CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
12601 CVE-2016-0589 2016-01-21 2017-09-10
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via unknown vectors.
12602 CVE-2016-0581 2016-01-21 2017-09-10
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in the Oracle Approvals Management component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via vectors related to AME Page rendering.
12603 CVE-2016-0578 2016-01-21 2017-09-10
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in the Oracle CRM Technology Foundation component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via vectors related to BIS Common Components.
12604 CVE-2016-0576 2016-01-21 2017-09-10
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via vectors related to ICX LOVs.
12605 CVE-2016-0563 2016-01-21 2017-09-10
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suite 11.5.10.2 and 12.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Common Techstack.
12606 CVE-2016-0560 2016-01-21 2017-09-10
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in the Oracle Customer Intelligence component in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2016-0545, CVE-2016-0551, CVE-2016-0552, and CVE-2016-0559.
12607 CVE-2016-0559 2016-01-21 2017-09-10
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in the Oracle Customer Intelligence component in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2016-0545, CVE-2016-0551, CVE-2016-0552, and CVE-2016-0560.
12608 CVE-2016-0554 2016-01-21 2017-09-10
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in the Oracle Interaction Center Intelligence component in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Business Intelligence.
12609 CVE-2016-0553 2016-01-21 2017-09-10
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in the Oracle E-Business Intelligence component in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors.
12610 CVE-2016-0552 2016-01-21 2017-09-10
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in the Oracle Customer Intelligence component in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2016-0545, CVE-2016-0551, CVE-2016-0559, and CVE-2016-0560.
12611 CVE-2016-0551 2016-01-21 2017-09-10
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in the Oracle Customer Intelligence component in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2016-0545, CVE-2016-0552, CVE-2016-0559, and CVE-2016-0560.
12612 CVE-2016-0550 2016-01-21 2017-09-10
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suite 11.5.10.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and integrity via vectors related to CRM HTML Administration.
12613 CVE-2016-0549 2016-01-21 2017-09-10
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in the Oracle E-Business Intelligence component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Common Components, a different vulnerability than CVE-2016-0511, CVE-2016-0547, and CVE-2016-0548.
12614 CVE-2016-0548 2016-01-21 2017-09-10
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in the Oracle E-Business Intelligence component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Common Components, a different vulnerability than CVE-2016-0511, CVE-2016-0547, and CVE-2016-0549.
12615 CVE-2016-0547 2016-01-21 2017-09-10
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in the Oracle E-Business Intelligence component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Common Components, a different vulnerability than CVE-2016-0511, CVE-2016-0548, and CVE-2016-0549.
12616 CVE-2016-0545 2016-01-21 2017-09-10
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in the Oracle Customer Intelligence component in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2016-0551, CVE-2016-0552, CVE-2016-0559, and CVE-2016-0560.
12617 CVE-2016-0544 2016-01-21 2017-09-10
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in the Oracle Marketing component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Architecture.
12618 CVE-2016-0543 2016-01-21 2017-09-10
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in the Oracle Marketing component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Preview.
12619 CVE-2016-0537 2016-01-21 2017-09-10
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in the Oracle Human Resources component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Person.
12620 CVE-2016-0532 2016-01-21 2017-09-10
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suite 11.5.10.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security Assignments.
12621 CVE-2016-0530 2016-01-21 2017-09-10
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in the Oracle Customer Interaction History component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and integrity via vectors related to User GUI, a different vulnerability than CVE-2016-0527, CVE-2016-0528, and CVE-2016-0529.
12622 CVE-2016-0529 2016-01-21 2017-09-10
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in the Oracle Customer Interaction History component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and integrity via vectors related to User GUI, a different vulnerability than CVE-2016-0527, CVE-2016-0528, and CVE-2016-0530.
12623 CVE-2016-0528 2016-01-21 2017-09-10
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in the Oracle Customer Interaction History component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and integrity via vectors related to User GUI, a different vulnerability than CVE-2016-0527, CVE-2016-0529, and CVE-2016-0530.
12624 CVE-2016-0527 2016-01-21 2017-09-10
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in the Oracle Customer Interaction History component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and integrity via vectors related to User GUI, a different vulnerability than CVE-2016-0528, CVE-2016-0529, and CVE-2016-0530.
12625 CVE-2016-0525 2016-01-21 2017-09-10
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in the Oracle Universal Work Queue component in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Work Provider Administration.
12626 CVE-2016-0524 2016-01-21 2017-09-10
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in the Oracle Universal Work Queue component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Work Provider Administration.
12627 CVE-2016-0518 2016-01-21 2017-09-10
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in the Oracle Human Resources component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to General utilities, a different vulnerability than CVE-2016-0517.
12628 CVE-2016-0517 2016-01-21 2017-09-10
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in the Oracle Human Resources component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to General utilities, a different vulnerability than CVE-2016-0518.
12629 CVE-2016-0516 2016-01-21 2017-09-10
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in the Oracle Quality component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to QA / Order Management Integration.
