Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2006-4031

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-09 Aug, 2006 | 22:00
Updated At-07 Aug, 2024 | 18:57
Rejected At-
Credits

MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to access a table through a previously created MERGE table, even after the user's privileges are revoked for the original table, which might violate intended security policy.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:09 Aug, 2006 | 22:00
Updated At:07 Aug, 2024 | 18:57
Rejected At:
â–¼CVE Numbering Authority (CNA)

MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to access a table through a previously created MERGE table, even after the user's privileges are revoked for the original table, which might violate intended security policy.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://secunia.com/advisories/21259
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/21627
third-party-advisory
x_refsource_SECUNIA
http://www.us-cert.gov/cas/techalerts/TA07-072A.html
third-party-advisory
x_refsource_CERT
http://www.novell.com/linux/security/advisories/2006_23_sr.html
vendor-advisory
x_refsource_SUSE
http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html
vendor-advisory
x_refsource_APPLE
http://www.vupen.com/english/advisories/2006/3079
vdb-entry
x_refsource_VUPEN
http://www.securityfocus.com/bid/19279
vdb-entry
x_refsource_BID
http://www.ubuntu.com/usn/usn-338-1
vendor-advisory
x_refsource_UBUNTU
http://secunia.com/advisories/31226
third-party-advisory
x_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10468
vdb-entry
signature
x_refsource_OVAL
http://docs.info.apple.com/article.html?artnum=305214
x_refsource_CONFIRM
http://www.redhat.com/support/errata/RHSA-2008-0768.html
vendor-advisory
x_refsource_REDHAT
http://secunia.com/advisories/21382
third-party-advisory
x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDKSA-2006:149
vendor-advisory
x_refsource_MANDRIVA
http://secunia.com/advisories/22080
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/21770
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/21685
third-party-advisory
x_refsource_SECUNIA
http://dev.mysql.com/doc/refman/5.0/en/news-5-0-24.html
x_refsource_CONFIRM
http://dev.mysql.com/doc/refman/4.1/en/news-4-1-21.html
x_refsource_CONFIRM
http://securitytracker.com/id?1016617
vdb-entry
x_refsource_SECTRACK
http://bugs.mysql.com/bug.php?id=15195
x_refsource_MISC
http://secunia.com/advisories/30351
third-party-advisory
x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2007/0930
vdb-entry
x_refsource_VUPEN
http://www.redhat.com/support/errata/RHSA-2007-0083.html
vendor-advisory
x_refsource_REDHAT
https://issues.rpath.com/browse/RPL-568
x_refsource_CONFIRM
http://www.redhat.com/support/errata/RHSA-2008-0364.html
vendor-advisory
x_refsource_REDHAT
http://secunia.com/advisories/24479
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/21259
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/21627
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA07-072A.html
Resource:
third-party-advisory
x_refsource_CERT
Hyperlink: http://www.novell.com/linux/security/advisories/2006_23_sr.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html
Resource:
vendor-advisory
x_refsource_APPLE
Hyperlink: http://www.vupen.com/english/advisories/2006/3079
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://www.securityfocus.com/bid/19279
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www.ubuntu.com/usn/usn-338-1
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://secunia.com/advisories/31226
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10468
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://docs.info.apple.com/article.html?artnum=305214
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.redhat.com/support/errata/RHSA-2008-0768.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://secunia.com/advisories/21382
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2006:149
Resource:
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: http://secunia.com/advisories/22080
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/21770
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/21685
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://dev.mysql.com/doc/refman/5.0/en/news-5-0-24.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://dev.mysql.com/doc/refman/4.1/en/news-4-1-21.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://securitytracker.com/id?1016617
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://bugs.mysql.com/bug.php?id=15195
Resource:
x_refsource_MISC
Hyperlink: http://secunia.com/advisories/30351
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.vupen.com/english/advisories/2007/0930
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://www.redhat.com/support/errata/RHSA-2007-0083.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://issues.rpath.com/browse/RPL-568
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.redhat.com/support/errata/RHSA-2008-0364.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://secunia.com/advisories/24479
Resource:
third-party-advisory
x_refsource_SECUNIA
â–¼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://secunia.com/advisories/21259
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/21627
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.us-cert.gov/cas/techalerts/TA07-072A.html
third-party-advisory
x_refsource_CERT
x_transferred
http://www.novell.com/linux/security/advisories/2006_23_sr.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html
vendor-advisory
x_refsource_APPLE
x_transferred
http://www.vupen.com/english/advisories/2006/3079
vdb-entry
x_refsource_VUPEN
x_transferred
http://www.securityfocus.com/bid/19279
vdb-entry
x_refsource_BID
x_transferred
http://www.ubuntu.com/usn/usn-338-1
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://secunia.com/advisories/31226
third-party-advisory
x_refsource_SECUNIA
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10468
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://docs.info.apple.com/article.html?artnum=305214
x_refsource_CONFIRM
x_transferred
http://www.redhat.com/support/errata/RHSA-2008-0768.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://secunia.com/advisories/21382
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.mandriva.com/security/advisories?name=MDKSA-2006:149
vendor-advisory
x_refsource_MANDRIVA
x_transferred
http://secunia.com/advisories/22080
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/21770
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/21685
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://dev.mysql.com/doc/refman/5.0/en/news-5-0-24.html
x_refsource_CONFIRM
x_transferred
http://dev.mysql.com/doc/refman/4.1/en/news-4-1-21.html
x_refsource_CONFIRM
x_transferred
http://securitytracker.com/id?1016617
vdb-entry
x_refsource_SECTRACK
x_transferred
http://bugs.mysql.com/bug.php?id=15195
x_refsource_MISC
x_transferred
http://secunia.com/advisories/30351
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.vupen.com/english/advisories/2007/0930
vdb-entry
x_refsource_VUPEN
x_transferred
http://www.redhat.com/support/errata/RHSA-2007-0083.html
vendor-advisory
x_refsource_REDHAT
x_transferred
https://issues.rpath.com/browse/RPL-568
x_refsource_CONFIRM
x_transferred
http://www.redhat.com/support/errata/RHSA-2008-0364.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://secunia.com/advisories/24479
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/21259
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/21627
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA07-072A.html
Resource:
third-party-advisory
x_refsource_CERT
x_transferred
Hyperlink: http://www.novell.com/linux/security/advisories/2006_23_sr.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html
Resource:
vendor-advisory
x_refsource_APPLE
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2006/3079
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://www.securityfocus.com/bid/19279
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.ubuntu.com/usn/usn-338-1
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://secunia.com/advisories/31226
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10468
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://docs.info.apple.com/article.html?artnum=305214
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2008-0768.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://secunia.com/advisories/21382
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2006:149
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: http://secunia.com/advisories/22080
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/21770
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/21685
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://dev.mysql.com/doc/refman/5.0/en/news-5-0-24.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://dev.mysql.com/doc/refman/4.1/en/news-4-1-21.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://securitytracker.com/id?1016617
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://bugs.mysql.com/bug.php?id=15195
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://secunia.com/advisories/30351
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2007/0930
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2007-0083.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://issues.rpath.com/browse/RPL-568
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2008-0364.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://secunia.com/advisories/24479
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:09 Aug, 2006 | 22:04
Updated At:03 Apr, 2025 | 01:03

MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to access a table through a previously created MERGE table, even after the user's privileges are revoked for the original table, which might violate intended security policy.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.02.1LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
Type: Primary
Version: 2.0
Base score: 2.1
Base severity: LOW
Vector:
AV:L/AC:L/Au:N/C:P/I:N/A:N
CPE Matches
mysql
mysql
>>mysql>>4.1.0
cpe:2.3:a:mysql:mysql:4.1.0:*:*:*:*:*:*:*
mysql
mysql
>>mysql>>4.1.2
cpe:2.3:a:mysql:mysql:4.1.2:*:*:*:*:*:*:*
mysql
mysql
>>mysql>>4.1.3
cpe:2.3:a:mysql:mysql:4.1.3:*:*:*:*:*:*:*
mysql
mysql
>>mysql>>4.1.8
cpe:2.3:a:mysql:mysql:4.1.8:*:*:*:*:*:*:*
mysql
mysql
>>mysql>>4.1.10
cpe:2.3:a:mysql:mysql:4.1.10:*:*:*:*:*:*:*
mysql
mysql
>>mysql>>4.1.12
cpe:2.3:a:mysql:mysql:4.1.12:*:*:*:*:*:*:*
mysql
mysql
>>mysql>>4.1.13
cpe:2.3:a:mysql:mysql:4.1.13:*:*:*:*:*:*:*
mysql
mysql
>>mysql>>4.1.14
cpe:2.3:a:mysql:mysql:4.1.14:*:*:*:*:*:*:*
mysql
mysql
>>mysql>>4.1.15
cpe:2.3:a:mysql:mysql:4.1.15:*:*:*:*:*:*:*
mysql
mysql
>>mysql>>5.0.1
cpe:2.3:a:mysql:mysql:5.0.1:*:*:*:*:*:*:*
mysql
mysql
>>mysql>>5.0.2
cpe:2.3:a:mysql:mysql:5.0.2:*:*:*:*:*:*:*
mysql
mysql
>>mysql>>5.0.3
cpe:2.3:a:mysql:mysql:5.0.3:*:*:*:*:*:*:*
mysql
mysql
>>mysql>>5.0.4
cpe:2.3:a:mysql:mysql:5.0.4:*:*:*:*:*:*:*
mysql
mysql
>>mysql>>5.0.5
cpe:2.3:a:mysql:mysql:5.0.5:*:*:*:*:*:*:*
mysql
mysql
>>mysql>>5.0.5.0.21
cpe:2.3:a:mysql:mysql:5.0.5.0.21:*:*:*:*:*:*:*
mysql
mysql
>>mysql>>5.0.10
cpe:2.3:a:mysql:mysql:5.0.10:*:*:*:*:*:*:*
mysql
mysql
>>mysql>>5.0.15
cpe:2.3:a:mysql:mysql:5.0.15:*:*:*:*:*:*:*
mysql
mysql
>>mysql>>5.0.16
cpe:2.3:a:mysql:mysql:5.0.16:*:*:*:*:*:*:*
mysql
mysql
>>mysql>>5.0.17
cpe:2.3:a:mysql:mysql:5.0.17:*:*:*:*:*:*:*
mysql
mysql
>>mysql>>5.0.20
cpe:2.3:a:mysql:mysql:5.0.20:*:*:*:*:*:*:*
mysql
mysql
>>mysql>>5.0.22.1.0.1
cpe:2.3:a:mysql:mysql:5.0.22.1.0.1:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>mysql>>3.22.27
cpe:2.3:a:oracle:mysql:3.22.27:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>mysql>>3.22.28
cpe:2.3:a:oracle:mysql:3.22.28:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>mysql>>3.22.29
cpe:2.3:a:oracle:mysql:3.22.29:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>mysql>>3.22.30
cpe:2.3:a:oracle:mysql:3.22.30:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>mysql>>3.22.32
cpe:2.3:a:oracle:mysql:3.22.32:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>mysql>>3.23
cpe:2.3:a:oracle:mysql:3.23:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>mysql>>3.23.0
cpe:2.3:a:oracle:mysql:3.23.0:alpha:*:*:*:*:*:*
Oracle Corporation
oracle
>>mysql>>3.23.1
cpe:2.3:a:oracle:mysql:3.23.1:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>mysql>>3.23.2
cpe:2.3:a:oracle:mysql:3.23.2:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>mysql>>3.23.3
cpe:2.3:a:oracle:mysql:3.23.3:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>mysql>>3.23.4
cpe:2.3:a:oracle:mysql:3.23.4:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>mysql>>3.23.5
cpe:2.3:a:oracle:mysql:3.23.5:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>mysql>>3.23.6
cpe:2.3:a:oracle:mysql:3.23.6:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>mysql>>3.23.7
cpe:2.3:a:oracle:mysql:3.23.7:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>mysql>>3.23.8
cpe:2.3:a:oracle:mysql:3.23.8:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>mysql>>3.23.9
cpe:2.3:a:oracle:mysql:3.23.9:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>mysql>>3.23.10
cpe:2.3:a:oracle:mysql:3.23.10:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>mysql>>3.23.11
cpe:2.3:a:oracle:mysql:3.23.11:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>mysql>>3.23.12
cpe:2.3:a:oracle:mysql:3.23.12:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>mysql>>3.23.13
cpe:2.3:a:oracle:mysql:3.23.13:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>mysql>>3.23.14
cpe:2.3:a:oracle:mysql:3.23.14:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>mysql>>3.23.15
cpe:2.3:a:oracle:mysql:3.23.15:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>mysql>>3.23.16
cpe:2.3:a:oracle:mysql:3.23.16:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>mysql>>3.23.17
cpe:2.3:a:oracle:mysql:3.23.17:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>mysql>>3.23.18
cpe:2.3:a:oracle:mysql:3.23.18:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>mysql>>3.23.19
cpe:2.3:a:oracle:mysql:3.23.19:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>mysql>>3.23.20
cpe:2.3:a:oracle:mysql:3.23.20:beta:*:*:*:*:*:*
Oracle Corporation
oracle
>>mysql>>3.23.21
cpe:2.3:a:oracle:mysql:3.23.21:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>mysql>>3.23.22
cpe:2.3:a:oracle:mysql:3.23.22:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-OtherPrimarynvd@nist.gov
CWE ID: NVD-CWE-Other
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

