Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2012-3133

Summary
Assigner-oracle
Assigner Org ID-43595867-4340-4103-b7a2-9a5208d29a85
Published At-21 Dec, 2012 | 02:00
Updated At-16 Sep, 2024 | 20:06
Rejected At-
Credits

Buffer overflow in the DataDirect ODBC driver, as used in Oracle Hyperion Interactive Reporting 11.1.2.1 and 11.1.2.2, Essbase Server 11.1.2.1 and 11.1.2.2, Production Reporting Server 11.1.2.1 and 11.1.2.2, and Integration Services Server 11.1.2.1 and 11.1.2.2 has unknown impact and attack vectors.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:oracle
Assigner Org ID:43595867-4340-4103-b7a2-9a5208d29a85
Published At:21 Dec, 2012 | 02:00
Updated At:16 Sep, 2024 | 20:06
Rejected At:
▼CVE Numbering Authority (CNA)

Buffer overflow in the DataDirect ODBC driver, as used in Oracle Hyperion Interactive Reporting 11.1.2.1 and 11.1.2.2, Essbase Server 11.1.2.1 and 11.1.2.2, Production Reporting Server 11.1.2.1 and 11.1.2.2, and Integration Services Server 11.1.2.1 and 11.1.2.2 has unknown impact and attack vectors.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://blogs.oracle.com/sunsecurity/entry/cve_2012_3133_buffer_overflow
x_refsource_CONFIRM
Hyperlink: https://blogs.oracle.com/sunsecurity/entry/cve_2012_3133_buffer_overflow
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://blogs.oracle.com/sunsecurity/entry/cve_2012_3133_buffer_overflow
x_refsource_CONFIRM
x_transferred
Hyperlink: https://blogs.oracle.com/sunsecurity/entry/cve_2012_3133_buffer_overflow
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert_us@oracle.com
Published At:21 Dec, 2012 | 05:46
Updated At:11 Apr, 2025 | 00:51

Buffer overflow in the DataDirect ODBC driver, as used in Oracle Hyperion Interactive Reporting 11.1.2.1 and 11.1.2.2, Essbase Server 11.1.2.1 and 11.1.2.2, Production Reporting Server 11.1.2.1 and 11.1.2.2, and Integration Services Server 11.1.2.1 and 11.1.2.2 has unknown impact and attack vectors.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.06.8MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 6.8
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CPE Matches
Oracle Corporation
oracle
>>hyperion_interactive_reporting>>11.1.2.1
cpe:2.3:a:oracle:hyperion_interactive_reporting:11.1.2.1:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>hyperion_interactive_reporting>>11.1.2.2
cpe:2.3:a:oracle:hyperion_interactive_reporting:11.1.2.2:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>essbase_server>>11.1.2.1
cpe:2.3:a:oracle:essbase_server:11.1.2.1:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>essbase_server>>11.1.2.2
cpe:2.3:a:oracle:essbase_server:11.1.2.2:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>hyperion_production_reporting_server>>11.1.2.1
cpe:2.3:a:oracle:hyperion_production_reporting_server:11.1.2.1:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>hyperion_production_reporting_server>>11.1.2.2
cpe:2.3:a:oracle:hyperion_production_reporting_server:11.1.2.2:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>integration_services_server>>11.1.2.1
cpe:2.3:a:oracle:integration_services_server:11.1.2.1:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>integration_services_server>>11.1.2.2
cpe:2.3:a:oracle:integration_services_server:11.1.2.2:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-119Primarynvd@nist.gov
CWE ID: CWE-119
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://blogs.oracle.com/sunsecurity/entry/cve_2012_3133_buffer_overflowsecalert_us@oracle.com
Vendor Advisory
https://blogs.oracle.com/sunsecurity/entry/cve_2012_3133_buffer_overflowaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Hyperlink: https://blogs.oracle.com/sunsecurity/entry/cve_2012_3133_buffer_overflow
Source: secalert_us@oracle.com
Resource:
Vendor Advisory
Hyperlink: https://blogs.oracle.com/sunsecurity/entry/cve_2012_3133_buffer_overflow
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

2327Records found
CVE-2016-5252
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-1.49% / 80.29%
||
7 Day CHG~0.00%
Published-05 Aug, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer underflow in the mozilla::gfx::BasePoint4d function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via crafted two-dimensional graphics data that is mishandled during clipping-region calculations.

