CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Oracle : Security Vulnerabilities (CVSS score between 4 and 4.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2014-2471 2014-04-15 2014-04-16
4.3
None Remote Medium Not required None Partial None
Unspecified vulnerability in the Oracle iLearning component in Oracle iLearning 6.0 and 6.1 allows remote attackers to affect integrity via unknown vectors related to Learner Pages.
2 CVE-2014-2468 2014-04-15 2014-04-16
4.3
None Remote Medium Not required None Partial None
Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect integrity via vectors related to Open_UI.
3 CVE-2014-2465 2014-04-15 2014-04-16
4.3
None Remote Medium Not required None Partial None
Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.3 allows remote attackers to affect integrity via unknown vectors related to Security.
4 CVE-2014-2463 2014-04-15 2014-04-16
4.3
None Remote Medium Not required None Partial None
Unspecified vulnerability in the Oracle Secure Global Desktop (SGD) component in Oracle Virtualization 4.63, 4.71, 5.0, and 5.1 allows remote attackers to affect integrity via unknown vectors related to Workspace Web Application.
5 CVE-2014-2460 2014-04-15 2014-04-16
4.0
None Remote Low Single system Partial None None
Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 5.5.06, 6.0, 6.1, 6.2, 6.3, 6.3.1, 6.3.2, and 6.3.3 allows remote authenticated users to affect confidentiality via vectors related to CSV Management.
6 CVE-2014-2458 2014-04-15 2014-04-16
4.3
None Remote Medium Not required None Partial None
Unspecified vulnerability in the Oracle Agile Product Lifecycle component in Oracle Supply Chain Products Suite 6.1.0.3 and 6.1.1.3 allows remote attackers to affect integrity via unknown vectors related to Install.
7 CVE-2014-2457 2014-04-15 2014-04-16
4.3
None Remote Medium Not required None Partial None
Unspecified vulnerability in the Oracle Agile Product Lifecycle component in Oracle Supply Chain Products Suite 6.0 and 6.1.0 allows remote attackers to affect integrity via unknown vectors related to Install.
8 CVE-2014-2454 2014-04-15 2014-04-16
4.3
None Remote Medium Not required None Partial None
Unspecified vulnerability in the Hyperion Common Admin component in Oracle Hyperion 11.1.2.2 and 11.1.2.3 allows remote attackers to affect confidentiality via unknown vectors related to User Interface.
9 CVE-2014-2453 2014-04-15 2014-04-16
4.3
None Remote Medium Not required None Partial None
Unspecified vulnerability in the Hyperion Common Admin component in Oracle Hyperion 11.1.2.2 and 11.1.2.3 allows remote attackers to affect integrity via unknown vectors related to User Interface.
10 CVE-2014-2452 2014-04-15 2014-04-16
4.0
None Remote Low Single system None None Partial
Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.1.5 allows remote authenticated users to affect availability via unknown vectors related to Webserver Plugin.
11 CVE-2014-2450 2014-04-15 2014-04-16
4.0
None Remote Low Single system None None Partial
Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.
12 CVE-2014-2449 2014-04-15 2014-04-16
4.0
None Remote Low Single system Partial None None
Unspecified vulnerability in the PeopleSoft Enterprise HRMS Talent Acquisition Manager component in Oracle PeopleSoft Products 9.0, 9.1, and 9.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Security.
13 CVE-2014-2446 2014-04-15 2014-04-16
4.0
None Remote Low Single system Partial None None
Unspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote authenticated users to affect confidentiality via vectors related to QAS.
14 CVE-2014-2443 2014-04-15 2014-04-16
4.3
None Remote Medium Not required None Partial None
Unspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote attackers to affect integrity via vectors related to PIA Core Technology.
15 CVE-2014-2442 2014-04-15 2014-04-16
4.0
None Remote Low Single system None None Partial
Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to MyISAM.
16 CVE-2014-2441 2014-04-15 2014-04-16
4.4
None Local Medium Not required Partial Partial Partial
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.1.32, 4.2.24, and 4.3.10 allows local users to affect confidentiality, integrity, and availability via vectors related to Graphics driver (WDDM) for Windows guests.