This vulnerability is addressed in the following product releases: MySQL, MySQL, 4.1.21 MySQL, MySQL, 5.0.24

Vendor Statements
Organization : Red Hat
Last Modified : 2008-07-25T00:00:00

This issue was corrected in all affected mysql packages versions as shipped in Red Hat Enterprise Linux or Red Hat Application Stack via: https://rhn.redhat.com/errata/CVE-2006-4031.html This issue did not affect mysql packages as shipped with Red Hat Enterprise Linux 2.1 or 3

References
HyperlinkSourceResource
http://bugs.mysql.com/bug.php?id=15195cve@mitre.org
Exploit
Patch
http://dev.mysql.com/doc/refman/4.1/en/news-4-1-21.htmlcve@mitre.org
Patch
http://dev.mysql.com/doc/refman/5.0/en/news-5-0-24.htmlcve@mitre.org
Patch
http://docs.info.apple.com/article.html?artnum=305214cve@mitre.org
N/A
http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.htmlcve@mitre.org
N/A
http://secunia.com/advisories/21259cve@mitre.org
Patch
Vendor Advisory
http://secunia.com/advisories/21382cve@mitre.org
N/A
http://secunia.com/advisories/21627cve@mitre.org
N/A
http://secunia.com/advisories/21685cve@mitre.org
N/A
http://secunia.com/advisories/21770cve@mitre.org
N/A
http://secunia.com/advisories/22080cve@mitre.org
N/A
http://secunia.com/advisories/24479cve@mitre.org
N/A
http://secunia.com/advisories/30351cve@mitre.org
N/A
http://secunia.com/advisories/31226cve@mitre.org
N/A
http://securitytracker.com/id?1016617cve@mitre.org
Patch
http://www.mandriva.com/security/advisories?name=MDKSA-2006:149cve@mitre.org
N/A
http://www.novell.com/linux/security/advisories/2006_23_sr.htmlcve@mitre.org
N/A
http://www.redhat.com/support/errata/RHSA-2007-0083.htmlcve@mitre.org
N/A
http://www.redhat.com/support/errata/RHSA-2008-0364.htmlcve@mitre.org
N/A
http://www.redhat.com/support/errata/RHSA-2008-0768.htmlcve@mitre.org
N/A
http://www.securityfocus.com/bid/19279cve@mitre.org
Patch
http://www.ubuntu.com/usn/usn-338-1cve@mitre.org
N/A
http://www.us-cert.gov/cas/techalerts/TA07-072A.htmlcve@mitre.org
US Government Resource
http://www.vupen.com/english/advisories/2006/3079cve@mitre.org
N/A
http://www.vupen.com/english/advisories/2007/0930cve@mitre.org
N/A
https://issues.rpath.com/browse/RPL-568cve@mitre.org
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10468cve@mitre.org
N/A
http://bugs.mysql.com/bug.php?id=15195af854a3a-2127-422b-91ae-364da2661108
Exploit
Patch
http://dev.mysql.com/doc/refman/4.1/en/news-4-1-21.htmlaf854a3a-2127-422b-91ae-364da2661108
Patch
http://dev.mysql.com/doc/refman/5.0/en/news-5-0-24.htmlaf854a3a-2127-422b-91ae-364da2661108
Patch
http://docs.info.apple.com/article.html?artnum=305214af854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/21259af854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
http://secunia.com/advisories/21382af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/21627af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/21685af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/21770af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/22080af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/24479af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/30351af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/31226af854a3a-2127-422b-91ae-364da2661108
N/A
http://securitytracker.com/id?1016617af854a3a-2127-422b-91ae-364da2661108
Patch
http://www.mandriva.com/security/advisories?name=MDKSA-2006:149af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.novell.com/linux/security/advisories/2006_23_sr.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.redhat.com/support/errata/RHSA-2007-0083.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.redhat.com/support/errata/RHSA-2008-0364.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.redhat.com/support/errata/RHSA-2008-0768.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/19279af854a3a-2127-422b-91ae-364da2661108
Patch
http://www.ubuntu.com/usn/usn-338-1af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.us-cert.gov/cas/techalerts/TA07-072A.htmlaf854a3a-2127-422b-91ae-364da2661108
US Government Resource
http://www.vupen.com/english/advisories/2006/3079af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vupen.com/english/advisories/2007/0930af854a3a-2127-422b-91ae-364da2661108
N/A
https://issues.rpath.com/browse/RPL-568af854a3a-2127-422b-91ae-364da2661108
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10468af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://bugs.mysql.com/bug.php?id=15195
Source: cve@mitre.org
Resource:
Exploit
Patch
Hyperlink: http://dev.mysql.com/doc/refman/4.1/en/news-4-1-21.html
Source: cve@mitre.org
Resource:
Patch
Hyperlink: http://dev.mysql.com/doc/refman/5.0/en/news-5-0-24.html
Source: cve@mitre.org
Resource:
Patch
Hyperlink: http://docs.info.apple.com/article.html?artnum=305214
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/21259
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory
Hyperlink: http://secunia.com/advisories/21382
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/21627
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/21685
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/21770
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/22080
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/24479
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/30351
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/31226
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://securitytracker.com/id?1016617
Source: cve@mitre.org
Resource:
Patch
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2006:149
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.novell.com/linux/security/advisories/2006_23_sr.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2007-0083.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2008-0364.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2008-0768.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/19279
Source: cve@mitre.org
Resource:
Patch
Hyperlink: http://www.ubuntu.com/usn/usn-338-1
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA07-072A.html
Source: cve@mitre.org
Resource:
US Government Resource
Hyperlink: http://www.vupen.com/english/advisories/2006/3079
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2007/0930
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://issues.rpath.com/browse/RPL-568
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10468
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://bugs.mysql.com/bug.php?id=15195
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Patch
Hyperlink: http://dev.mysql.com/doc/refman/4.1/en/news-4-1-21.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: http://dev.mysql.com/doc/refman/5.0/en/news-5-0-24.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: http://docs.info.apple.com/article.html?artnum=305214
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/21259
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: http://secunia.com/advisories/21382
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/21627
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/21685
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/21770
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/22080
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/24479
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/30351
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/31226
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://securitytracker.com/id?1016617
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2006:149
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.novell.com/linux/security/advisories/2006_23_sr.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2007-0083.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2008-0364.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2008-0768.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/19279
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: http://www.ubuntu.com/usn/usn-338-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA07-072A.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
US Government Resource
Hyperlink: http://www.vupen.com/english/advisories/2006/3079
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2007/0930
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://issues.rpath.com/browse/RPL-568
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10468
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

