| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2013-2441 |
|
|
|
2013-04-17 |
2013-04-18 |
4.0 |
None |
Remote |
Low |
Single system |
None |
Partial |
None |
|
Unspecified vulnerability in the Agile EDM component in Oracle Supply Chain Products Suite 6.1.1.0, 6.1.2.0, and 6.1.2.2 allows remote authenticated users to affect integrity via unknown vectors related to Java Client. |
|
2 |
CVE-2013-2433 |
|
|
|
2013-04-17 |
2013-06-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-1540. |
|
3 |
CVE-2013-2423 |
|
|
Bypass |
2013-04-17 |
2013-06-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via unknown vectors related to HotSpot. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from the original researcher that this vulnerability allows remote attackers to bypass permission checks by the MethodHandles method and modify arbitrary public final fields using reflection and type confusion, as demonstrated using integer and double fields to disable the security manager. |
|
4 |
CVE-2013-2418 |
|
|
|
2013-04-17 |
2013-06-04 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. |
|
5 |
CVE-2013-2416 |
|
|
|
2013-04-17 |
2013-06-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment. |
|
6 |
CVE-2013-2413 |
|
|
|
2013-04-17 |
2013-04-18 |
4.9 |
None |
Remote |
Medium |
Single system |
Partial |
Partial |
None |
|
Unspecified vulnerability in the Siebel Enterprise Application Integration component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Web Services. |
|
7 |
CVE-2013-2411 |
|
|
|
2013-04-17 |
2013-04-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 7.0, 8.1, and 8.2 allows remote attackers to affect integrity via unknown vectors related to Web Access. |
|
8 |
CVE-2013-2410 |
|
|
|
2013-04-17 |
2013-04-18 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.1.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Absence Management. |
|
9 |
CVE-2013-2408 |
|
|
|
2013-04-17 |
2013-04-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attackers to affect integrity via vectors related to PIA Core Technology and use of Internet Explorer 6. |
|
10 |
CVE-2013-2404 |
|
|
|
2013-04-17 |
2013-04-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attackers to affect integrity via unknown vectors related to Portal. |
|
11 |
CVE-2013-2402 |
|
|
|
2013-04-17 |
2013-04-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attackers to affect integrity via unknown vectors related to WorkCenter. |
|
12 |
CVE-2013-2399 |
|
|
|
2013-04-17 |
2013-04-18 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
Unspecified vulnerability in the Siebel Call Center component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via vectors related to Email - COMM Server Components. |
|
13 |
CVE-2013-2396 |
|
|
|
2013-04-17 |
2013-04-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Unspecified vulnerability in the Oracle Applications Manager component in Oracle E-Business Suite 12.0.6 and 12.1.3 allows remote attackers to affect integrity via vectors related to HTML OAM client. |
|
14 |
CVE-2013-2392 |
|
|
|
2013-04-17 |
2013-06-04 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. |
|
15 |
CVE-2013-2390 |
|
|
|
2013-04-17 |
2013-04-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2, 10.3.5, 10.3.6, and 12.1.1 allows remote attackers to affect integrity via unknown vectors related to WebLogic Console, a different vulnerability than CVE-2013-1504. |
|
16 |
CVE-2013-2389 |
|
|
|
2013-04-17 |
2013-06-04 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB. |
|
17 |
CVE-2013-2386 |
|
|
|
2013-04-17 |
2013-04-18 |
4.9 |
None |
Remote |
Medium |
Single system |
None |
Partial |
Partial |
|
Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 4.1.0 allows remote authenticated users to affect integrity and availability via vectors related to BASE. |
|
18 |
CVE-2013-2385 |
|
|
|
2013-04-17 |
2013-04-18 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 4.1.0 allows remote authenticated users to affect confidentiality via vectors related to BASE, a different vulnerability than CVE-2013-1560. |
|
19 |
CVE-2013-2376 |
|
|
|
2013-04-17 |
2013-04-18 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedure. |
|
20 |
CVE-2013-2374 |
|
|
|
2013-04-17 |
2013-04-18 |
4.0 |
None |
Remote |
Low |
Single system |
None |
Partial |
None |
|
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote authenticated users to affect integrity via unknown vectors related to Rich Text Editor. |
|
21 |
CVE-2013-1568 |
|
|
|
2013-04-17 |
2013-04-17 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 5.3.3, 6.0.1, and 6.2.0 allows remote authenticated users to affect availability via unknown vectors related to CB. |
|
22 |
CVE-2013-1562 |
|
|
|
2013-04-17 |
2013-04-17 |
4.0 |
None |
Remote |
Low |
Single system |
None |
Partial |
None |
|
Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 4.1.0 allows remote authenticated users to affect integrity via vectors related to HELP. |
|
23 |
CVE-2013-1559 |
|
|
|
2013-04-17 |
2013-04-17 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 10.1.3.5.1 and 11.1.1.6.0 allows remote authenticated users to affect availability via unknown vectors related to Content Server. |
|
24 |
CVE-2013-1555 |
|
|
|
2013-04-17 |
2013-06-04 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, and 5.5.29 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Partition. |
|
25 |
CVE-2013-1550 |
|
|
|
2013-04-17 |
2013-04-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote attackers to affect integrity via unknown vectors related to WorkCenter. |
