CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Oracle : Security Vulnerabilities Published In 2010

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2010-4007 310 2010-10-20 2010-10-21
5.0
None Remote Low Not required None Partial None
Oracle Mojarra uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack, a related issue to CVE-2010-2057.
2 CVE-2010-3585 2010-10-14 2010-11-19
9.0
None Remote Low Single system Complete Complete Complete
Unspecified vulnerability in the OracleVM component in Oracle VM 2.2.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to ovs-agent. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a third party researcher that this is related to the exposure of unspecified functions using XML-RPC.
3 CVE-2010-3584 2010-10-14 2010-11-19
4.3
None Local Low Single system Partial Partial Partial
Unspecified vulnerability in the Oracle VM component in Oracle VM 2.2.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to ovs-agent. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a third party researcher that this is related to the storage of passwords and password hashes in cleartext in files with insecure permissions.
4 CVE-2010-3583 Exec Code 2010-10-14 2010-11-19
9.0
None Remote Low Single system Complete Complete Complete
Unspecified vulnerability in the OracleVM component in Oracle VM 2.2.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to ovs-agent. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a third party researcher that this is related to the exposure of multiple unspecified functions through XML-RPC that allow execution of arbitrary OS commands.
5 CVE-2010-3582 2010-10-14 2010-11-11
9.0
None Remote Low Single system Complete Complete Complete
Unspecified vulnerability in the OracleVM component in Oracle VM 2.2.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to ovs-agent.
6 CVE-2010-3581 2010-10-14 2010-11-11
3.5
None Remote Medium Single system None Partial None
Unspecified vulnerability in the BPEL Console component in Oracle Fusion Middleware 11.1.1.1.0 and 11.1.1.2.0 allows remote authenticated users to affect integrity via unknown vectors.
7 CVE-2010-3580 2010-10-14 2010-11-11
4.6
None Local Low Single system None None Complete
Unspecified vulnerability in Oracle OpenSolaris allows local users to affect availability via unknown vectors related to Kernel/File System.
8 CVE-2010-3579 2010-10-14 2013-02-07
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in the (1) Sun Convergence 1 and (2) Sun Java Communications Suite 7 components in Oracle Sun Products Suite 1.0 and 7.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Webmail.
9 CVE-2010-3578 2010-10-14 2010-11-11
9.0
None Remote Low Not required Partial Partial Complete
Unspecified vulnerability in Oracle OpenSolaris allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Depot Server.
10 CVE-2010-3577 2010-10-14 2010-11-11
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in Oracle OpenSolaris allows remote attackers to affect confidentiality and integrity, related to Kernel/CIFS.
11 CVE-2010-3576 2010-10-14 2010-11-11
3.6
None Local Low Not required None Partial Partial
Unspecified vulnerability in Oracle Solaris 8, 9, and 10, and OpenSolaris, allows local users to affect integrity and availability, related to the SCSI enclosure services device driver.
12 CVE-2010-3575 2010-10-14 2010-11-11
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in the Oracle Communications Messaging Server (Sun Java System Messaging Server) component in Oracle Sun Products Suite 6.0, 6.2, 6.3, and 7.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Web Mail.
13 CVE-2010-3564 DoS 2010-10-14 2014-10-04
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in the Oracle Communications Messaging Server (Sun Java System Messaging Server) component in Oracle Sun Products Suite 7.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Webmail. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that the Kerberos implementation does not properly check AP-REQ requests, which allows attackers to cause a denial of service in the JVM. NOTE: CVE has not investigated the apparent discrepancy between the two vendors regarding the consequences of this issue.
14 CVE-2010-3547 2010-10-14 2010-11-11
5.5
None Remote Low Single system Partial Partial None
Unspecified vulnerability in the PeopleSoft FMS ESA - EX component in Oracle PeopleSoft and JDEdwards Suite 8.9 Bundle #38, 9.0 Bundle #31, and 9.1 Bundle #6 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.
15 CVE-2010-3546 2010-10-14 2013-02-07
5.8
None Remote Medium Not required Partial Partial None
Unspecified vulnerability in the Sun Java System Identity Manager component in Oracle Sun Products Suite 8.1 allows remote attackers to affect confidentiality and integrity via unknown vectors.
16 CVE-2010-3545 2010-10-14 2013-02-07
5.8
None Remote Medium Not required Partial Partial None
Unspecified vulnerability in the Oracle iPlanet Web Server (Sun Java System Web Server) component in Oracle Sun Products Suite 7.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Administration.
17 CVE-2010-3544 CSRF 2010-10-14 2013-02-07
5.8
None Remote Medium Not required None Partial Partial
Unspecified vulnerability in the Oracle iPlanet Web Server (Sun Java System Web Server) component in Oracle Sun Products Suite 7.0 allows remote attackers to affect integrity and availability via unknown vectors related to Administration. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable source that this is cross-site request forgery (CSRF) that allows remote attackers to stop an instance via the management console.