151Records found
CVE-2018-2951
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6.2||MEDIUM
EPSS-0.26% / 48.54%
||
7 Day CHG~0.00%
Published-18 Jul, 2018 | 13:00
Updated-02 Oct, 2024 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Configuration Manager). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where PeopleSoft Enterprise PeopleTools executes to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-peoplesoft_enterprise_peopletoolsPeopleSoft Enterprise PT PeopleTools
CVE-2018-3000
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.1||HIGH
EPSS-0.25% / 47.56%
||
7 Day CHG~0.00%
Published-18 Jul, 2018 | 13:00
Updated-02 Oct, 2024 | 20:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Hospitality Cruise Shipboard Property Management System component of Oracle Hospitality Applications (subcomponent: SPMS Suite). The supported version that is affected is 8.x. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Hospitality Cruise Shipboard Property Management System executes to compromise Oracle Hospitality Cruise Shipboard Property Management System. While the vulnerability is in Oracle Hospitality Cruise Shipboard Property Management System, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Cruise Shipboard Property Management System accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-hospitality_cruise_shipboard_property_management_systemHospitality Cruise Shipboard Property Management System
CVE-2018-2580
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.4||MEDIUM
EPSS-0.23% / 45.51%
||
7 Day CHG~0.00%
Published-18 Jan, 2018 | 02:00
Updated-03 Oct, 2024 | 20:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Applications DBA component of Oracle E-Business Suite (subcomponent: ADPatch). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Applications DBA executes to compromise Oracle Applications DBA. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Applications DBA accessible data. CVSS 3.0 Base Score 4.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-applications_dbaApplications DBA
CVE-2018-3001
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6.2||MEDIUM
EPSS-0.26% / 48.54%
||
7 Day CHG~0.00%
Published-18 Jul, 2018 | 13:00
Updated-02 Oct, 2024 | 20:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Hospitality Cruise Shipboard Property Management System component of Oracle Hospitality Applications (subcomponent: SPMS Suite). The supported version that is affected is 8.x. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Hospitality Cruise Shipboard Property Management System executes to compromise Oracle Hospitality Cruise Shipboard Property Management System. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Cruise Shipboard Property Management System accessible data. CVSS 3.0 Base Score 6.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-hospitality_cruise_shipboard_property_management_systemHospitality Cruise Shipboard Property Management System
CVE-2018-3639
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-5.5||MEDIUM
EPSS-39.09% / 97.17%
||
7 Day CHG~0.00%
Published-22 May, 2018 | 12:00
Updated-16 Sep, 2024 | 22:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.