Action-Not Available
Vendor-n/aMozilla CorporationOracle Corporation
Product-linuxfirefoxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-5688
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-2.39% / 84.40%
||
7 Day CHG~0.00%
Published-13 Dec, 2016 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The WPG parser in ImageMagick before 6.9.4-4 and 7.x before 7.0.1-5, when a memory limit is set, allows remote attackers to have unspecified impact via vectors related to the SetImageExtent return-value check, which trigger (1) a heap-based buffer overflow in the SetPixelIndex function or an invalid write operation in the (2) ScaleCharToQuantum or (3) SetPixelIndex functions.

Action-Not Available
Vendor-n/aImageMagick Studio LLCOracle Corporation
Product-imagemagicksolarisn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-3990
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.44% / 62.43%
||
7 Day CHG~0.00%
Published-21 Sep, 2016 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in the horizontalDifference8 function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted TIFF image to tiffcp.

Action-Not Available
Vendor-n/aLibTIFFOracle Corporation
Product-libtiffvm_servern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-2800
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-0.79% / 72.86%
||
7 Day CHG~0.00%
Published-13 Mar, 2016 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2792.

Action-Not Available
Vendor-siln/aMozilla CorporationopenSUSESUSEOracle Corporation
Product-leapfirefoxopensusegraphite2linuxlinux_enterprisen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-2793
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-0.79% / 72.86%
||
7 Day CHG~0.00%
Published-13 Mar, 2016 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CachedCmap.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.

Action-Not Available
Vendor-siln/aMozilla CorporationopenSUSESUSEOracle Corporation
Product-leapfirefoxopensusegraphite2linuxlinux_enterprisen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-1974
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-0.68% / 70.60%
||
7 Day CHG~0.00%
Published-13 Mar, 2016 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The nsScannerString::AppendUnicodeTo function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not verify that memory allocation succeeds, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via crafted Unicode data in an HTML, XML, or SVG document.

Action-Not Available
Vendor-n/aMozilla CorporationopenSUSESUSEOracle Corporation
Product-leapfirefoxopensusethunderbirdlinuxlinux_enterprisen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-1977
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-0.96% / 75.59%
||
7 Day CHG~0.00%
Published-13 Mar, 2016 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Machine::Code::decoder::analysis::set_ref function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted Graphite smart font.

Action-Not Available
Vendor-siln/aMozilla CorporationopenSUSESUSEOracle Corporation
Product-leapopensusefirefoxgraphite2linuxlinux_enterprisen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-1950
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-1.75% / 81.80%
||
7 Day CHG~0.00%
Published-13 Mar, 2016 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate.

Action-Not Available
Vendor-n/aMozilla CorporationopenSUSEApple Inc.Oracle Corporation
Product-iplanet_web_proxy_serveriplanet_web_serverfirefoxopensusewatchosvm_servernetwork_security_serviceslinuxiphone_osmac_os_xtvosglassfish_servern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-1952
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-0.61% / 68.81%
||
7 Day CHG~0.00%
Published-13 Mar, 2016 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aMozilla CorporationOracle CorporationopenSUSENovell
Product-leapopensusefirefoxsuse_package_hub_for_suse_linux_enterprisethunderbirdlinuxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-7547
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-8.1||HIGH
EPSS-93.42% / 99.81%
||
7 Day CHG~0.00%
Published-18 Feb, 2016 | 21:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.

Action-Not Available
Vendor-n/aopenSUSESophos Ltd.Red Hat, Inc.Debian GNU/LinuxOracle CorporationF5, Inc.GNUSUSEHP Inc.Canonical Ltd.
Product-enterprise_linux_serverhelion_openstackenterprise_linux_server_eusbig-ip_analyticsserver_migration_packlinux_enterprise_desktopbig-ip_domain_name_systembig-ip_local_traffic_managerdebian_linuxbig-ip_advanced_firewall_managerbig-ip_policy_enforcement_managerlinux_enterprise_software_development_kitfujitsu_m10_firmwarebig-ip_link_controllerenterprise_linux_server_ausexalogic_infrastructureenterprise_linux_hpc_nodeopensusebig-ip_application_acceleration_managerenterprise_linux_desktopubuntu_linuxsuse_linux_enterprise_serverbig-ip_application_security_managerglibcenterprise_linux_workstationunified_threat_management_softwareenterprise_linux_hpc_node_euslinux_enterprise_serverlinux_enterprise_debuginfobig-ip_access_policy_managern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-0829
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-6.8||MEDIUM
EPSS-2.65% / 85.16%
||
7 Day CHG~0.00%
Published-25 Feb, 2015 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in libstagefright in Mozilla Firefox before 36.0 allows remote attackers to execute arbitrary code via a crafted MP4 video that is improperly handled during playback.