12630 CVE-2016-0515 2016-01-21 2017-09-10
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via vectors related to BIS Common Components, a different vulnerability than CVE-2016-0514.
12631 CVE-2016-0514 2016-01-21 2017-09-10
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via vectors related to BIS Common Components, a different vulnerability than CVE-2016-0515.
12632 CVE-2016-0512 2016-01-21 2017-09-10
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in the Oracle Human Resources component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Self Service - Common Modules.
12633 CVE-2016-0511 2016-01-21 2017-09-10
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in the Oracle E-Business Intelligence component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Common Components, a different vulnerability than CVE-2016-0547, CVE-2016-0548, and CVE-2016-0549.
12634 CVE-2016-0510 2016-01-21 2017-09-10
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in the Oracle E-Business Intelligence component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Business Views Catalog.
12635 CVE-2016-0505 2016-01-21 2019-12-27
6.8
None Remote Low ??? None None Complete
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Options.
12636 CVE-2016-0504 2016-01-21 2018-10-30
6.8
None Remote Low ??? None None Complete
Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2016-0503.
12637 CVE-2016-0492 Dir. Trav. Bypass 2016-01-21 2016-12-22
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Load Testing for Web Apps, a different vulnerability than CVE-2016-0488. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a directory traversal vulnerability in the isAllowedUrl function, which allows remote attackers to bypass authentication via directory traversal sequences following a URI entry that does not require authentication, as demonstrated by olt/Login.do/../../olt/UploadFileUpload.do.
12638 CVE-2016-0491 2016-01-21 2016-12-22
6.4
None Remote Low Not required None Partial Partial
Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect integrity and availability via unknown vectors related to Load Testing for Web Apps. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that the UploadFileAction servlet allows remote authenticated users to upload and execute arbitrary files via an * (asterisk) character in the fileType parameter.
12639 CVE-2016-0490 Dir. Trav. 2016-01-21 2016-12-22
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Test Manager for Web Apps, a different vulnerability than CVE-2016-0487. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a directory traversal vulnerability in the UploadServlet servlet, which allows remote attackers to upload and execute arbitrary files via directory traversal sequences in a filename header.
12640 CVE-2016-0489 Dir. Trav. 2016-01-21 2016-12-22
6.5
None Remote Low ??? Partial Partial Partial
Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Test Manager for Web Apps. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a directory traversal vulnerability in the ActionServlet servlet, which allows remote authenticated users to upload and execute arbitrary files via directory traversal sequences in the tempfilename parameter in a ReportImage action.
12641 CVE-2016-0488 Dir. Trav. Bypass 2016-01-21 2016-12-22
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Load Testing for Web Apps, a different vulnerability than CVE-2016-0492. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a directory traversal vulnerability in the isAllowedUrl function in the admin pages, which allows remote attackers to bypass authentication and gain administrator access via directory traversal sequences following a URI entry that does not require authentication.
12642 CVE-2016-0487 Dir. Trav. Bypass 2016-01-21 2016-12-22
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Test Manager for Web Apps, a different vulnerability than CVE-2016-0490. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a directory traversal vulnerability in the process method in the ActionServlet servlet, which allows remote attackers to bypass authentication via directory traversal sequences following an unspecified URI string.
12643 CVE-2016-0442 2016-01-21 2016-12-07
6.5
None Remote Low ??? Partial Partial Partial
Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 12.1.0.4 and 12.1.0.5 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Loader Service.
12644 CVE-2016-0441 2016-01-21 2016-06-08
6.8
None Remote High ??? Complete Complete Partial
Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.1.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Embedded Server.
12645 CVE-2016-0425 2016-01-21 2018-02-20
6.0
None Remote Medium ??? Partial Partial Partial
Unspecified vulnerability in the JD Edwards EnterpriseOne Tools component in Oracle JD Edwards Products 9.1 and 9.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Monitoring and Diagnostics.
12646 CVE-2016-0418 2016-01-21 2016-12-07
6.1
None Local Low Not required Partial Partial Complete
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Solaris Kernel Zones, a different vulnerability than CVE-2016-0414.
12647 CVE-2016-0415 2016-01-21 2016-12-07
6.8
None Remote Medium Not required Partial Partial Partial
Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 11.1.0.1, 12.1.0.4, and 12.1.0.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to UI Framework.
12648 CVE-2016-0396 77 Exec Code 2017-02-01 2017-02-07
6.8
None Remote Medium Not required Partial Partial Partial
IBM Tivoli Endpoint Manager could allow a user under special circumstances to inject commands that would be executed with unnecessary higher privileges than expected.
12649 CVE-2016-0386 352 CSRF 2016-07-02 2016-07-06
6.0
None Remote Medium ??? Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to hijack the authentication of administrators for requests that delete employees.
12650 CVE-2016-0374 264 +Priv 2016-07-01 2016-07-01
6.5
None Remote Low ??? Partial Partial Partial
The builder tools in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allow remote authenticated users to gain privileges for application modification via unspecified vectors.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.