| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2019-2850 |
284 |
|
DoS |
2019-07-23 |
2019-07-30 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
|
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 2.8 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L). |
|
2 |
CVE-2019-2745 |
284 |
|
Exec Code |
2019-07-23 |
2019-07-30 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 7u221, 8u212 and 11.0.3. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE executes to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). |
|
3 |
CVE-2019-2634 |
20 |
|
|
2019-04-23 |
2019-08-14 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
|
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 8.0.15 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). |
|
4 |
CVE-2019-2569 |
284 |
|
|
2019-07-23 |
2019-07-25 |
1.2 |
None |
Local |
High |
Not required |
Partial |
None |
None |
|
Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2 and 12.2.0.1. Difficult to exploit vulnerability allows high privileged attacker having Local Logon privilege with logon to the infrastructure where Core RDBMS executes to compromise Core RDBMS. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Core RDBMS accessible data. CVSS 3.0 Base Score 4.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N). |
|
5 |
CVE-2019-2536 |
284 |
|
|
2019-01-16 |
2019-08-14 |
1.2 |
None |
Local |
High |
Not required |
None |
None |
Partial |
|
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 8.0.13 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.0 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:N/I:N/A:H). |
|
6 |
CVE-2019-2535 |
284 |
|
|
2019-01-16 |
2019-08-14 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
|
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are 8.0.13 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). |
|
7 |
CVE-2019-2525 |
284 |
|
|
2019-01-16 |
2019-06-11 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 5.6 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N). |
|
8 |
CVE-2019-2513 |
284 |
|
|
2019-01-16 |
2019-01-19 |
1.2 |
None |
Local |
High |
Not required |
Partial |
None |
None |
|
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Shell). Supported versions that are affected are 8.0.13 and prior. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 2.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N). |
|
9 |
CVE-2018-5407 |
200 |
|
+Info |
2018-11-15 |
2019-07-23 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'. |
|
10 |
CVE-2018-3270 |
|
|
DoS |
2018-10-16 |
2019-10-02 |
1.2 |
None |
Local |
High |
Not required |
None |
None |
Partial |
|
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. CVSS 3.0 Base Score 1.8 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L). |
|
11 |
CVE-2018-3174 |
|
|
|
2018-10-16 |
2019-10-02 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
|
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H). |
|
12 |
CVE-2018-3091 |
|
|
|
2018-07-18 |
2019-10-02 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.16. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N). |
|
13 |
CVE-2018-3084 |
|
|
DoS |
2018-07-18 |
2019-10-02 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
|
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Shell: Core / Client). Supported versions that are affected are 8.0.11 and prior. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.0 Base Score 2.8 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L). |
|
14 |
CVE-2018-2922 |
|
|
|
2018-10-16 |
2019-10-02 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Solaris accessible data. CVSS 3.0 Base Score 2.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N). |
|
15 |
CVE-2018-2874 |
|
|
|
2018-04-18 |
2019-10-02 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Logging). The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows physical access to compromise Oracle Application Object Library. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Application Object Library accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N). |
|
16 |
CVE-2018-2773 |
|
|
|
2018-04-18 |
2019-10-02 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
|
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). |
|
17 |
CVE-2018-2560 |
200 |
|
+Info |
2018-01-17 |
2018-01-25 |
1.2 |
None |
Local |
High |
Not required |
Partial |
None |
None |
|
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Solaris accessible data. CVSS 3.0 Base Score 5.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N). |
|
18 |
CVE-2018-0495 |
200 |
|
+Info |
2018-06-13 |
2019-05-30 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. |
|
19 |
CVE-2017-10294 |
|
|
|
2017-10-19 |
2017-12-13 |
1.7 |
None |
Local |
Low |
Single system |
None |
None |
Partial |
|
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
|
20 |
CVE-2017-10292 |
269 |
|
|
2017-10-19 |
2019-10-02 |
1.7 |
None |
Local |
Low |
Single system |
None |
Partial |
None |