Action-Not Available
Vendor-n/aMozilla CorporationopenSUSEOracle CorporationCanonical Ltd.
Product-firefoxopensuseubuntu_linuxsolarisn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-9664
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.13% / 77.42%
||
7 Day CHG~0.00%
Published-08 Feb, 2015 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FreeType before 2.5.4 does not check for the end of the data during certain parsing actions, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted Type42 font, related to type42/t42parse.c and type1/t1load.c.

Action-Not Available
Vendor-freetypen/aopenSUSERed Hat, Inc.Fedora ProjectDebian GNU/LinuxOracle CorporationCanonical Ltd.
Product-enterprise_linux_serverdebian_linuxsolarisenterprise_linux_hpc_nodefedoraopensuseenterprise_linux_desktopubuntu_linuxenterprise_linux_server_eusfreetypeenterprise_linux_workstationenterprise_linux_hpc_node_eusn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-6270
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-8.71% / 92.12%
||
7 Day CHG+0.72%
Published-12 Sep, 2014 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Off-by-one error in the snmpHandleUdp function in snmp_core.cc in Squid 2.x and 3.x, when an SNMP port is configured, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted UDP SNMP request, which triggers a heap-based buffer overflow.

Action-Not Available
Vendor-n/aOracle CorporationSquid Cache
Product-squidsolarisn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-1542
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-6.8||MEDIUM
EPSS-2.93% / 85.88%
||
7 Day CHG~0.00%
Published-11 Jun, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the Speex resampler in the Web Audio subsystem in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code via vectors related to a crafted AudioBuffer channel count and sample rate.

Action-Not Available
Vendor-n/aMozilla CorporationOracle CorporationopenSUSE
Product-firefoxopensusesolarisn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-4054
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-60.95% / 98.23%
||
7 Day CHG~0.00%
Published-25 Apr, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allows remote attackers to execute arbitrary code via crafted Edge Side Includes (ESI) responses.

Action-Not Available
Vendor-n/aSquid CacheOracle CorporationCanonical Ltd.
Product-squidlinuxubuntu_linuxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-3991
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.38% / 58.56%
||
7 Day CHG~0.00%
Published-21 Sep, 2016 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in the loadImage function in the tiffcrop tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted TIFF image with zero tiles.

Action-Not Available
Vendor-n/aLibTIFFOracle Corporation
Product-libtiffvm_servern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-4051
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.39% / 79.55%
||
7 Day CHG-0.23%
Published-25 Apr, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in cachemgr.cgi in Squid 2.x, 3.x before 3.5.17, and 4.x before 4.0.9 might allow remote attackers to cause a denial of service or execute arbitrary code by seeding manager reports with crafted data.

Action-Not Available
Vendor-n/aSquid CacheOracle CorporationCanonical Ltd.
Product-squidlinuxubuntu_linuxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-2802
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-0.79% / 72.86%
||
7 Day CHG~0.00%
Published-13 Mar, 2016 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The graphite2::TtfUtil::CmapSubtable4NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.

Action-Not Available
Vendor-siln/aMozilla CorporationopenSUSESUSEOracle Corporation
Product-leapfirefoxopensusegraphite2linuxlinux_enterprisen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-2801
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-0.79% / 72.86%
||
7 Day CHG~0.00%
Published-13 Mar, 2016 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The graphite2::TtfUtil::CmapSubtable12Lookup function in TtfUtil.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2797.

Action-Not Available
Vendor-siln/aMozilla CorporationopenSUSESUSEOracle Corporation
Product-leapopensusefirefoxgraphite2linuxlinux_enterprisen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-2797
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-0.79% / 72.86%
||
7 Day CHG~0.00%
Published-13 Mar, 2016 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The graphite2::TtfUtil::CmapSubtable12Lookup function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2801.

Action-Not Available
Vendor-siln/aMozilla CorporationopenSUSESUSEOracle Corporation
Product-leapfirefoxopensusegraphite2linuxlinux_enterprisen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-2791
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-0.79% / 72.86%
||
7 Day CHG~0.00%
Published-13 Mar, 2016 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The graphite2::GlyphCache::glyph function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.