|
26 |
CVE-2013-1544 |
|
|
|
2013-04-17 |
2013-06-04 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language. |
|
27 |
CVE-2013-1543 |
|
|
|
2013-04-17 |
2013-04-17 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Open UI Client. |
|
28 |
CVE-2013-1542 |
|
|
|
2013-04-17 |
2013-04-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect integrity via unknown vectors related to Servlet Runtime. |
|
29 |
CVE-2013-1540 |
|
|
|
2013-04-17 |
2013-06-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2433. |
|
30 |
CVE-2013-1536 |
|
|
|
2013-04-17 |
2013-04-17 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 5.5.05 and 6.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Security. |
|
31 |
CVE-2013-1532 |
|
|
|
2013-04-17 |
2013-06-04 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Information Schema. |
|
32 |
CVE-2013-1529 |
|
|
|
2013-04-17 |
2013-04-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Unspecified vulnerability in the Oracle WebCenter Interaction component in Oracle Fusion Middleware 6.5.1 and 10.3.3.0 allows remote attackers to affect integrity via unknown vectors related to Image Service. |
|
33 |
CVE-2013-1528 |
|
|
|
2013-04-17 |
2013-04-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Unspecified vulnerability in the Oracle HRMS component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Payroll. |
|
34 |
CVE-2013-1527 |
|
|
|
2013-04-17 |
2013-04-17 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote authenticated users to affect confidentiality via unknown vectors related to Report Distribution. |
|
35 |
CVE-2013-1526 |
|
|
|
2013-04-17 |
2013-04-17 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Replication. |
|
36 |
CVE-2013-1525 |
|
|
|
2013-04-17 |
2013-04-17 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
Unspecified vulnerability in the Oracle Retail Integration Bus component in Oracle Industry Applications 13.0, 13.1, and 13.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Retail Integration Bus Manager. |
|
37 |
CVE-2013-1524 |
|
|
|
2013-04-17 |
2013-04-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.0.6 and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Attachments. |
|
38 |
CVE-2013-1523 |
|
|
|
2013-04-17 |
2013-04-17 |
4.6 |
None |
Remote |
High |
Single system |
Partial |
Partial |
Partial |
|
Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier and 5.6.10 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Server Optimizer. |
|
39 |
CVE-2013-1522 |
|
|
|
2013-04-17 |
2013-04-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 10.1.3.5.1 and 11.1.1.6.0 allows remote attackers to affect integrity via unknown vectors related to Content Server. |
|
40 |
CVE-2013-1516 |
|
|
|
2013-04-17 |
2013-04-17 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
Unspecified vulnerability in the Oracle WebCenter Capture component in Oracle Fusion Middleware 10.1.3.5.1 allows remote authenticated users to affect availability via unknown vectors related to Import Server. |
|
41 |
CVE-2013-1515 |
|
|
|
2013-04-17 |
2013-04-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Sun Middleware Products 3.0.1 and 3.1.2 allows remote attackers to affect integrity via vectors related to ADMIN Interface. |
|
42 |
CVE-2013-1514 |
|
|
|
2013-04-17 |
2013-04-17 |
4.0 |
None |
Remote |
Low |
Single system |
None |
Partial |
None |
|
Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Fusion Middleware 10.1.3.5 allows remote authenticated users to affect integrity via vectors related to RMI Support. |
|
43 |
CVE-2013-1513 |
|
|
|
2013-04-17 |
2013-04-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attackers to affect integrity via vectors related to PIA Core Technology. |
|
44 |
CVE-2013-1512 |
|
|
|
2013-04-17 |
2013-04-17 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language. |
|
45 |
CVE-2013-1509 |
|
|
|
2013-04-17 |
2013-04-17 |
4.0 |
None |
Remote |
Low |
Single system |
None |
Partial |
None |
|
Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 7.6.2, 11.1.1.6.0, and 11.1.1.6.1 allows remote authenticated users to affect integrity via unknown vectors related to WebCenter Sites. |
|
46 |
CVE-2013-1508 |
|
|
|
2013-04-17 |
2013-04-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Sun Middleware Products 3.0.1 and 3.1.2 allows remote attackers to affect integrity via vectors related to REST Interface. |
|
47 |
CVE-2013-1505 |
|
|
|
2013-04-17 |
2013-04-17 |
4.9 |
None |
Remote |
Medium |
Single system |
Partial |
Partial |
None |
|
Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 3.1.0 allows remote authenticated users to affect confidentiality and integrity via vectors related to BASE. |
|
48 |
CVE-2013-1504 |
|
|
|
2013-04-17 |
2013-04-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2, 10.3.5, 10.3.6, and 12.1.1 allows remote attackers to affect integrity via unknown vectors related to WebLogic Console, a different vulnerability than CVE-2013-2390. |
|
49 |
CVE-2013-1501 |
|
|
|
2013-04-17 |
2013-04-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Unspecified vulnerability in the Oracle iStore component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via unknown vectors related to Login. |
|
50 |
CVE-2013-1497 |
|
|
|
2013-04-17 |
2013-04-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Unspecified vulnerability in the Oracle COREid Access component in Oracle Fusion Middleware 10.1.4.3.0 allows remote attackers to affect integrity via unknown vectors related to WebGate - WebServer plugin. |