Action-Not Available
Vendor-Debian GNU/LinuxMitel Networks Corp.Siemens AGIntel CorporationSonicWall Inc.Microsoft CorporationRed Hat, Inc.NVIDIA CorporationOracle CorporationCanonical Ltd.Arm Limited
Product-surface_proenterprise_linux_server_ausopenstackxeon_e3_1225_v3xeon_e5_2450lxeon_e5_1620_v3xeon_e5_1428lxeon_e5_1620_v4xeon_e3_1240l_v5windows_10xeon_e3_1270xeon_e3_1230l_v3xeon_e3_1225_v5xeon_e5_2643_v2simatic_ipc677c_firmwaresinumerik_tcu_30.3xeon_e3_1220l_v3itc1900_pro_firmwarexeon_e5_2450_v2simatic_ipc647cweb_application_firewallxeon_e5_2408l_v3xeon_e3_1240_v2xeon_e5_2609_v4simatic_ipc627catom_zxeon_e3_1265l_v2xeon_e3_1278l_v4xeon_e3_1240simatic_ipc547g_firmwarexeon_e3_1246_v3xeon_e5_2637itc1900_proxeon_e5_2448litc1500_pro_firmwaresimatic_ipc347esinema_remote_connect_firmwareitc1900jetson_tx1xeon_e3enterprise_linux_serverxeon_e5_2608l_v3xeon_e3_1501l_v6solarisxeon_e5_1650_v3xeon_e5_2430lsimatic_ipc677cxeon_e7xeon_e3_1240_v5xeon_e5_2428l_v3xeon_e5_2430l_v2xeon_e3_1280_v5simatic_ipc847dxeon_e5_2648l_v3simatic_ipc827cceleron_nxeon_e5_2428lxeon_e5_1660_v4itc1900_firmwarexeon_e5_2428l_v2simatic_ipc477exeon_e5_2407_v2simatic_field_pg_m4_firmwaresimatic_ipc427d_firmwarexeon_e5_2650_v2xeon_e3_1245_v3xeon_e3_1245xeon_e3_1225xeon_e5_2630l_v3xeon_e3_1275_v2xeon_e5_2620_v3cortex-axeon_e3_1241_v3simatic_ipc427e_firmwareitc2200_pro_firmwaresimatic_ipc647d_firmwarexeon_platinummivoice_connectxeon_e5_1680_v4xeon_e5_2628l_v3xeon_e5_2430xeon_e5_2643_v3xeon_e5_1428l_v2xeon_e3_1240l_v3sinumerik_tcu_30.3_firmwarexeon_e3_1285l_v4secure_mobile_accessitc2200xeon_e3_1230_v6local_service_management_systemxeon_e5_2643_v4xeon_e5_2620xeon_e3_1285_v6xeon_e5_2418lxeon_e3_1275_v5xeon_e3_1286_v3xeon_e3_1268l_v5xeon_e3_1290xeon_e5_2448l_v2xeon_e5_1650_v4xeon_e5_2630l_v4simatic_ipc677dsinumerik_840_d_sl_firmwarexeon_e5_2403_v2virtualization_managerxeon_e3_1268l_v3simatic_ipc477d_firmwarexeon_e3_1285_v3xeon_e5_2450xeon_e5_2623_v3xeon_e5_2650l_v3simatic_field_pg_m5xeon_e3_1501m_v6mivoice_businessxeon_e3_1265l_v4simatic_ipc477e_firmwaresimatic_ipc847c_firmwaresimatic_et_200_sp_firmwaresimatic_ipc477e_proatom_csimatic_ipc827datom_esimatic_et_200_spxeon_e5_1660xeon_e5_2618l_v3surface_pro_with_lte_advancedxeon_e5_2618l_v2xeon_e3_1280_v3simatic_ipc627dxeon_e3_12201_v2xeon_e3_1270_v2xeon_e5xeon_e3_1280simatic_s7-1500xeon_e5_2628l_v4xeon_e5_2640_v3xeon_e3_1270_v3simatic_ipc3000_smart_firmwarexeon_e5_2608l_v4xeon_e5_2650enterprise_linux_eusxeon_e3_1265l_v3xeon_e5_1650_v2cloud_global_management_systemxeon_e5_2609xeon_e3_1260l_v5xeon_e5_2650lvirtualizationxeon_e5_2418l_v2xeon_e3_1225_v6xeon_e5_2640sinumerik_840_d_slruggedcom_ape_firmwareatom_x5-e3930simatic_ipc547gsimatic_ipc847cxeon_e3_1285_v4atom_x7-e3950xeon_e5_2630l_v2simatic_ipc477e_pro_firmwaremicollabxeon_e5_2403xeon_e3_1260lxeon_e5_2438l_v3xeon_e3_12201pentiumsimatic_s7-1500_firmwarexeon_e3_1220_v6xeon_e3_1230_v2xeon_e5_1680_v3xeon_e5_1630_v3simatic_ipc647c_firmwareenterprise_linux_workstationxeon_e3_1235xeon_e3_1281_v3xeon_e5_1428l_v3simatic_ipc477c_firmwaresimotion_p320-4e_firmwarexeon_e5_2648lsimatic_ipc347e_firmwarexeon_e3_1276_v3xeon_silverxeon_e5_1620_v2xeon_e5_2630_v2itc2200_firmwaremivoic_mx-onecore_i7xeon_e-1105cxeon_e5_2630lxeon_e5_2643simatic_ipc827c_firmwaresimotion_p320-4exeon_e3_1275l_v3debian_linuxitc1500xeon_e3_1105c_v2xeon_e5_2637_v2itc1500_proxeon_e3_1245_v5xeon_e5_2430_v2xeon_e5_2640_v4xeon_e5_2648l_v2windows_server_2008itc2200_prosimatic_ipc677d_firmwarexeon_e3_1230_v3xeon_e3_1226_v3xeon_e5_2637_v3ruggedcom_apesimatic_ipc547e_firmwarexeon_e3_1245_v6xeon_e5_2420_v2core_i3xeon_e3_1505m_v5mivoice_border_gatewayxeon_e5_2620_v4simatic_ipc827d_firmwarecore_i5xeon_e3_1235l_v5surface_studioxeon_e5_1660_v3celeron_jxeon_e3_1505l_v5xeon_e3_1230simatic_ipc427c_firmwarexeon_e5_2630_v4pentium_jxeon_e3_1275_v6xeon_e3_1285l_v3xeon_e5_1620atom_x5-e3940simatic_ipc427exeon_e5_2640_v2simatic_ipc477dsimatic_ipc427dxeon_e5_2609_v2simatic_itp1000_firmwarexeon_e5_1630_v4xeon_e5_2407xeon_e3_1220_v3windows_7xeon_e3_1280_v6pentium_silversimatic_ipc3000_smartenterprise_linux_server_tussimatic_ipc547exeon_e5_2618l_v4xeon_e3_1275_v3xeon_e3_1505l_v6ubuntu_linuxwindows_8.1xeon_e3_1240_v6global_management_systemxeon_e5_2620_v2xeon_e3_1270_v5itc1500_firmwaresinema_remote_connectsurfacexeon_e5_2450l_v2simatic_ipc627c_firmwaremivoice_5000xeon_e5_2609_v3xeon_e3_1220_v5xeon_e5_2603xeon_e5_2630_v3simatic_itp1000core_mxeon_e5_2650l_v2enterprise_linux_desktopxeon_e3_1231_v3simatic_ipc427cxeon_e3_1280_v2xeon_e5_1650xeon_e5_2470enterprise_linuxxeon_goldsimatic_ipc647dxeon_e5_2603_v3xeon_e3_1286l_v3simatic_field_pg_m5_firmwaresimatic_ipc847d_firmwarexeon_e5_2603_v2open_integration_gatewayxeon_e3_1290_v2xeon_e5_2603_v4xeon_e3_1220_v2xeon_e3_1270_v6simatic_ipc477cwindows_server_2012sinumerik_pcu_50.5windows_server_2016xeon_e3_1225_v2jetson_tx2xeon_e3_1271_v3surface_bookxeon_e5_2623_v4xeon_e3_1230_v5xeon_e5_2440simatic_ipc627d_firmwarexeon_e5_2440_v2mrg_realtimexeon_e3_1258l_v4xeon_e5_2650_v4sonicosvxeon_e5_2418l_v3sinumerik_pcu_50.5_firmwarexeon_e5_2628l_v2micloud_management_portalxeon_e5_2470_v2simatic_field_pg_m4xeon_e3_1245_v2xeon_e5_2637_v4struxureware_data_center_expertxeon_e5_2650_v3xeon_e3_1240_v3xeon_e5_2648l_v4xeon_e5_1660_v2email_securityxeon_e5_2630xeon_e5_2420xeon_e3_1125c_v2Multiple
CWE ID-CWE-203
Observable Discrepancy
CVE-2018-3181
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.5||MEDIUM
EPSS-0.15% / 35.63%
||
7 Day CHG~0.00%
Published-17 Oct, 2018 | 01:00
Updated-02 Oct, 2024 | 19:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Hospitality Cruise Shipboard Property Management System component of Oracle Hospitality Applications (subcomponent: OHC ENOAD). The supported version that is affected is 8.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Hospitality Cruise Shipboard Property Management System executes to compromise Oracle Hospitality Cruise Shipboard Property Management System. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Cruise Shipboard Property Management System accessible data. CVSS 3.0 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-hospitality_cruise_shipboard_property_management_systemHospitality Cruise Shipboard Property Management System
CVE-2018-2577
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.5||MEDIUM
EPSS-0.22% / 44.04%
||
7 Day CHG~0.00%
Published-18 Jan, 2018 | 02:00
Updated-03 Oct, 2024 | 20:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Solaris accessible data. CVSS 3.0 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-solarisSolaris Operating System
CVE-2018-20781
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-4.25% / 88.55%
||
7 Day CHG~0.00%
Published-12 Feb, 2019 | 17:00
Updated-05 Aug, 2024 | 12:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the user's password is kept in a session-child process spawned from the LightDM daemon. This can expose the credential in cleartext.

Action-Not Available
Vendor-n/aCanonical Ltd.The GNOME ProjectOracle Corporation
Product-gnome_keyringubuntu_linuxzfs_storage_appliance_kitn/a
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2021-32553
Matching Score-8
Assigner-Canonical Ltd.
ShareView Details
Matching Score-8
Assigner-Canonical Ltd.
CVSS Score-7.3||HIGH
EPSS-0.05% / 14.86%
||
7 Day CHG~0.00%
Published-12 Jun, 2021 | 03:40
Updated-16 Sep, 2024 | 22:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
apport read_file() function could follow maliciously constructed symbolic links

It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-17 package apport hooks, it could expose private data to other local users.

