | 1 Fusion Middleware | 2024-09-16 | N/A |
Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 10.1.2.3 allows remote attackers to affect integrity via unknown vectors. | ||||
CVE-2021-38926 | 6 Hp, Ibm, Linux and 3 more | 7 Hp-ux, Aix, Db2 and 4 more | 2024-09-16 | 5.5 Medium |
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to gain privileges due to allowing modification of columns of existing tasks. IBM X-Force ID: 210321. | ||||
CVE-2021-29777 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Db2 and 3 more | 2024-09-16 | 6.5 Medium |
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5, under specific circumstance of a table being dropped while being accessed in another session, could allow an authenticated user to cause a denial of srevice IBM X-Force ID: 203031. | ||||
CVE-2020-4320 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Mq and 3 more | 2024-09-16 | 6.5 Medium |
IBM MQ Appliance and IBM MQ AMQP Channels 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD do not correctly block or allow clients based on the certificate distinguished name SSLPEER setting. IBM X-Force ID: 177403. | ||||
CVE-2021-20354 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2024-09-16 | 7.5 High |
IBM WebSphere Application Server 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 194883. | ||||
CVE-2021-29723 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, Linux On Ibm Z and 5 more | 2024-09-16 | 7.5 High |
IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-ForceID: 201100. | ||||
CVE-2011-0793 | 1 Oracle | 1 Database Server | 2024-09-16 | N/A |
Unspecified vulnerability in the Database Vault component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.1 allows remote authenticated users to affect integrity and availability, related to SYSDBA. | ||||
CVE-2019-3778 | 2 Oracle, Pivotal Software | 2 Banking Corporate Lending, Spring Security Oauth | 2024-09-16 | 6.5 Medium |
Spring Security OAuth, versions 2.3 prior to 2.3.5, and 2.2 prior to 2.2.4, and 2.1 prior to 2.1.4, and 2.0 prior to 2.0.17, and older unsupported versions could be susceptible to an open redirector attack that can leak an authorization code. A malicious user or attacker can craft a request to the authorization endpoint using the authorization code grant type, and specify a manipulated redirection URI via the "redirect_uri" parameter. This can cause the authorization server to redirect the resource owner user-agent to a URI under the control of the attacker with the leaked authorization code. This vulnerability exposes applications that meet all of the following requirements: Act in the role of an Authorization Server (e.g. @EnableAuthorizationServer) and uses the DefaultRedirectResolver in the AuthorizationEndpoint. This vulnerability does not expose applications that: Act in the role of an Authorization Server and uses a different RedirectResolver implementation other than DefaultRedirectResolver, act in the role of a Resource Server only (e.g. @EnableResourceServer), act in the role of a Client only (e.g. @EnableOAuthClient). | ||||
CVE-2021-23450 | 3 Debian, Linuxfoundation, Oracle | 5 Debian Linux, Dojo, Communications Policy Management and 2 more | 2024-09-16 | 7.5 High |
All versions of package dojo are vulnerable to Prototype Pollution via the setObject function. | ||||
CVE-2011-0859 | 1 Oracle | 1 Peoplesoft Enterprise Hrms | 2024-09-16 | N/A |
Unspecified vulnerability in Oracle PeopleSoft Enterprise HRMS 9.0 Tax Update 11-B and 9.1 Tax Update 11-B allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Global Payroll - North America. | ||||
CVE-2021-20579 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Db2 and 3 more | 2024-09-16 | 6.5 Medium |
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a user who can create a view or inline SQL function to obtain sensitive information when AUTO_REVAL is set to DEFFERED_FORCE. IBM X-Force ID: 199283. | ||||
CVE-2020-35164 | 2 Dell, Oracle | 6 Bsafe Crypto-c-micro-edition, Bsafe Micro-edition-suite, Database and 3 more | 2024-09-16 | 6.7 Medium |
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability. | ||||
CVE-2011-0858 | 1 Oracle | 1 Peoplesoft Enterprise Hrms | 2024-09-16 | N/A |
Unspecified vulnerability in Oracle PeopleSoft Enterprise HRMS 9.0 Bundle #15 and 9.1 Bundle #5 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Talent Acquisition Manager. | ||||
CVE-2013-5773 | 1 Oracle | 1 Fusion Middleware | 2024-09-16 | N/A |
Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Fusion Middleware 10.1.3.5.0 allows remote attackers to affect integrity via unknown vectors related to Servlet Runtime. | ||||
CVE-2013-5796 | 1 Oracle | 1 Siebel Crm | 2024-09-16 | N/A |
Unspecified vulnerability in the Siebel Core - EAI component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect availability via unknown vectors related to Web Services. |