17 CVE-2014-2435 2014-04-15 2014-04-16
4.0
None Remote Low Single system None None Partial
Unspecified vulnerability in Oracle MySQL Server 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
18 CVE-2014-2434 2014-04-15 2014-04-16
4.0
None Remote Low Single system None None Partial
Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to DML.
19 CVE-2014-2429 2014-04-15 2014-04-16
4.0
None Remote Low Single system Partial None None
Unspecified vulnerability in the PeopleSoft Enterprise CS Campus Self Service component in Oracle PeopleSoft Products 9.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Campus Mobile.
20 CVE-2014-2426 2014-04-15 2014-04-16
4.9
None Remote Medium Single system None Partial Partial
Unspecified vulnerability in the Oracle OpenSSO component in Oracle Fusion Middleware 8.0 Update 2 Patch 5 allows remote authenticated users to affect integrity and availability via unknown vectors related to Admin Console.
21 CVE-2014-2425 2014-04-15 2014-04-16
4.0
None Remote Low Single system Partial None None
Unspecified vulnerability in the Oracle OpenSSO component in Oracle Fusion Middleware 8.0 Update 2 Patch 5 allows remote authenticated users to affect confidentiality via unknown vectors.
22 CVE-2014-2424 2014-04-15 2014-04-16
4.0
None Remote Low Single system None Partial None
Unspecified vulnerability in the Oracle Event Processing component in Oracle Fusion Middleware 11.1.1.7.0 allows remote authenticated users to affect integrity via vectors related to CEP system.
23 CVE-2014-2419 2014-04-15 2014-04-16
4.0
None Remote Low Single system None None Partial
Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.
24 CVE-2014-2413 2014-04-15 2014-04-16
4.3
None Remote Medium Not required None Partial None
Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect integrity via unknown vectors related to Libraries.
25 CVE-2014-2404 2014-04-15 2014-04-16
4.0
None Remote Low Single system Partial None None
Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 10.1.4.3, 11.1.1.3.0, 11.1.1.5.0, 11.1.1.7.0, 11.1.2.0.0, 11.1.2.1.0, and 11.1.2.2.0 allows remote authenticated users to affect confidentiality via unknown vectors related to WebGate.
26 CVE-2014-2400 2014-04-15 2014-04-16
4.3
None Remote Medium Not required None Partial None
Unspecified vulnerability in the Oracle Endeca Server component in Oracle Fusion Middleware 2.2.2 allows remote attackers to affect integrity via unknown vectors related to Oracle Endeca Information Discovery (Formerly Latitude), a different vulnerability than CVE-2014-2399.
27 CVE-2014-2399 2014-04-15 2014-04-16
4.3
None Remote Medium Not required None Partial None
Unspecified vulnerability in the Oracle Endeca Server component in Oracle Fusion Middleware 2.2.2 allows remote attackers to affect integrity via unknown vectors related to Oracle Endeca Information Discovery (Formerly Latitude), a different vulnerability than CVE-2014-2400.
28 CVE-2014-1876 59 2014-02-10 2014-02-18
4.4
None Local Medium Not required Partial Partial Partial
The unpacker::redirect_stdio function in unpack.cpp in unpack200 in OpenJDK 6, 7, and 8, and Oracle Java JDK, does not securely create temporary files when a log file cannot be opened, which allows local users to overwrite arbitrary files via a symlink attack on /tmp/unpack.log.
29 CVE-2014-0981 399 Exec Code Mem. Corr. 2014-03-31 2014-03-31
4.4
None Local Medium Not required Partial Partial Partial
VBox/GuestHost/OpenGL/util/net.c in Oracle VirtualBox 4.2.x through 4.2.20 and 4.3.x before 4.3.8, when using 3D Acceleration allows local guest OS users to execute arbitrary code on the Chromium server via crafted Chromium network pointer in a (1) CR_MESSAGE_READBACK or (2) CR_MESSAGE_WRITEBACK message to the VBoxSharedCrOpenGL service, which triggers an arbitrary pointer dereference and memory corruption. NOTE: this issue was MERGED with CVE-2014-0982 because it is the same type of vulnerability affecting the same set of versions. All CVE users should reference CVE-2014-0981 instead of CVE-2014-0982.
30 CVE-2014-0464 2014-04-15 2014-04-16
4.3
None Remote Medium Not required Partial None None
Unspecified vulnerability in Oracle Java SE 8 allows remote attackers to affect confidentiality via unknown vectors related to Scripting, a different vulnerability than CVE-2014-0463.