Action-Not Available
Vendor-Oracle CorporationCanonical Ltd.
Product-ubuntu_linuxopenjdkapport
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CWE ID-CWE-61
UNIX Symbolic Link (Symlink) Following
CVE-2016-3469
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-3.3||LOW
EPSS-0.07% / 20.75%
||
7 Day CHG~0.00%
Published-21 Jul, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Siebel Core - Server Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows local users to affect confidentiality via vectors related to Services.

Action-Not Available
Vendor-n/aOracle Corporation
Product-siebel_core-server_frameworkn/a
CVE-2016-0446
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-2.1||LOW
EPSS-0.16% / 36.72%
||
7 Day CHG~0.00%
Published-21 Jan, 2016 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 11.1.0.1, 11.2.0.4, 12.1.0.4, and 12.1.0.5 allows local users to affect confidentiality via unknown vectors related to Agent Next Gen.

Action-Not Available
Vendor-n/aOracle Corporation
Product-enterprise_manager_grid_controln/a
CVE-2019-3031
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6||MEDIUM
EPSS-0.13% / 32.25%
||
7 Day CHG~0.00%
Published-16 Oct, 2019 | 17:41
Updated-01 Oct, 2024 | 17:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.34 and prior to 6.0.14. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-vm_virtualboxVM VirtualBox
CVE-2019-2574
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6.5||MEDIUM
EPSS-0.15% / 35.47%
||
7 Day CHG~0.00%
Published-23 Apr, 2019 | 18:16
Updated-02 Oct, 2024 | 15:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.28 and prior to 6.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-vm_virtualboxVM VirtualBox
CVE-2017-10220
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4||MEDIUM
EPSS-0.15% / 35.81%
||
7 Day CHG~0.00%
Published-08 Aug, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Hospitality Property Interfaces component of Oracle Hospitality Applications (subcomponent: Parser). The supported version that is affected is 8.10.x. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Hospitality Property Interfaces executes to compromise Hospitality Property Interfaces. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Hospitality Property Interfaces accessible data. CVSS 3.0 Base Score 4.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-hospitality_suite8_property_interfacesHospitality Suite8 Property Interfaces
CVE-2017-10188
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.5||MEDIUM
EPSS-0.12% / 31.39%
||
7 Day CHG~0.00%
Published-08 Aug, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Hospitality Hotel Mobile component of Oracle Hospitality Applications (subcomponent: Suite 8/Android). The supported version that is affected is 1.01. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Hospitality Hotel Mobile executes to compromise Hospitality Hotel Mobile. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Hospitality Hotel Mobile accessible data. CVSS 3.0 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-hospitality_hotel_mobileHospitality Hotel Mobile
CVE-2019-2506
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-3.8||LOW
EPSS-0.11% / 30.22%
||
7 Day CHG~0.00%
Published-16 Jan, 2019 | 19:00
Updated-02 Oct, 2024 | 16:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 3.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-vm_virtualboxVM VirtualBox
CVE-2015-4753
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-2.1||LOW
EPSS-0.42% / 61.41%
||
7 Day CHG~0.00%
Published-16 Jul, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the RDBMS Support Tools component in Oracle Database Server 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows local users to affect confidentiality via unknown vectors.

Action-Not Available
Vendor-n/aOracle Corporation
Product-database_servern/a
CVE-2017-10169
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.5||MEDIUM
EPSS-0.12% / 31.39%
||
7 Day CHG~0.00%
Published-08 Aug, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Hospitality 9700 component of Oracle Hospitality Applications (subcomponent: Operation Security). The supported version that is affected is 4.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Hospitality 9700 executes to compromise Oracle Hospitality 9700. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality 9700 accessible data. CVSS 3.0 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-hospitality_9700Hospitality 9700
CVE-2016-8981
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 16.76%
||
7 Day CHG~0.00%
Published-01 Feb, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM BigFix Inventory v9 allows web pages to be stored locally which can be read by another user on the system.

Action-Not Available
Vendor-Linux Kernel Organization, IncOracle CorporationHP Inc.IBM CorporationMicrosoft Corporation
Product-bigfix_inventorylicense_metric_toolaixsolarishp-uxlinux_kernelwindowsBigFix Inventory
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-8963
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 14.03%
||
7 Day CHG~0.00%
Published-01 Feb, 2017 | 22:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM BigFix Inventory v9 stores potentially sensitive information in log files that could be read by a local user.

Action-Not Available
Vendor-Linux Kernel Organization, IncOracle CorporationHP Inc.IBM CorporationMicrosoft Corporation
Product-bigfix_inventorylicense_metric_toolaixsolarishp-uxlinux_kernelwindowsBigFix Inventory
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-5498
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-3.3||LOW
EPSS-0.05% / 13.81%
||
7 Day CHG~0.00%
Published-25 Oct, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the RDBMS Security component in Oracle Database Server 11.2.0.4 and 12.1.0.2 allows local users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2016-5499.

Action-Not Available
Vendor-n/aOracle Corporation
Product-database_servern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-10231
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.5||MEDIUM
EPSS-0.12% / 31.39%
||
7 Day CHG~0.00%
Published-08 Aug, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Hospitality Cruise AffairWhere component of Oracle Hospitality Applications (subcomponent: AWExport). The supported version that is affected is 2.2.05.062. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Hospitality Cruise AffairWhere executes to compromise Oracle Hospitality Cruise AffairWhere. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Cruise AffairWhere accessible data. CVSS 3.0 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-hospitality_cruise_affairwhereHospitality Cruise AffairWhere
CVE-2016-5517
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 19.04%
||
7 Day CHG~0.00%
Published-25 Oct, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Applications DBA component in Oracle E-Business Suite 12.1.3 allows local users to affect confidentiality via vectors related to AD Utilities.

Action-Not Available
Vendor-n/aOracle Corporation
Product-applications_dban/a
CWE ID-CWE-284
Improper Access Control
CVE-2016-5499
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-3.3||LOW
EPSS-0.05% / 15.76%
||
7 Day CHG~0.00%
Published-25 Oct, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the RDBMS Security component in Oracle Database Server 11.2.0.4 and 12.1.0.2 allows local users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2016-5498.

Action-Not Available
Vendor-n/aOracle Corporation
Product-database_servern/a
CVE-2017-10201
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.5||MEDIUM
EPSS-0.12% / 31.39%
||
7 Day CHG~0.00%
Published-08 Aug, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Hospitality e7 component of Oracle Hospitality Applications (subcomponent: Other). The supported version that is affected is 4.2.1. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Hospitality e7 executes to compromise Oracle Hospitality e7. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality e7 accessible data. CVSS 3.0 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).