Action-Not Available
Vendor-siln/aMozilla CorporationopenSUSESUSEOracle Corporation
Product-leapopensusefirefoxgraphite2linuxlinux_enterprisen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-2798
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-0.79% / 72.86%
||
7 Day CHG~0.00%
Published-13 Mar, 2016 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The graphite2::GlyphCache::Loader::Loader function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.

Action-Not Available
Vendor-siln/aMozilla CorporationopenSUSESUSEOracle Corporation
Product-leapfirefoxopensusegraphite2linuxlinux_enterprisen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-2837
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.46% / 63.02%
||
7 Day CHG~0.00%
Published-05 Aug, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in the ClearKey Content Decryption Module (CDM) in the Encrypted Media Extensions (EME) API in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 might allow remote attackers to execute arbitrary code by providing a malformed video and leveraging a Gecko Media Plugin (GMP) sandbox bypass.

Action-Not Available
Vendor-n/aMozilla CorporationOracle Corporation
Product-firefoxlinuxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-2792
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-0.79% / 72.86%
||
7 Day CHG~0.00%
Published-13 Mar, 2016 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2800.

Action-Not Available
Vendor-siln/aMozilla CorporationopenSUSESUSEOracle Corporation
Product-leapfirefoxopensusegraphite2linuxlinux_enterprisen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-2796
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-0.68% / 70.70%
||
7 Day CHG~0.00%
Published-13 Mar, 2016 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in the graphite2::vm::Machine::Code::Code function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite smart font.

Action-Not Available
Vendor-siln/aMozilla CorporationopenSUSESUSEOracle Corporation
Product-leapopensusefirefoxgraphite2linuxlinux_enterprisen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2002-1640
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.52% / 80.50%
||
7 Day CHG~0.00%
Published-28 Mar, 2005 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in Oracle Configurator before 11.5.7.17.32 and 11.5.6.16.53 allows remote attackers to inject arbitrary web script or HTML via (1) Text Features in the DHTML UI or (2) the test parameter to the oracle.apps.cz.servlet.UiServlet servlet.

Action-Not Available
Vendor-n/aOracle Corporation
Product-configuratorn/a
CVE-2011-3557
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6.8||MEDIUM
EPSS-6.41% / 90.65%
||
7 Day CHG~0.00%
Published-19 Oct, 2011 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to RMI, a different vulnerability than CVE-2011-3556.

Action-Not Available
Vendor-n/aOracle CorporationSun Microsystems (Oracle Corporation)
Product-jdkjrejrockitn/a
CVE-2011-2257
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6.8||MEDIUM
EPSS-0.48% / 64.31%
||
7 Day CHG~0.00%
Published-20 Jul, 2011 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Database Target Type Menus component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and 11.2.0.2; and Oracle Enterprise Manager Grid Control 10.1.0.6, 10.2.0.5, and 11.1.0.1; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

Action-Not Available
Vendor-n/aOracle Corporation
Product-database_serverenterprise_manager_grid_controln/a
CVE-2011-0825
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6.8||MEDIUM
EPSS-0.64% / 69.62%
||
7 Day CHG~0.00%
Published-20 Apr, 2011 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle JD Edwards EnterpriseOne Tools 8.9 GA through 8.98.4.1 and OneWorld Tools through 24.1.3 allows remote attackers to affect confidentiality, integrity, and availability, related to Enterprise Infrastructure SEC.

Action-Not Available
Vendor-n/aOracle Corporation
Product-jd_edwards_enterpriseone_eppeoplesoft_and_jdedwards_product_suitejd_edwards_enterpriseoneenterpriseone_toolspeoplesoft_and_jdedwards_suite_scmoneworld_toolsn/a
CVE-2011-0848
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6.8||MEDIUM
EPSS-0.48% / 64.31%
||
7 Day CHG~0.00%
Published-20 Jul, 2011 | 22:36
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Security Framework component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and 11.2.0.2; and Oracle Enterprise Manager Grid Control 10.1.0.6 and 10.2.0.5; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to User Model.

