CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Oracle : Security Vulnerabilities (CVSS score between 7 and 7.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2016-7039 399 DoS 2016-10-16 2016-11-28
7.8
None Remote Low Not required None None Complete
The IP stack in the Linux kernel through 4.8.2 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for large crafted packets, as demonstrated by packets that contain only VLAN headers, a related issue to CVE-2016-8666.
2 CVE-2016-6250 190 DoS Exec Code Overflow 2016-09-21 2016-09-28
7.5
None Remote Low Not required Partial Partial Partial
Integer overflow in the ISO9660 writer in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors related to verifying filename lengths when writing an ISO9660 archive, which trigger a buffer overflow.
3 CVE-2016-5622 284 2016-10-25 2016-11-28
7.8
None Remote Medium Not required Complete Partial None
Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications 11.3.0, 11.4.0, 12.0.1 through 12.0.3, 12.1.0, and 12.2.0 allows remote attackers to affect confidentiality and integrity via vectors related to INFRA.
4 CVE-2016-5588 284 2016-10-25 2016-11-28
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.5.1 through 8.5.3 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-5558, CVE-2016-5574, CVE-2016-5577, CVE-2016-5578, and CVE-2016-5579.
5 CVE-2016-5579 284 2016-10-25 2016-11-28
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.5.1 through 8.5.3 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-5558, CVE-2016-5574, CVE-2016-5577, CVE-2016-5578, and CVE-2016-5588.
6 CVE-2016-5578 284 2016-10-25 2016-11-28
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.5.1 through 8.5.3 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-5558, CVE-2016-5574, CVE-2016-5577, CVE-2016-5579, and CVE-2016-5588.
7 CVE-2016-5577 284 2016-10-25 2016-11-28
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.5.1 through 8.5.3 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-5558, CVE-2016-5574, CVE-2016-5578, CVE-2016-5579, and CVE-2016-5588.
8 CVE-2016-5574 284 2016-10-25 2016-11-28
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.5.1 through 8.5.3 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-5558, CVE-2016-5577, CVE-2016-5578, CVE-2016-5579, and CVE-2016-5588.
9 CVE-2016-5558 284 2016-10-25 2016-11-28
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.5.1 through 8.5.3 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-5574, CVE-2016-5577, CVE-2016-5578, CVE-2016-5579, and CVE-2016-5588.
10 CVE-2016-5544 2016-10-25 2016-11-28
7.2
None Local Low Not required Complete Complete Complete
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect confidentiality, integrity, and availability via vectors related to Kernel/X86.
11 CVE-2016-5538 2016-10-25 2016-11-28
7.2
None Local Low Not required Complete Complete Complete
Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality, integrity, and availability via vectors related to Core, a different vulnerability than CVE-2016-5501.
12 CVE-2016-5535 2016-10-25 2016-11-28
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.3.0, 12.2.1.0, and 12.2.1.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
13 CVE-2016-5531 2016-10-25 2016-11-28
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to WLS-WebServices.
14 CVE-2016-5526 284 2016-10-25 2016-11-28
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Apache Tomcat.
15 CVE-2016-5521 284 2016-10-25 2016-11-28
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2016-5512.
16 CVE-2016-5501 2016-10-25 2016-11-28
7.2
None Local Low Not required Complete Complete Complete
Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality, integrity, and availability via vectors related to Core, a different vulnerability than CVE-2016-5538.
17 CVE-2016-5489 2016-10-25 2016-11-28
7.8
None Remote Medium Not required Complete Partial None
Unspecified vulnerability in the Oracle iStore component in Oracle E-Business Suite 12.1.1 through 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality and integrity via vectors related to Runtime Catalog.
18 CVE-2016-5472 2016-07-21 2016-11-28
7.2
None Local Low Not required Complete Complete Complete
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 and 8.55 allows local users to affect confidentiality, integrity, and availability via vectors related to Install and Packaging.
19 CVE-2016-5470 2016-07-21 2016-11-28
7.1
None Remote Medium Not required Complete None None
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 and 8.55 allows remote attackers to affect confidentiality via vectors related to Application Designer.
20 CVE-2016-5453 2016-07-21 2016-11-28
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to IPMI.
21 CVE-2016-5446 2016-07-21 2016-11-28
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Infrastructure.
22 CVE-2016-5445 2016-07-21 2016-11-28
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
23 CVE-2016-5425 264 +Priv 2016-10-13 2016-10-31
7.2
Admin Local Low Not required Complete Complete Complete
The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.
24 CVE-2016-5408 119 Exec Code Overflow 2016-08-10 2016-09-28
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in the munge_other_line function in cachemgr.cgi in the squid package before 3.1.23-16.el6_8.6 in Red Hat Enterprise Linux 6 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-4051.
25 CVE-2016-5254 416 DoS Exec Code Mem. Corr. 2016-08-04 2016-11-28
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the nsXULPopupManager::KeyDown function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) by leveraging keyboard access to use the Alt key during selection of top-level menu items.
26 CVE-2016-4997 264 DoS +Priv Mem. Corr. 2016-07-03 2016-11-28
7.2
None Local Low Not required Complete Complete Complete
The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4.6.3 allow local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement.
27 CVE-2016-4951 DoS 2016-05-23 2016-11-28
7.2
None Local Low Not required Complete Complete Complete
The tipc_nl_publ_dump function in net/tipc/socket.c in the Linux kernel through 4.6 does not verify socket existence, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a dumpit operation.
28 CVE-2016-4913 200 +Info 2016-05-23 2016-11-28
7.2
None Local Low Not required Complete Complete Complete
The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel before 4.5.5 mishandles NM (aka alternate name) entries containing \0 characters, which allows local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via a crafted isofs filesystem.