Action-Not Available
Vendor-n/aOracle Corporation
Product-hospitality_e7n/a
CVE-2017-10213
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4||MEDIUM
EPSS-0.18% / 40.12%
||
7 Day CHG~0.00%
Published-08 Aug, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Hospitality Suite8 component of Oracle Hospitality Applications (subcomponent: WebConnect). The supported version that is affected is 8.10.x. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Hospitality Suite8 executes to compromise Hospitality Suite8. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Hospitality Suite8 accessible data. CVSS 3.0 Base Score 4.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-hospitality_suite8Hospitality Suite8
CVE-2017-10219
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.5||MEDIUM
EPSS-0.12% / 31.39%
||
7 Day CHG~0.00%
Published-08 Aug, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Hospitality Guest Access component of Oracle Hospitality Applications (subcomponent: Base). Supported versions that are affected are 4.2.0.0 and 4.2.1.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Hospitality Guest Access executes to compromise Oracle Hospitality Guest Access. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Guest Access accessible data. CVSS 3.0 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-hospitality_guest_accessHospitality Guest Access
CVE-2014-9584
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.13% / 32.68%
||
7 Day CHG~0.00%
Published-09 Jan, 2015 | 21:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sensitive information from kernel memory via a crafted iso9660 image.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncopenSUSESUSERed Hat, Inc.Debian GNU/LinuxOracle CorporationCanonical Ltd.
Product-enterprise_linux_serverlinux_kernelenterprise_linux_ausenterprise_linux_eusevergreenenterprise_linux_server_euslinux_enterprise_real_time_extensionlinux_enterprise_desktopdebian_linuxlinuxlinux_enterprise_software_development_kitenterprise_linux_server_ausopensuseenterprise_linux_desktopubuntu_linuxenterprise_linux_server_tusenterprise_linux_workstationlinux_enterprise_workstation_extensionlinux_enterprise_servern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-0884
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-2.1||LOW
EPSS-0.25% / 48.32%
||
7 Day CHG~0.00%
Published-13 Apr, 2010 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Sun Cluster component in Oracle Sun Product Suite 3.1 and 3.2 allows local users to affect confidentiality via unknown vectors related to Data Service for Oracle E-Business Suite, a different vulnerability than CVE-2010-0883.

Action-Not Available
Vendor-n/aOracle Corporation
Product-sun_products_suiten/a
CVE-2018-3002
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.1||HIGH
EPSS-0.19% / 40.54%
||
7 Day CHG~0.00%
Published-18 Jul, 2018 | 13:00
Updated-02 Oct, 2024 | 20:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Hospitality Cruise Fleet Management System component of Oracle Hospitality Applications (subcomponent: Fleet Management System Suite). The supported version that is affected is 9.x. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Hospitality Cruise Fleet Management System executes to compromise Oracle Hospitality Cruise Fleet Management System. While the vulnerability is in Oracle Hospitality Cruise Fleet Management System, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Cruise Fleet Management System accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-hospitality_cruise_fleet_managementHospitality Cruise Fleet Management
CVE-2018-2793
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6.2||MEDIUM
EPSS-0.26% / 48.54%
||
7 Day CHG~0.00%
Published-19 Apr, 2018 | 02:00
Updated-03 Oct, 2024 | 20:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of Oracle PeopleSoft Products (subcomponent: PsAdmin). Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where PeopleSoft Enterprise PT PeopleTools executes to compromise PeopleSoft Enterprise PT PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PT PeopleTools accessible data. CVSS 3.0 Base Score 6.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-peoplesoft_enterprise_pt_peopletoolsPeopleSoft Enterprise PT PeopleTools
CVE-2006-0369
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-0.15% / 35.63%
||
7 Day CHG~0.00%
Published-22 Jan, 2006 | 20:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MySQL 5.0.18 allows local users with access to a VIEW to obtain sensitive information via the "SELECT * FROM information_schema.views;" query, which returns the query that created the VIEW. NOTE: this issue has been disputed by third parties, saying that the availability of the schema is a normal and sometimes desired aspect of database access

Action-Not Available
Vendor-n/aOracle Corporation
Product-mysqln/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-2178
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.21% / 42.67%
||
7 Day CHG~0.00%
Published-20 Jun, 2016 | 00:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack.

Action-Not Available
Vendor-n/aNode.js (OpenJS Foundation)SUSEOpenSSLDebian GNU/LinuxOracle CorporationCanonical Ltd.
Product-solarisubuntu_linuxopenssldebian_linuxlinuxlinux_enterprisenode.jsn/a
CWE ID-CWE-203
Observable Discrepancy
CVE-2014-1738
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-2.1||LOW
EPSS-0.03% / 8.82%
||
7 Day CHG~0.00%
Published-11 May, 2014 | 21:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The raw_cmd_copyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which allows local users to obtain sensitive information from kernel heap memory by leveraging write access to a /dev/fd device.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncSUSERed Hat, Inc.Debian GNU/LinuxOracle Corporation
Product-linux_enterprise_high_availability_extensionlinux_kernelenterprise_linux_euslinux_enterprise_real_time_extensionlinux_enterprise_desktopdebian_linuxlinuxlinux_enterprise_servern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2008-2623
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-0.18% / 39.57%
||
7 Day CHG~0.00%
Published-14 Jan, 2009 | 02:00
Updated-07 Aug, 2024 | 09:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle JDeveloper component in Oracle Application Server 10.1.2.3 allows local users to affect confidentiality via unknown vectors.

Action-Not Available
Vendor-n/aOracle Corporation
Product-jdevelopern/a
CVE-2021-28168
Matching Score-8
Assigner-Eclipse Foundation
ShareView Details
Matching Score-8
Assigner-Eclipse Foundation
CVSS Score-6.2||MEDIUM
EPSS-0.16% / 36.77%
||
7 Day CHG~0.00%
Published-22 Apr, 2021 | 17:35
Updated-03 Aug, 2024 | 21:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Eclipse Jersey 2.28 to 2.33 and Eclipse Jersey 3.0.0 to 3.0.1 contains a local information disclosure vulnerability. This is due to the use of the File.createTempFile which creates a file inside of the system temporary directory with the permissions: -rw-r--r--. Thus the contents of this file are viewable by all other users locally on the system. As such, if the contents written is security sensitive, it can be disclosed to other local users.

Action-Not Available
Vendor-Oracle CorporationEclipse Foundation AISBL
Product-communications_cloud_native_core_policyjerseycommunications_cloud_native_core_unified_data_repositoryEclipse Jersey
CWE ID-CWE-378
Creation of Temporary File With Insecure Permissions
CWE ID-CWE-379
Creation of Temporary File in Directory with Insecure Permissions
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2013-2415
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-2.1||LOW
EPSS-0.08% / 24.29%
||
7 Day CHG~0.00%
Published-17 Apr, 2013 | 15:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows local users to affect confidentiality via vectors related to JAX-WS. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "processing of MTOM attachments" and the creation of temporary files with weak permissions.