|
Vulnerability in the RDBMS Security component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2 and 12.2.0.1. Easily exploitable vulnerability allows high privileged attacker having Create User privilege with logon to the infrastructure where RDBMS Security executes to compromise RDBMS Security. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of RDBMS Security accessible data. CVSS 3.0 Base Score 2.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N). |
|
21 |
CVE-2017-10268 |
200 |
|
+Info |
2017-10-19 |
2019-05-21 |
1.5 |
None |
Local |
Medium |
Single system |
Partial |
None |
None |
|
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 4.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N). |
|
22 |
CVE-2017-10252 |
|
|
|
2017-08-08 |
2019-10-02 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Updates Change Assistant). Supported versions that are affected are 8.54 and 8.55. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where PeopleSoft Enterprise PeopleTools executes to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 4.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N). |
|
23 |
CVE-2017-10251 |
|
|
|
2017-08-08 |
2019-10-02 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Test Framework). Supported versions that are affected are 8.54 and 8.55. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where PeopleSoft Enterprise PeopleTools executes to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 4.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N). |
|
24 |
CVE-2017-10250 |
|
|
|
2017-08-08 |
2019-10-02 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Tuxedo). Supported versions that are affected are 8.54 and 8.55. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where PeopleSoft Enterprise PeopleTools executes to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 4.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N). |
|
25 |
CVE-2017-10122 |
|
|
|
2017-08-08 |
2019-10-02 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Solaris accessible data. CVSS 3.0 Base Score 1.8 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N). |
|
26 |
CVE-2017-10120 |
|
|
|
2017-08-08 |
2019-10-02 |
1.9 |
None |
Local |
Medium |
Not required |
None |
Partial |
None |
|
Vulnerability in the RDBMS Security component of Oracle Database Server. The supported version that is affected is 12.1.0.2. Difficult to exploit vulnerability allows high privileged attacker having Create Session, Select Any Dictionary privilege with logon to the infrastructure where RDBMS Security executes to compromise RDBMS Security. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of RDBMS Security accessible data. CVSS 3.0 Base Score 1.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N). |
|
27 |
CVE-2017-10095 |
|
|
|
2017-08-08 |
2019-10-02 |
1.9 |
None |
Local |
Medium |
Not required |
None |
Partial |
None |
|
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Solaris accessible data. CVSS 3.0 Base Score 3.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N). |
|
28 |
CVE-2017-10020 |
|
|
|
2017-08-08 |
2019-10-02 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Updates Change Assistant). Supported versions that are affected are 8.54 and 8.55. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where PeopleSoft Enterprise PeopleTools executes to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 4.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N). |
|
29 |
CVE-2017-3513 |
|
|
|
2017-04-24 |
2019-10-02 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 2.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N). |
|
30 |
CVE-2017-3318 |
|
|
|
2017-01-27 |
2019-10-02 |
1.0 |
None |
Local |
High |
Single system |
Partial |
None |
None |
|
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.0 (Confidentiality impacts). |
|
31 |
CVE-2017-3317 |
|
|
|
2017-01-27 |
2019-05-22 |
1.5 |
None |
Local |
Medium |
Single system |
None |
None |
Partial |
|
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.0 (Availability impacts). |
|
32 |
CVE-2017-3313 |
200 |
|
+Info |
2017-01-27 |
2019-05-22 |
1.5 |
None |
Local |
Medium |
Single system |
Partial |
None |
None |
|
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.7 (Confidentiality impacts). |
|
33 |
CVE-2017-3301 |
|
|
|
2017-01-27 |
2017-02-10 |
1.9 |
None |
Local |
Medium |
Not required |
None |
Partial |
None |
|
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Solaris accessible data. CVSS v3.0 Base Score 3.3 (Integrity impacts). |
|
34 |
CVE-2017-3242 |
20 |
|
|
2017-01-27 |
2017-01-30 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
|
Vulnerability in the Oracle VM Server for Sparc component of Oracle Sun Systems Products Suite (subcomponent: LDOM Manager). Supported versions that are affected are 3.2 and 3.4. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM Server for Sparc executes to compromise Oracle VM Server for Sparc. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM Server for Sparc, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM Server for Sparc. CVSS v3.0 Base Score 5.9 (Availability impacts). |
