CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Oracle : Security Vulnerabilities (CVSS score between 4 and 4.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2016-8296 284 2016-10-25 2016-12-02
4.9
None Remote Medium Single system Partial Partial None
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 and 8.55 allows remote authenticated users to affect confidentiality and integrity via vectors related to LDAP.
2 CVE-2016-8295 200 +Info 2016-10-25 2016-12-02
4.0
None Remote Low Single system Partial None None
Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.2 allows remote authenticated users to affect confidentiality via unknown vectors.
3 CVE-2016-8294 200 +Info 2016-10-25 2016-12-02
4.0
None Remote Low Single system Partial None None
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 and 8.55 allows remote authenticated users to affect confidentiality via unknown vectors.
4 CVE-2016-8288 284 2016-10-25 2016-12-02
4.9
None Remote Medium Single system None Partial Partial
Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect integrity via vectors related to Server: InnoDB Plugin.
5 CVE-2016-8285 284 2016-10-25 2016-12-02
4.9
None Remote Medium Single system Partial Partial None
Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.2 allows remote administrators to affect confidentiality and integrity via vectors related to Candidate Gateway.
6 CVE-2016-8283 2016-10-25 2016-12-02
4.0
None Remote Low Single system None None Partial
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types.
7 CVE-2016-7166 399 DoS 2016-09-21 2016-09-28
4.3
None Remote Medium Not required None None Partial
libarchive before 3.2.0 does not limit the number of recursive decompressions, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted gzip file.
8 CVE-2016-6198 284 DoS 2016-08-06 2016-11-28
4.9
None Local Low Not required None None Complete
The filesystem layer in the Linux kernel before 4.5.5 proceeds with post-rename operations after an OverlayFS file is renamed to a self-hardlink, which allows local users to cause a denial of service (system crash) via a rename system call, related to fs/namei.c and fs/open.c.
9 CVE-2016-6197 20 DoS 2016-08-06 2016-11-28
4.9
None Local Low Not required None None Complete
fs/overlayfs/dir.c in the OverlayFS filesystem implementation in the Linux kernel before 4.6 does not properly verify the upper dentry before proceeding with unlink and rename system-call processing, which allows local users to cause a denial of service (system crash) via a rename system call that specifies a self-hardlink.
10 CVE-2016-5844 190 DoS Overflow 2016-09-21 2016-10-07
4.3
None Remote Medium Not required None None Partial
Integer overflow in the ISO parser in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a crafted ISO file.
11 CVE-2016-5635 2016-10-25 2016-11-28
4.0
None Remote Low Single system None None Partial
Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Security: Audit.
12 CVE-2016-5634 2016-10-25 2016-11-28
4.0
None Remote Low Single system None None Partial
Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to RBR.
13 CVE-2016-5633 2016-10-25 2016-11-28
4.0
None Remote Low Single system None None Partial
Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Performance Schema, a different vulnerability than CVE-2016-8290.
14 CVE-2016-5632 2016-10-25 2016-11-28
4.0
None Remote Low Single system None None Partial
Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Optimizer.
15 CVE-2016-5631 2016-10-25 2016-11-28
4.0
None Remote Low Single system None None Partial
Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Memcached.
16 CVE-2016-5630 2016-10-25 2016-11-28
4.0
None Remote Low Single system None None Partial
Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.
17 CVE-2016-5629 2016-10-25 2016-11-28
4.0
None Remote Low Single system None None Partial
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Federated.
18 CVE-2016-5628 2016-10-25 2016-11-28
4.0
None Remote Low Single system None None Partial
Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: DML.
19 CVE-2016-5627 2016-10-25 2016-11-28
4.0
None Remote Low Single system None None Partial
Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to Server: InnoDB.
20 CVE-2016-5626 2016-10-25 2016-11-28
4.0
None Remote Low Single system None None Partial
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to GIS.
21 CVE-2016-5625 2016-10-25 2016-11-28
4.4
None Local Medium Not required Partial Partial Partial
Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Packaging.
22 CVE-2016-5624 2016-10-25 2016-11-28
4.0
None Remote Low Single system None None Partial
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier allows remote authenticated users to affect availability via vectors related to DML.
23 CVE-2016-5621 284 2016-10-25 2016-11-28
4.0
None Remote Low Single system Partial None None
Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications 11.3.0, 11.4.0, 12.0.1 and 12.0.3, 12.1.0, and 12.2.0 allows remote authenticated users to affect confidentiality via vectors related to INFRA, a different vulnerability than CVE-2016-5603.
24 CVE-2016-5617 264 2016-10-25 2016-11-28
4.4
None Local Medium Not required Partial Partial Partial
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Error Handling.
25 CVE-2016-5616 2016-10-25 2016-11-28
4.4
None Local Medium Not required Partial Partial Partial
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to Server: MyISAM.
26 CVE-2016-5612 2016-10-25 2016-11-28
4.0
None Remote Low Single system None None Partial
Unspecified vulnerability in Oracle MySQL 5.5.50 and earlier, 5.6.31 and earlier, and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to DML.
27 CVE-2016-5610 284 2016-10-25 2016-11-28
4.6
None Local Low Not required Partial Partial Partial
Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality, integrity, and availability via vectors related to Core.
28 CVE-2016-5609 2016-10-25 2016-11-28
4.0
None Remote Low Single system None None Partial
Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to DML.