Action-Not Available
Vendor-n/aOracle Corporation
Product-jrejdkn/a
CVE-2004-1349
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-0.11% / 29.33%
||
7 Day CHG~0.00%
Published-19 Jan, 2005 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

gzip before 1.3 in Solaris 8, when called with the -f or -force flags, will change the permissions of files that are hard linked to the target files, which allows local users to view or modify these files.

Action-Not Available
Vendor-n/aOracle CorporationGNU
Product-solarisgzipn/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-2353
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.4||MEDIUM
EPSS-0.19% / 40.45%
||
7 Day CHG~0.00%
Published-20 Jul, 2021 | 22:43
Updated-26 Sep, 2024 | 14:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Siebel Core - Server Framework product of Oracle Siebel CRM (component: Loging). Supported versions that are affected are 21.5 and Prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Siebel Core - Server Framework executes to compromise Siebel Core - Server Framework. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Siebel Core - Server Framework accessible data. CVSS 3.1 Base Score 4.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-siebel_core_-_server_frameworkSiebel Core - Server Framework
CVE-2012-3160
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-2.1||LOW
EPSS-0.08% / 23.12%
||
7 Day CHG~0.00%
Published-16 Oct, 2012 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows local users to affect confidentiality via unknown vectors related to Server Installation.

Action-Not Available
Vendor-n/aCanonical Ltd.Red Hat, Inc.Oracle CorporationMariaDB FoundationDebian GNU/Linux
Product-enterprise_linux_desktopubuntu_linuxenterprise_linux_eusenterprise_linux_workstationmariadbdebian_linuxmysqlenterprise_linux_servern/a
CVE-2012-3206
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-2.1||LOW
EPSS-0.41% / 60.71%
||
7 Day CHG~0.00%
Published-17 Oct, 2012 | 00:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Integrated Lights Out Manager CLI in Oracle Sun Products Suite SysFW 8.2.0.a for SPARC and Netra SPARC T3 and T4-based servers, and other versions and servers, allows local users to affect confidentiality via unknown vectors.

Action-Not Available
Vendor-n/aOracle Corporation
Product-sparc_t4-1sparc_t4-1bsparc_t3-4netra_sparc_t3-1sparc_t3-1bsparc_t4-4netra_sparc_t4-1netra_sparc_t4-2sparc_t3-2netra_sparc_t4-2bnetra_sparc_t3-1bsparc_t3-1sun_products_suite_sysfwn/a
CVE-2021-2120
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6||MEDIUM
EPSS-0.16% / 36.65%
||
7 Day CHG~0.00%
Published-20 Jan, 2021 | 14:50
Updated-26 Sep, 2024 | 18:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-vm_virtualboxVM VirtualBox
CVE-2019-2505
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-3.8||LOW
EPSS-0.10% / 27.27%
||
7 Day CHG~0.00%
Published-16 Jan, 2019 | 19:00
Updated-02 Oct, 2024 | 16:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 3.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-vm_virtualboxVM VirtualBox
CVE-2012-2672
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.06% / 17.59%
||
7 Day CHG~0.00%
Published-17 Jun, 2012 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Oracle Mojarra 2.1.7 does not properly "clean up" the FacesContext reference during startup, which allows local users to obtain context information an access resources from another WAR file by calling the FacesContext.getCurrentInstance function.

Action-Not Available
Vendor-n/aOracle Corporation
Product-mojarran/a
CVE-2016-0454
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-2.1||LOW
EPSS-0.16% / 36.72%
||
7 Day CHG~0.00%
Published-21 Jan, 2016 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Mobile Application Servlet component in Oracle E-Business Suite 12.1 and 12.2 allows local users to affect confidentiality via vectors related to MWA Server Manager.

Action-Not Available
Vendor-n/aOracle Corporation
Product-e-business_suiten/a
CVE-2012-1717
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-2.1||LOW
EPSS-0.13% / 33.31%
||
7 Day CHG~0.00%
Published-16 Jun, 2012 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows local users to affect confidentiality via unknown vectors related to printing on Solaris or Linux.

Action-Not Available
Vendor-n/aSUSERed Hat, Inc.Sun Microsystems (Oracle Corporation)Linux Kernel Organization, IncOracle Corporation
Product-linux_enterprise_javaenterprise_linux_eusenterprise_linux_workstationicedtea6jreenterprise_linux_for_power_big_endianenterprise_linux_for_scientific_computingenterprise_linux_for_ibm_z_systemsenterprise_linux_server_from_rhuisatellite_with_embedded_oracleenterprise_linux_desktoplinux_enterprise_serverenterprise_linux_server_auslinux_enterprise_software_development_kitsunosjdklinux_enterprise_desktoplinux_kernelenterprise_linux_servern/a
CVE-2021-20191
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 10.97%
||
7 Day CHG~0.00%
Published-26 May, 2021 | 00:00
Updated-03 Aug, 2024 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality. Versions before ansible 2.9.18 are affected.

Action-Not Available
Vendor-n/aOracle CorporationRed Hat, Inc.
Product-cisco_nx-os_collectionvirtualizationgoogle_cloud_platform_ansible_collectioncommunity_general_collectionansibledocker_community_collectioncommunity_network_collectionansible_toweransible
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2002-0568
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-4.80% / 89.24%
||
7 Day CHG~0.00%
Published-11 Jun, 2002 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Oracle 9i Application Server stores XSQL and SOAP configuration files insecurely, which allows local users to obtain sensitive information including usernames and passwords by requesting (1) XSQLConfig.xml or (2) soapConfig.xml through a virtual directory.

Action-Not Available
Vendor-n/aOracle Corporation
Product-oracle8iapplication_serveroracle9in/a
CVE-1999-0524
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-0.65% / 70.29%
||
7 Day CHG~0.00%
Published-04 Feb, 2000 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts.

Action-Not Available
Vendor-windriverscon/aLinux Kernel Organization, IncNovellSilicon Graphics, Inc.IBM CorporationOracle CorporationCisco Systems, Inc.Microsoft CorporationApple Inc.HP Inc.
Product-linux_kerneltru64hp-uxbsdosaixmacossolarissco_unixioswindowsirixnetwaremac_os_xos2n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-2923
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-2.3||LOW
EPSS-0.09% / 25.14%
||
7 Day CHG~0.00%
Published-18 Jul, 2018 | 13:00
Updated-02 Oct, 2024 | 20:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: Core Services). The supported version that is affected is Prior to 8.7.20. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Sun ZFS Storage Appliance Kit (AK) executes to compromise Sun ZFS Storage Appliance Kit (AK). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Sun ZFS Storage Appliance Kit (AK) accessible data. CVSS 3.0 Base Score 2.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-sun_zfs_storage_appliance_kitSun ZFS Storage Appliance Kit (AK) Software
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found