|
35 |
CVE-2016-8305 |
200 |
|
+Info |
2017-01-27 |
2017-02-10 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 and 12.2.0. Easily exploitable vulnerability allows physical access to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS v3.0 Base Score 2.1 (Confidentiality impacts). |
|
36 |
CVE-2016-8284 |
|
|
|
2016-10-25 |
2018-01-04 |
1.2 |
None |
Local |
High |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows local users to affect availability via vectors related to Server: Replication. |
|
37 |
CVE-2016-5551 |
284 |
|
|
2017-04-24 |
2017-07-10 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Vulnerability in the Solaris Cluster component of Oracle Sun Systems Products Suite (subcomponent: NAS device addition). The supported version that is affected is 4.3. Easily "exploitable" vulnerability allows unauthenticated attacker with logon to the infrastructure where Solaris Cluster executes to compromise Solaris Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Solaris Cluster accessible data. CVSS 3.0 Base Score 3.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N). |
|
38 |
CVE-2016-5480 |
|
|
|
2016-10-25 |
2017-07-28 |
1.9 |
None |
Local |
Medium |
Not required |
None |
Partial |
None |
|
Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect integrity via vectors related to Bash. |
|
39 |
CVE-2016-5443 |
|
|
|
2016-07-21 |
2017-08-31 |
1.2 |
None |
Local |
High |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows local users to affect availability via vectors related to Server: Connection. |
|
40 |
CVE-2016-3428 |
|
|
|
2016-04-21 |
2017-09-02 |
1.8 |
None |
Local Network |
High |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in the Oracle Agile Engineering Data Management component in Oracle Supply Chain Products Suite 6.1.3.0 and 6.2.0.0 allows remote attackers to affect availability via vectors related to Engineering Communication Interface. |
|
41 |
CVE-2016-3159 |
284 |
|
+Info |
2016-04-13 |
2016-12-02 |
1.7 |
None |
Local |
Low |
Single system |
Partial |
None |
None |
|
The fpu_fxrstor function in arch/x86/i387.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-2076. |
|
42 |
CVE-2016-3158 |
284 |
|
+Info |
2016-04-13 |
2016-12-02 |
1.7 |
None |
Local |
Low |
Single system |
Partial |
None |
None |
|
The xrstor function in arch/x86/xstate.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-2076. |
|
43 |
CVE-2016-0668 |
|
|
|
2016-04-21 |
2019-04-22 |
1.7 |
None |
Remote |
High |
Multiple systems |
None |
None |
Partial |
|
Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier and MariaDB 10.0.x before 10.0.24 and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to InnoDB. |
|
44 |
CVE-2016-0618 |
|
|
|
2016-01-20 |
2016-12-22 |
1.4 |
None |
Local |
Low |
Multiple systems |
Partial |
None |
None |
|
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality via unknown vectors related to Zones. |
|
45 |
CVE-2016-0609 |
|
|
|
2016-01-20 |
2019-04-22 |
1.7 |
None |
Remote |
High |
Multiple systems |
None |
None |
Partial |
|
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to privileges. |
|
46 |
CVE-2016-0498 |
|
|
|
2016-01-20 |
2016-12-07 |
1.5 |
None |
Local |
Medium |
Single system |
Partial |
None |
None |
|
Unspecified vulnerability in the Oracle Agile Engineering Data Management component in Oracle Supply Chain Products Suite 6.1.2.2, 6.1.3.0, and 6.2.0.0 allows local users to affect confidentiality via unknown vectors related to Install. |
|
47 |
CVE-2016-0453 |
|
|
|
2016-01-20 |
2016-06-08 |
1.8 |
None |
Local Network |
High |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.1.2 allows remote attackers to affect integrity via unknown vectors related to Embedded Server. |
|
48 |
CVE-2016-0438 |
|
|
|
2016-01-20 |
2016-06-08 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in the Oracle Retail Point-of-Service component in Oracle Retail Applications 13.4, 14.0, and 14.1 allows local users to affect confidentiality via vectors related to Mobile POS, a different vulnerability than CVE-2016-0434, CVE-2016-0436, and CVE-2016-0437. |
|
49 |
CVE-2016-0437 |
|
|
|
2016-01-20 |
2016-06-09 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in the Oracle Retail Point-of-Service component in Oracle Retail Applications 13.4, 14.0, and 14.1 allows local users to affect confidentiality via vectors related to Mobile POS, a different vulnerability than CVE-2016-0434, CVE-2016-0436, and CVE-2016-0438. |
|
50 |
CVE-2016-0436 |
|
|
|
2016-01-20 |
2016-06-09 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in the Oracle Retail Point-of-Service component in Oracle Retail Applications 13.4, 14.0, and 14.1 allows local users to affect confidentiality via vectors related to Mobile POS, a different vulnerability than CVE-2016-0434, CVE-2016-0437, and CVE-2016-0438. |