18 CVE-2010-3542 2010-10-14 2010-11-11
1.9
None Local Medium Not required Partial None None
Unspecified vulnerability in Oracle Solaris 8, 9, and 10, and OpenSolaris, allows local users to affect confidentiality, related to USB.
19 CVE-2010-3540 2010-10-14 2010-11-11
4.0
None Local High Not required None None Complete
Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows local users to affect availability, related to ZFS.
20 CVE-2010-3539 2010-10-14 2010-11-11
5.5
None Remote Low Single system Partial Partial None
Unspecified vulnerability in the PeopleSoft Enterprise FMS - GL component in Oracle PeopleSoft and JDEdwards Suite 8.9 Bundle #38, 9.0 Bundle #31, and 9.1 Bundle #6 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.
21 CVE-2010-3538 2010-10-14 2010-11-11
5.5
None Remote Low Single system Partial Partial None
Unspecified vulnerability in the PeopleSoft Enterprise FMS - GL component in Oracle PeopleSoft and JDEdwards Suite 8.9 Bundle #38, 9.0 Bundle #31, and 9.1 Bundle #6 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.
22 CVE-2010-3537 2010-10-14 2010-11-11
5.5
None Remote Low Single system Partial Partial None
Unspecified vulnerability in the PeopleSoft Enterprise FMS - AM component in Oracle PeopleSoft and JDEdwards Suite 8.9 Bundle #38, 9.0 Bundle #31, and 9.1 Bundle #6 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.
23 CVE-2010-3536 2010-10-14 2010-11-11
5.5
None Remote Low Single system Partial Partial None
Unspecified vulnerability in the PeopleSoft Enterprise SCM component in Oracle PeopleSoft and JDEdwards Suite 8.9 Bundle #38, 9.0 Bundle #31, and 9.1 Bundle #6 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.
24 CVE-2010-3535 2010-10-14 2013-02-07
4.4
None Local Medium Not required Partial Partial Partial
Unspecified vulnerability in the Directory Server Enterprise Edition component in Oracle Sun Products Suite 6.0, 6.1, 6.2, and 6.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Identity Synchronization for Windows.
25 CVE-2010-3534 2010-10-14 2010-11-11
4.6
None Local Low Not required Partial Partial Partial
Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 6.21.3.0 and 7.0.1.0 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to the Project Management Module.
26 CVE-2010-3533 2010-10-14 2010-11-11
5.5
None Remote Low Single system Partial Partial None
Unspecified vulnerability in the PeopleSoft Enterprise SCM OM and CRM Order Capture component in Oracle PeopleSoft and JDEdwards Suite 8.9, 9.0, and 9.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.
27 CVE-2010-3532 2010-10-14 2010-11-11
5.5
None Remote Low Single system Partial Partial None
Unspecified vulnerability in the PeopleSoft Enterprise CRM - Order Capture component in Oracle PeopleSoft and JDEdwards Suite 9.0 Bundle #28 and 9.1 Bundle #4 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.
28 CVE-2010-3531 2010-10-14 2010-11-11
5.5
None Remote Low Single system Partial Partial None
Unspecified vulnerability in the PeopleSoft Enterprise FMS ESA - RM component in Oracle PeopleSoft and JDEdwards Suite 8.9 Bundle #38, 9.0 Bundle #31, and 9.1 Bundle #6 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.
29 CVE-2010-3530 2010-10-14 2010-11-11
5.5
None Remote Low Single system Partial Partial None
Unspecified vulnerability in the PeopleSoft Enterprise HCM - HR component in Oracle PeopleSoft and JDEdwards Suite 9.0 Bundle #13 and 9.1 Bundle #3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.
30 CVE-2010-3529 2010-10-14 2010-11-11
5.5
None Remote Low Single system Partial Partial None
Unspecified vulnerability in the PeopleSoft Enterprise FMS - Cash Management component in Oracle PeopleSoft and JDEdwards Suite 8.9 Bundle #38, 9.0 Bundle #31, and 9.1 Bundle #6 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.
31 CVE-2010-3528 2010-10-14 2010-11-11
4.0
None Remote Low Single system Partial None None
Unspecified vulnerability in the PeopleSoft Enterprise CRM - Common Components component in Oracle PeopleSoft and JDEdwards Suite 8.9 Bundle #41, 9.0 Bundle #28, and 9.1 Bundle #4 allows remote authenticated users to affect confidentiality via unknown vectors.
32 CVE-2010-3527 2010-10-14 2010-11-11
5.5
None Remote Low Single system None Partial Partial
Unspecified vulnerability in the PeopleSoft Enterprise FMS - AM component in Oracle PeopleSoft and JDEdwards Suite 8.9 Bundle #38, 9.0 Bundle #31, and 9.1 Bundle #6 allows remote authenticated users to affect integrity and availability via unknown vectors.
33 CVE-2010-3526 2010-10-14 2010-11-11
5.5
None Remote Low Single system Partial Partial None
Unspecified vulnerability in the PeopleSoft Enterprise SCM - PO component in Oracle PeopleSoft and JDEdwards Suite 8.9 Bundle #38, 9.0 Bundle #31, and 9.1 Bundle #6 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.
