Vulnerabilities (CVE)

Filtered by vendor Oracle Subscribe
Total 10091 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-0671 1 Oracle 1 Http Server 2025-04-12 2.6 LOW 3.7 LOW
Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 12.1.2.0 allows remote attackers to affect confidentiality via vectors related to OSSL Module.
CVE-2015-4846 1 Oracle 1 E-business Suite 2025-04-12 3.6 LOW N/A
Unspecified vulnerability in the Oracle Applications Manager component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote authenticated users to affect confidentiality and integrity via vectors related to SQL Extensions. NOTE: the previous information is from the October 2015 CPU. Oracle has not commented on third-party claims that this issue is a SQL injection vulnerability, which allows remote authenticated users to execute arbitrary SQL commands via a request involving the afamexts.sql SQL extension.
CVE-2014-6572 1 Oracle 1 E-business Suite 2025-04-12 6.4 MEDIUM N/A
Unspecified vulnerability in the Oracle Customer Interaction History component in Oracle E-Business Suite 12.0.4, 12.0.5, 12.0.6, 12.1.1, 12.1.2, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality and integrity via unknown vectors related to List of Values.
CVE-2016-8294 1 Oracle 1 Peoplesoft Enterprise Peopletools 2025-04-12 4.0 MEDIUM 4.3 MEDIUM
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 and 8.55 allows remote authenticated users to affect confidentiality via unknown vectors.
CVE-2015-4869 1 Oracle 1 Solaris 2025-04-12 4.9 MEDIUM N/A
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect availability via unknown vectors related to Kernel.
CVE-2014-2480 1 Oracle 1 Fusion Middleware 2025-04-12 6.8 MEDIUM N/A
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2014-2481.
CVE-2014-2406 1 Oracle 1 Database Server 2025-04-12 8.5 HIGH N/A
Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to "Advisor" and "Select Any Dictionary" privileges.
CVE-2014-4229 1 Oracle 1 Supply Chain Products Suite 2025-04-12 5.5 MEDIUM N/A
Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.2, 6.3, 6.3.1, 6.3.2, 6.3.3, and 6.3.4 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Data, Domain, and Function Security.
CVE-2015-2729 2 Mozilla, Oracle 4 Firefox, Firefox Esr, Thunderbird and 1 more 2025-04-12 5.0 MEDIUM N/A
The AudioParamTimeline::AudioNodeInputValue function in the Web Audio implementation in Mozilla Firefox before 39.0 and Firefox ESR 38.x before 38.1 does not properly calculate an oscillator rendering range, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via unspecified vectors.
CVE-2015-4753 1 Oracle 1 Database Server 2025-04-12 2.1 LOW N/A
Unspecified vulnerability in the RDBMS Support Tools component in Oracle Database Server 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows local users to affect confidentiality via unknown vectors.
CVE-2015-0467 1 Oracle 1 Peoplesoft Products 2025-04-12 4.3 MEDIUM N/A
Unspecified vulnerability in the PeopleSoft Enterprise HCM Talent Acquisition Manager component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote attackers to affect integrity via unknown vectors related to Security.
CVE-2014-0447 2 Oracle, Sun 2 Sunos, Sunos 2025-04-12 4.9 MEDIUM N/A
Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local users to affect availability via unknown vectors related to Kernel, a different vulnerability than CVE-2013-5876.
CVE-2016-2381 5 Canonical, Debian, Opensuse and 2 more 10 Ubuntu Linux, Debian Linux, Opensuse and 7 more 2025-04-12 5.0 MEDIUM 7.5 HIGH
Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.
CVE-2011-2198 3 Gnome, Opensuse, Oracle 3 Gnome-terminal, Opensuse, Solaris 2025-04-12 3.5 LOW N/A
The "insert-blank-characters" capability in caps.c in gnome-terminal (vte) before 0.28.1 allows remote authenticated users to cause a denial of service (CPU and memory consumption and crash) via a crafted file, as demonstrated by a file containing the string "\033[100000000000000000@".
CVE-2016-3435 1 Oracle 1 Peoplesoft Enterprise Peopletools 2025-04-12 4.3 MEDIUM 4.7 MEDIUM
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote attackers to affect availability via vectors related to PIA Core Technology.
CVE-2016-3475 1 Oracle 1 Knowledge 2025-04-12 4.0 MEDIUM 4.3 MEDIUM
Unspecified vulnerability in the Oracle Knowledge component in Oracle Siebel CRM 8.5.x allows remote authenticated users to affect confidentiality via vectors related to Information Manager Console.
CVE-2016-0574 1 Oracle 1 Weblogic Server 2025-04-12 7.5 HIGH N/A
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6, 12.1.2, 12.1.3, and 12.2.1 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to WLS Core Components, a different vulnerability than CVE-2016-0577.
CVE-2014-1528 7 Canonical, Fedoraproject, Microsoft and 4 more 8 Ubuntu Linux, Fedora, Windows and 5 more 2025-04-12 10.0 HIGH N/A
The sse2_composite_src_x888_8888 function in Pixman, as used in Cairo in Mozilla Firefox 28.0 and SeaMonkey 2.25 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write and application crash) by painting on a CANVAS element.
CVE-2016-5533 1 Oracle 1 Primavera P6 Enterprise Project Portfolio Management 2025-04-12 5.5 MEDIUM 5.4 MEDIUM
Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 8.4, 15.x, and 16.x allows remote authenticated users to affect confidentiality and integrity via unknown vectors.
CVE-2014-0203 2 Linux, Oracle 2 Linux Kernel, Linux 2025-04-12 4.9 MEDIUM 5.5 MEDIUM
The __do_follow_link function in fs/namei.c in the Linux kernel before 2.6.33 does not properly handle the last pathname component during use of certain filesystems, which allows local users to cause a denial of service (incorrect free operations and system crash) via an open system call.