Action-Not Available
Vendor-n/aOracle Corporation
Product-database_serverenterprise_manager_grid_controln/a
CVE-2011-0845
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6.8||MEDIUM
EPSS-1.00% / 76.11%
||
7 Day CHG~0.00%
Published-20 Jul, 2011 | 22:36
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Database Control component in Oracle Enterprise Manager Grid Control 10.1.0.6 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

Action-Not Available
Vendor-n/aOracle Corporation
Product-enterprise_manager_grid_controln/a
CVE-2016-1960
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-87.70% / 99.43%
||
7 Day CHG~0.00%
Published-13 Mar, 2016 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer underflow in the nsHtml5TreeBuilder class in the HTML5 string parser in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) by leveraging mishandling of end tags, as demonstrated by incorrect SVG processing, aka ZDI-CAN-3545.

Action-Not Available
Vendor-n/aMozilla CorporationopenSUSESUSEOracle Corporation
Product-leapfirefoxopensusethunderbirdlinuxlinux_enterprisen/a
CVE-2016-1964
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-0.96% / 75.59%
||
7 Day CHG~0.00%
Published-13 Mar, 2016 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the AtomicBaseIncDec function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging mishandling of XML transformations.

Action-Not Available
Vendor-n/aMozilla CorporationopenSUSESUSEOracle Corporation
Product-leapopensusefirefoxthunderbirdlinuxlinux_enterprisen/a
CVE-2016-1973
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-0.84% / 73.73%
||
7 Day CHG~0.00%
Published-13 Mar, 2016 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Race condition in the GetStaticInstance function in the WebRTC implementation in Mozilla Firefox before 45.0 might allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via unspecified vectors.

Action-Not Available
Vendor-n/aMozilla CorporationOracle Corporation
Product-linuxfirefoxn/a
CVE-2016-1961
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-1.25% / 78.51%
||
7 Day CHG~0.00%
Published-13 Mar, 2016 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the nsHTMLDocument::SetBody function in dom/html/nsHTMLDocument.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by leveraging mishandling of a root element, aka ZDI-CAN-3574.

Action-Not Available
Vendor-n/aMozilla CorporationopenSUSESUSEOracle Corporation
Product-leapopensusefirefoxthunderbirdlinuxlinux_enterprisen/a
CVE-2011-0822
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6.8||MEDIUM
EPSS-2.12% / 83.42%
||
7 Day CHG~0.00%
Published-20 Jul, 2011 | 22:36
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Streams, AQ & Replication Mgmt component in Oracle Database Server 10.1.0.5 and 10.2.0.3, and Oracle Enterprise Manager Grid Control 10.1.0.6, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

Action-Not Available
Vendor-n/aOracle Corporation
Product-database_serverenterprise_manager_grid_controln/a
CVE-2016-1966
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-1.01% / 76.12%
||
7 Day CHG~0.00%
Published-13 Mar, 2016 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The nsNPObjWrapper::GetNewOrUsed function in dom/plugins/base/nsJSNPRuntime.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference and memory corruption) via a crafted NPAPI plugin.

Action-Not Available
Vendor-n/aMozilla CorporationOracle CorporationopenSUSE
Product-linuxfirefoxopensusethunderbirdn/a
CVE-2009-4028
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-1.80% / 82.03%
||
7 Day CHG~0.00%
Published-30 Nov, 2009 | 17:00
Updated-07 Aug, 2024 | 06:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41, when OpenSSL is used, accepts a value of zero for the depth of X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificate, as demonstrated by a certificate presented by a server linked against the yaSSL library.

Action-Not Available
Vendor-mysqln/aOracle Corporation
Product-mysqln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2020-10673
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-20.47% / 95.33%
||
7 Day CHG~0.00%
Published-18 Mar, 2020 | 21:17
Updated-27 Aug, 2025 | 20:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).