31 CVE-2014-0463 2014-04-15 2014-04-16
4.3
None Remote Medium Not required Partial None None
Unspecified vulnerability in Oracle Java SE 8 allows remote attackers to affect confidentiality via unknown vectors related to Scripting, a different vulnerability than CVE-2014-0464.
32 CVE-2014-0459 2014-04-15 2014-04-16
4.3
None Remote Medium Not required None None Partial
Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect availability via unknown vectors related to 2D.
33 CVE-2014-0453 2014-04-15 2014-04-16
4.0
None Remote High Not required Partial Partial None
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security.
34 CVE-2014-0447 2014-04-15 2014-04-16
4.9
None Local Low Not required None None Complete
Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local users to affect availability via unknown vectors related to Kernel.
35 CVE-2014-0445 2014-01-15 2014-02-06
4.3
None Remote Medium Not required None Partial None
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote attackers to affect integrity via vectors related to PIA Core Technology, a different vulnerability than CVE-2014-0381.
36 CVE-2014-0442 2014-04-15 2014-04-16
4.6
None Local Low Not required Partial Partial Partial
Unspecified vulnerability in Oracle Solaris 9, 10, and 11.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Print Filter Utility.
37 CVE-2014-0440 2014-01-15 2014-02-06
4.0
None Remote Low Single system None None Partial
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote authenticated users to affect availability via vectors related to PIA Core Technology.
38 CVE-2014-0439 2014-01-15 2014-02-06
4.0
None Remote Low Single system None Partial None
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote authenticated users to affect integrity via unknown vectors related to Report Distribution.
39 CVE-2014-0438 2014-01-15 2014-02-06
4.0
None Remote Low Single system Partial None None
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote authenticated users to affect confidentiality via unknown vectors related to Panel Processor.
40 CVE-2014-0435 2014-01-15 2014-02-06
4.0
None Remote Low Single system None None Partial
Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1, 6.2, 6.3, 6.3.1, and 6.3.2 allows remote authenticated users to affect availability via unknown vectors related to Data, Domain & Function Security.
41 CVE-2014-0434 2014-01-15 2014-02-06
4.3
None Remote Medium Not required None Partial None
Unspecified vulnerability in the Oracle Agile Product Lifecycle Management for Process component in Oracle Supply Chain Products Suite 6.0, 6.1, and 6.1.1 allows remote attackers to affect integrity via unknown vectors related to Installation.
42 CVE-2014-0433 2014-01-15 2014-02-06
4.3
None Remote Medium Not required None None Partial
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote attackers to affect availability via unknown vectors related to Thread Pooling.
43 CVE-2014-0426 2014-04-15 2014-04-16
4.3
None Remote Medium Not required None Partial None
Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect integrity via vectors related to HTTP Request Handling, a different vulnerability than CVE-2014-0413.
44 CVE-2014-0425 2014-01-15 2014-02-06
4.0
None Remote Low Single system Partial None None
Unspecified vulnerability in the PeopleSoft Enterprise SCM Services Procurement component in Oracle PeopleSoft Products 9.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Security.
45 CVE-2014-0413 2014-04-15 2014-04-16
4.3
None Remote Medium Not required None Partial None
Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect integrity via vectors related to HTTP Request Handling, a different vulnerability than CVE-2014-0426.
46 CVE-2014-0412 2014-01-15 2014-03-05
4.0
None Remote Low Single system None None Partial
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
47 CVE-2014-0411 2014-01-15 2014-04-01
4.0
None Remote High Not required Partial Partial None
Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that this issue allows remote attackers to obtain sensitive information about encryption keys via a timing discrepancy during the TLS/SSL handshake.
48 CVE-2014-0402 2014-01-15 2014-03-05
4.0
None Remote Low Single system None None Partial
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking.
49 CVE-2014-0401 2014-01-15 2014-03-05
4.0
None Remote Low Single system None None Partial
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors.
50 CVE-2014-0399 2014-01-15 2014-02-06
4.0
None Remote Low Single system Partial None None
Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.2, 6.3, 6.3.1, and 6.3.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Data, Domain & Function Security.
Total number of vulnerabilities : 615   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.