29 CVE-2016-5603 200 +Info 2016-10-25 2016-11-28
4.0
None Remote Low Single system Partial None None
Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications 11.3.0, 11.4.0, 12.0.1 through 12.0.3, 12.1.0, and 12.2.0 allows remote authenticated users to affect confidentiality via vectors related to INFRA, a different vulnerability than CVE-2016-5621.
30 CVE-2016-5597 200 +Info 2016-10-25 2016-11-28
4.3
None Remote Medium Not required Partial None None
Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect confidentiality via vectors related to Networking.
31 CVE-2016-5596 200 +Info 2016-10-25 2016-11-28
4.0
None Remote Low Single system Partial None None
Unspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suite 12.1.1 through 12.1.3 and 12.2.3 through 12.2.6 allows remote authenticated users to affect confidentiality via unknown vectors.
32 CVE-2016-5594 284 2016-10-25 2016-11-28
4.0
None Remote Low Single system Partial None None
Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications 11.3.0, 11.4.0, and 12.0.1 through 12.0.3 allows remote authenticated users to affect confidentiality via vectors related to INFRA.
33 CVE-2016-5581 284 2016-10-25 2016-11-28
4.6
None Local Low Not required Partial Partial Partial
Unspecified vulnerability in the Oracle iRecruitment component in Oracle E-Business Suite 12.1.1 through 12.1.3 and 12.2.3 through 12.2.6 allows local users to affect confidentiality, integrity, and availability via unknown vectors.
34 CVE-2016-5576 284 2016-10-25 2016-11-28
4.9
None Local Low Not required None None Complete
Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via vectors related to Kernel Zones.
35 CVE-2016-5572 264 2016-10-25 2016-11-28
4.4
None Local Medium Not required Partial Partial Partial
Unspecified vulnerability in the Kernel PDB component in Oracle Database Server 12.1.0.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors.
36 CVE-2016-5565 284 2016-10-25 2016-11-28
4.0
None Remote Low Single system Partial None None
Unspecified vulnerability in the Oracle Hospitality OPERA 5 Property Services component in Oracle Hospitality Applications 5.4.0.0 through 5.4.3.0, 5.5.0.0, and 5.5.1.0 allows remote authenticated users to affect confidentiality via vectors related to OPERA.
37 CVE-2016-5562 284 2016-10-25 2016-11-28
4.9
None Remote Medium Single system Partial Partial None
Unspecified vulnerability in the Oracle iProcurement component in Oracle E-Business Suite 12.1.1 through 12.1.3 and 12.2.3 through 12.2.6 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.
38 CVE-2016-5559 2016-10-25 2016-11-28
4.0
None Local High Not required None Complete None
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect integrity via vectors related to Kernel.
39 CVE-2016-5554 2016-10-25 2016-11-28
4.3
None Remote Medium Not required None Partial None
Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect integrity via vectors related to JMX.
40 CVE-2016-5553 2016-10-25 2016-11-28
4.7
None Local Medium Not required None None Complete
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect availability via unknown vectors.
41 CVE-2016-5542 2016-10-25 2016-11-28
4.3
None Remote Medium Not required None Partial None
Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect integrity via vectors related to Libraries.
42 CVE-2016-5539 2016-10-25 2016-11-28
4.6
None Local Low Not required Partial Partial Partial
Unspecified vulnerability in the Oracle Retail Xstore Payment component in Oracle Retail Applications 1.x allows local users to affect confidentiality, integrity, and availability via unknown vectors.
43 CVE-2016-5537 +Priv Dir. Trav. 2016-10-25 2016-11-09
4.6
None Local Low Not required Partial Partial Partial
Unspecified vulnerability in the NetBeans component in Oracle Fusion Middleware 8.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information is from the October 2016 CPU. Oracle has not commented on third-party claims that this issue is a directory traversal vulnerability which allows local users with certain permissions to write to arbitrary files and consequently gain privileges via a .. (dot dot) in a archive entry in a ZIP file imported as a project.
44 CVE-2016-5534 284 2016-10-25 2016-11-28
4.0
None Remote Low Single system Partial None None
Unspecified vulnerability in the Siebel Apps - Customer Order Management component in Oracle Siebel CRM 16.1 allows remote authenticated users to affect confidentiality via unknown vectors.
45 CVE-2016-5527 284 2016-10-25 2016-11-28
4.3
None Remote Medium Not required Partial None None
Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2016-5524.
46 CVE-2016-5522 200 +Info 2016-10-25 2016-11-28
4.0
None Remote Low Single system Partial None None
Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect confidentiality via unknown vectors.
47 CVE-2016-5516 2016-10-25 2016-11-28
4.7
None Local Medium Not required None None Complete
Unspecified vulnerability in the Kernel PDB component in Oracle Database Server 12.1.0.2 allows local users to affect availability via unknown vectors.
48 CVE-2016-5513 200 +Info 2016-10-25 2016-11-28
4.0
None Remote Low Single system Partial None None
Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect confidentiality via vectors related to File Manager.
49 CVE-2016-5512 79 XSS 2016-10-25 2016-11-28
4.3
None Remote Medium Not required None Partial None
Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2016-5521.
50 CVE-2016-5511 254 2016-10-25 2016-11-28
4.3
None Remote Medium Not required None Partial None
Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 12.2.1.0.0, 12.2.1.1.0, and 12.2.1.2.0 allows remote attackers to affect integrity via unknown vectors.
Total number of vulnerabilities : 1147   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.