Action-Not Available
Vendor-n/aOracle CorporationDebian GNU/LinuxNetApp, Inc.FasterXML, LLC.
Product-communications_diameter_signaling_routerglobal_lifecycle_management_opatchretail_sales_auditcommunications_contacts_serverprimavera_unifierbanking_digital_experiencejd_edwards_enterpriseone_orchestratorretail_service_backbonecommunications_network_charging_and_controlcommunications_session_route_managerbanking_platformcommunications_session_report_managercommunications_instant_messaging_serveragile_plmautovue_for_agile_product_lifecycle_managementfinancial_services_retail_customer_analyticsfinancial_services_price_creation_and_discoveryretail_merchandising_systemfinancial_services_institutional_performance_analyticssteelstore_cloud_integrated_storagedebian_linuxinsurance_policy_administration_j2eeweblogic_serverjackson-databindfinancial_services_analytical_applications_infrastructurecommunications_calendar_serverretail_xstore_point_of_servicecommunications_evolved_communications_application_servercommunications_element_managerjd_edwards_enterpriseone_toolsenterprise_manager_base_platformn/aenterprise_manager_base_platformcommunications_diameter_signaling_routercommunications_network_charging_and_controlcommunications_element_managercommunications_evolved_communications_application_serverretail_sales_auditautovue_for_agile_product_lifecycle_managementfinancial_services_analytical_applications_infrastructureretail_xstore_point_of_servicecommunications_instant_messaging_serverfinancial_services_institutional_performance_analyticsprimavera_unifiercommunications_calendar_serverweblogic_servercommunications_session_route_managerdebian_linuxretail_merchandising_systemretail_service_backbonefinancial_services_price_creation_and_discoverysteelstore_cloud_integrated_storageinsurance_policy_administration_j2eeagile_plmjd_edwards_enterpriseone_orchestratorglobal_lifecycle_management_opatchfinancial_services_retail_customer_analyticsjackson-databindbanking_digital_experience
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2020-11113
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-61.75% / 98.27%
||
7 Day CHG~0.00%
Published-31 Mar, 2020 | 04:37
Updated-27 Aug, 2025 | 20:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).

Action-Not Available
Vendor-n/aOracle CorporationDebian GNU/LinuxNetApp, Inc.FasterXML, LLC.
Product-communications_diameter_signaling_routerglobal_lifecycle_management_opatchretail_sales_auditprimavera_unifierjd_edwards_enterpriseone_orchestratorretail_service_backbonecommunications_network_charging_and_controlcommunications_session_route_managerbanking_platformcommunications_session_report_managercommunications_instant_messaging_serveragile_plmautovue_for_agile_product_lifecycle_managementfinancial_services_retail_customer_analyticsfinancial_services_price_creation_and_discoveryretail_merchandising_systemsteelstore_cloud_integrated_storageinsurance_policy_administration_j2eejackson-databindfinancial_services_analytical_applications_infrastructurecommunications_evolved_communications_application_servercommunications_contacts_serverbanking_digital_experiencefinancial_services_institutional_performance_analyticsdebian_linuxweblogic_servercommunications_calendar_serverretail_xstore_point_of_servicecommunications_element_managerjd_edwards_enterpriseone_toolsenterprise_manager_base_platformwebcenter_portaln/aenterprise_manager_base_platformcommunications_diameter_signaling_routercommunications_network_charging_and_controlcommunications_element_managercommunications_evolved_communications_application_serverretail_sales_auditautovue_for_agile_product_lifecycle_managementfinancial_services_analytical_applications_infrastructureretail_xstore_point_of_servicecommunications_instant_messaging_serverfinancial_services_institutional_performance_analyticsprimavera_unifiercommunications_calendar_serverweblogic_servercommunications_session_route_managerdebian_linuxretail_merchandising_systemretail_service_backbonefinancial_services_price_creation_and_discoverysteelstore_cloud_integrated_storageinsurance_policy_administration_j2eeagile_plmjd_edwards_enterpriseone_orchestratorglobal_lifecycle_management_opatchfinancial_services_retail_customer_analyticsjackson-databindbanking_digital_experience
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2020-14061
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-6.15% / 90.45%
||
7 Day CHG~0.00%
Published-14 Jun, 2020 | 19:42
Updated-27 Aug, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).

Action-Not Available
Vendor-n/aOracle CorporationDebian GNU/LinuxNetApp, Inc.FasterXML, LLC.
Product-communications_diameter_signaling_routercommunications_element_managercommunications_evolved_communications_application_serveractive_iq_unified_managerautovue_for_agile_product_lifecycle_managementdebian_linuxsteelstore_cloud_integrated_storagecommunications_instant_messaging_servercommunications_session_route_managercommunications_session_report_manageragile_plmcommunications_contacts_serverjackson-databindcommunications_calendar_serverbanking_digital_experiencen/a
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2016-1181
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-8.1||HIGH
EPSS-6.13% / 90.43%
||
7 Day CHG~0.00%
Published-04 Jul, 2016 | 22:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles multithreaded access to an ActionForm instance, which allows remote attackers to execute arbitrary code or cause a denial of service (unexpected memory access) via a multipart request, a related issue to CVE-2015-0899.