29 CVE-2016-4805 416 DoS Mem. Corr. 2016-05-23 2016-11-28
7.2
None Local Low Not required Complete Complete Complete
Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel before 4.5.2 allows local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions.
30 CVE-2016-4480 264 +Priv 2016-05-18 2016-11-30
7.2
None Local Low Not required Complete Complete Complete
The guest_walk_tables function in arch/x86/mm/guest_walk.c in Xen 4.6.x and earlier does not properly handle the Page Size (PS) page table entry bit at the L4 and L3 page table levels, which might allow local guest OS users to gain privileges via a crafted mapping of memory.
31 CVE-2016-3960 264 DoS Overflow +Priv 2016-04-19 2016-11-28
7.2
None Local Low Not required Complete Complete Complete
Integer overflow in the x86 shadow pagetable code in Xen allows local guest OS users to cause a denial of service (host crash) or possibly gain privileges by shadowing a superpage mapping.
32 CVE-2016-3561 2016-07-21 2016-11-28
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to SDK.
33 CVE-2016-3544 2016-07-21 2016-11-28
7.0
None Remote Medium Single system Complete Partial None
Unspecified vulnerability in the Oracle Business Intelligence Enterprise Edition component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, and 11.2.1.0.0 allows remote authenticated users to affect confidentiality and integrity via vectors related to Analytics Web General.
34 CVE-2016-3539 2016-07-21 2016-11-28
7.5
None Remote Low Single system None Complete Partial
Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect integrity and availability via vectors related to File Folders / Attachment, a different vulnerability than CVE-2016-3538.
35 CVE-2016-3538 2016-07-21 2016-11-28
7.5
None Remote Low Single system None Complete Partial
Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect integrity and availability via vectors related to File Folders / Attachment, a different vulnerability than CVE-2016-3539.
36 CVE-2016-3536 XSS 2016-07-21 2016-11-28
7.0
None Remote Medium Single system Complete Partial None
Unspecified vulnerability in the Oracle Marketing component in Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Deliverables. NOTE: the previous information is from the July 2016 CPU. Oracle has not commented on third-party claims that this issue involves multiple cross-site scripting (XSS) vulnerabilities, which allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
37 CVE-2016-3535 XSS 2016-07-21 2016-11-28
7.8
None Remote Medium Not required Complete Partial None
Unspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suite 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Remote Launch. NOTE: the previous information is from the July 2016 CPU. Oracle has not commented on third-party claims that this issue is a cross-site scripting (XSS) vulnerability, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
38 CVE-2016-3532 XSS 2016-07-21 2016-11-28
7.8
None Remote Medium Not required Complete Partial None
Unspecified vulnerability in the Oracle Advanced Inbound Telephony component in Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to SDK client integration. NOTE: the previous information is from the July 2016 CPU. Oracle has not commented on third-party claims that this issue involves multiple cross-site scripting (XSS) vulnerabilities, which allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
39 CVE-2016-3530 2016-07-21 2016-11-28
7.5
None Remote Low Single system None Complete Partial
Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect integrity and availability via vectors related to PGC / Import.
40 CVE-2016-3528 2016-07-21 2016-11-28
7.8
None Remote Low Not required None None Complete
Unspecified vulnerability in the Oracle Internet Expenses component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect availability via vectors related to Expenses Admin Utilities.
41 CVE-2016-3526 2016-07-21 2016-11-28
7.8
None Remote Low Not required Complete None None
Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality via vectors related to SDK, a different vulnerability than CVE-2016-3529 and CVE-2016-3560.
42 CVE-2016-3515 2016-07-21 2016-11-28
7.8
None Remote Low Not required Complete None None
Unspecified vulnerability in the Oracle Enterprise Communications Broker component in Oracle Communications Applications before PCz 2.0.0m4p1 allows remote attackers to affect confidentiality via unknown vectors.
43 CVE-2016-3512 2016-07-21 2016-11-28
7.8
None Remote Medium Not required Complete Partial None
Unspecified vulnerability in the Oracle Customer Interaction History component in Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Function Security.
44 CVE-2016-3504 2016-07-21 2016-11-28
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, 11.1.2.4.0, 12.1.3.0.0, and 12.2.1.0.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to ADF Faces.
45 CVE-2016-3489 2016-07-21 2016-11-28
7.2
None Local Low Not required Complete Complete Complete
Unspecified vulnerability in the Data Pump Import component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors.
46 CVE-2016-3479 2016-07-21 2016-11-28
7.8
None Remote Low Not required None None Complete
Unspecified vulnerability in the Portable Clusterware component in Oracle Database Server 11.2.0.4 and 12.1.0.2 allows remote attackers to affect availability via unknown vectors.
47 CVE-2016-3471 2016-07-21 2016-11-28
7.1
None Remote High Single system Complete Complete Complete
Unspecified vulnerability in Oracle MySQL 5.5.45 and earlier and 5.6.26 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Option.
48 CVE-2016-3470 2016-07-21 2016-11-28
7.5
None Remote Low Single system Complete Partial None
Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.4.1 allows remote authenticated users to affect confidentiality and integrity via vectors related to Install.
49 CVE-2016-3454 2016-04-21 2016-04-26
7.6
None Remote High Not required Complete Complete Complete
Unspecified vulnerability in the Java VM component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
50 CVE-2016-3449 2016-04-21 2016-11-30
7.6
None Remote High Not required Complete Complete Complete
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Deployment.
Total number of vulnerabilities : 366   Page : 1 (This Page)2 3 4 5 6 7 8
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.