34 CVE-2010-3525 2010-10-14 2010-11-11
5.5
None Remote Low Single system Partial Partial None
Unspecified vulnerability in the (1) PeopleSoft Enterprise FMS, (2) SCM, (3) EPM, (4) CRM, and (5) Campus Solutions components in Oracle PeopleSoft and JDEdwards Suite 8.9, 9.0, and 9.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.
35 CVE-2010-3524 2010-10-14 2010-11-11
5.5
None Remote Low Single system Partial Partial None
Unspecified vulnerability in the PeopleSoft Enterprise SCM - Strategic Sourcing component in Oracle PeopleSoft and JDEdwards Suite 8.9 Bundle #38, 9.0 Bundle #31, and 9.1 Bundle #6 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.
36 CVE-2010-3523 2010-10-14 2010-11-11
5.0
None Remote Low Not required None Partial None
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft and JDEdwards Suite 8.49.28 and 8.50.12 allows remote attackers to affect integrity via unknown vectors.
37 CVE-2010-3522 2010-10-14 2010-11-11
4.0
None Remote Low Single system Partial None None
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft and JDEdwards Suite 8.49.28 and 8.50.12 allows remote authenticated users to affect confidentiality via unknown vectors.
38 CVE-2010-3521 2010-10-13 2010-11-11
5.5
None Remote Low Single system Partial Partial None
Unspecified vulnerability in the PeopleSoft Enterprise HCM ePay component in Oracle PeopleSoft and JDEdwards Suite 9.0 to Payroll Update 10-C and 9.1 to Payroll Update 10-C allows remote authenticated users to affect confidentiality and integrity via unknown vectors.
39 CVE-2010-3520 2010-10-13 2010-11-11
5.5
None Remote Low Single system Partial Partial None
Unspecified vulnerability in the PeopleSoft Enterprise HCM - GP France component in Oracle PeopleSoft and JDEdwards Suite 8.81 SP1 Bundle #12, 8.9 GP Update 2010-E, 9.0 GP Update 2010-E, and 9.1 GP Update 2010-E allows remote authenticated users to affect confidentiality and integrity via unknown vectors.
40 CVE-2010-3519 2010-10-13 2010-11-11
4.0
None Remote Low Single system None Partial None
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft and JDEdwards Suite 8.49.28 and 8.50.12 allows remote authenticated users to affect integrity via unknown vectors.
41 CVE-2010-3518 2010-10-13 2010-11-11
5.5
None Remote Low Single system Partial Partial None
Unspecified vulnerability in the PeopleSoft Enterprise HCM GP - Japan component in Oracle PeopleSoft and JDEdwards Suite 8.81 SP1 Bundle #13, 8.9 GP Update 2010-E, 9.0 GP Update 2010-E, and 9.1 GP Update 2010-E allows remote authenticated users to affect confidentiality and integrity via unknown vectors.
42 CVE-2010-3517 2010-10-13 2010-11-11
4.9
None Local Low Not required None None Complete
Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows local users to affect availability, related to Kernel/X86.
43 CVE-2010-3516 2010-10-13 2010-11-11
4.0
None Local High Not required None None Complete
Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows local users to affect availability via unknown vectors related to InfiniBand.
44 CVE-2010-3515 2010-10-13 2010-11-11
4.0
None Local High Not required None None Complete
Unspecified vulnerability in the Solaris component in Oracle Solaris 9 and 10, and OpenSolaris, allows local users to affect availability via unknown vectors related to Kernel/Disk Driver.
45 CVE-2010-3514 2010-10-13 2010-11-11
4.3
None Remote Medium Not required None Partial None
Unspecified vulnerability in the Oracle iPlanet Web Server (Sun Java System Web Server) component in Oracle Sun Products Suite 6.1 and 7.0 allows remote attackers to affect integrity via unknown vectors related to Web Container.
46 CVE-2010-3513 2010-10-13 2010-11-11
2.4
None Local High Single system None Partial Partial
Unspecified vulnerability in Oracle Solaris 9 and 10, and OpenSolaris, allows local users to affect integrity and availability via unknown vectors related to Device Drivers.
47 CVE-2010-3512 2010-10-13 2010-11-11
3.5
None Remote Medium Single system Partial None None
Unspecified vulnerability in the Oracle iPlanet Web Server (Sun Java System Web Server) component in Oracle Sun Products Suite 7.0u8 allows remote authenticated users to affect confidentiality, related to DAV (WebDAV).
48 CVE-2010-3511 2010-10-13 2010-11-11
2.6
None Local High Not required None Partial Partial
Unspecified vulnerability in Oracle OpenSolaris allows local users to affect integrity and availability via unknown vectors related to Tooltalk.
49 CVE-2010-3509 2010-10-13 2010-11-11
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Scheduler.
50 CVE-2010-3508 2010-10-13 2010-11-11
3.2
None Local Low Single system Partial Partial None
Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality and integrity via unknown vectors related to Solaris Zones.
Total number of vulnerabilities : 206   Page : 1 (This Page)2 3 4 5
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.