Action-Not Available
Vendor-n/aThe Apache Software FoundationOracle Corporation
Product-banking_platformportalstrutsn/a
CVE-2010-4444
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6.8||MEDIUM
EPSS-1.20% / 78.09%
||
7 Day CHG~0.00%
Published-19 Jan, 2011 | 16:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Sun Java System Access Manager and Oracle OpenSSO 7, 7.1, and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

Action-Not Available
Vendor-n/aOracle CorporationSun Microsystems (Oracle Corporation)
Product-openssojava_system_access_managern/a
CVE-2009-1975
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6.8||MEDIUM
EPSS-33.68% / 96.80%
||
7 Day CHG~0.00%
Published-14 Jul, 2009 | 23:00
Updated-07 Aug, 2024 | 05:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3 allows remote attackers to affect confidentiality, integrity, and availability, related to the WLS Console Package.

Action-Not Available
Vendor-n/aOracle Corporation
Product-bea_product_suiten/a
CVE-2015-4851
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6.8||MEDIUM
EPSS-1.42% / 79.76%
||
7 Day CHG~0.00%
Published-21 Oct, 2015 | 23:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle iSupplier Portal component in Oracle E-Business Suite 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to XML input. NOTE: the previous information is from the October 2015 CPU. Oracle has not commented on third-party claims that this issue is an XML External Entity (XXE) vulnerability, which allows remote attackers to read arbitrary files, cause a denial of service, or conduct SMB Relay attacks via a crafted DTD in an XML request to OA_HTML/oramipp_lpr.

Action-Not Available
Vendor-n/aOracle Corporation
Product-e-business_suiten/a
CVE-2009-5026
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-4.37% / 88.51%
||
7 Day CHG~0.00%
Published-17 Aug, 2012 | 00:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The executable comment feature in MySQL 5.0.x before 5.0.93 and 5.1.x before 5.1.50, when running in certain slave configurations in which the slave is running a newer version than the master, allows remote attackers to execute arbitrary SQL commands via custom comments.

Action-Not Available
Vendor-mysqln/aOracle Corporation
Product-mysqln/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2018-2664
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-9||CRITICAL
EPSS-1.10% / 77.17%
||
7 Day CHG~0.00%
Published-18 Jan, 2018 | 02:00
Updated-03 Oct, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: User Interface). The supported version that is affected is Prior to 8.7.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance Kit (AK). While the vulnerability is in Sun ZFS Storage Appliance Kit (AK), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Sun ZFS Storage Appliance Kit (AK). CVSS 3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-sun_zfs_storage_appliance_kitSun ZFS Storage Appliance Kit (AK) Software
CVE-2018-3180
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.6||MEDIUM
EPSS-0.06% / 17.16%
||
7 Day CHG~0.00%
Published-17 Oct, 2018 | 01:00
Updated-02 Oct, 2024 | 19:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JSSE). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SSL/TLS to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L).

Action-Not Available
Vendor-Canonical Ltd.Debian GNU/LinuxHP Inc.Oracle CorporationRed Hat, Inc.
Product-enterprise_linux_serverubuntu_linuxdebian_linuxxp7_command_viewenterprise_linux_server_eusjreenterprise_linux_server_ausenterprise_linux_workstationenterprise_linux_eussatellitejdkenterprise_linux_server_tusenterprise_linux_desktopjrockitJava
CVE-2018-2593
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-8.8||HIGH
EPSS-2.82% / 85.59%
||
7 Day CHG~0.00%
Published-18 Jan, 2018 | 02:00
Updated-03 Oct, 2024 | 20:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Core Technology). Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-peoplesoft_enterprise_peopletoolsPeopleSoft Enterprise PT PeopleTools
CVE-2018-2876
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.1||HIGH
EPSS-0.55% / 67.02%
||
7 Day CHG~0.00%
Published-19 Apr, 2018 | 02:00
Updated-03 Oct, 2024 | 20:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Retail Integration Bus component of Oracle Retail Applications (subcomponent: RIB Kernal(Apache Commons Collections)). The supported version that is affected is 13.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Integration Bus. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Retail Integration Bus, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Integration Bus accessible data as well as unauthorized read access to a subset of Oracle Retail Integration Bus accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Retail Integration Bus. CVSS 3.0 Base Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L).

Action-Not Available
Vendor-Oracle Corporation
Product-retail_integration_busRetail Integration Bus
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 46
  • 47
  • Next
Details not found