Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2012-3182

Summary
Assigner-oracle
Assigner Org ID-43595867-4340-4103-b7a2-9a5208d29a85
Published At-17 Oct, 2012 | 00:00
Updated At-06 Aug, 2024 | 19:57
Rejected At-
Credits

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 allows remote attackers to affect integrity, related to PIA Core Technology.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:oracle
Assigner Org ID:43595867-4340-4103-b7a2-9a5208d29a85
Published At:17 Oct, 2012 | 00:00
Updated At:06 Aug, 2024 | 19:57
Rejected At:
▼CVE Numbering Authority (CNA)

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 allows remote attackers to affect integrity, related to PIA Core Technology.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://secunia.com/advisories/51001
third-party-advisory
x_refsource_SECUNIA
http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html
x_refsource_CONFIRM
http://www.securitytracker.com/id?1027671
vdb-entry
x_refsource_SECTRACK
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: http://secunia.com/advisories/51001
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securitytracker.com/id?1027671
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
Resource:
vendor-advisory
x_refsource_MANDRIVA
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://secunia.com/advisories/51001
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html
x_refsource_CONFIRM
x_transferred
http://www.securitytracker.com/id?1027671
vdb-entry
x_refsource_SECTRACK
x_transferred
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: http://secunia.com/advisories/51001
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securitytracker.com/id?1027671
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert_us@oracle.com
Published At:17 Oct, 2012 | 00:55
Updated At:11 Apr, 2025 | 00:51

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 allows remote attackers to affect integrity, related to PIA Core Technology.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.04.3MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Type: Primary
Version: 2.0
Base score: 4.3
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CPE Matches
Oracle Corporation
oracle
>>peoplesoft_products>>8.52
cpe:2.3:a:oracle:peoplesoft_products:8.52:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://secunia.com/advisories/51001secalert_us@oracle.com
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150secalert_us@oracle.com
N/A
http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.htmlsecalert_us@oracle.com
Patch
Vendor Advisory
http://www.securitytracker.com/id?1027671secalert_us@oracle.com
N/A
http://secunia.com/advisories/51001af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.htmlaf854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
http://www.securitytracker.com/id?1027671af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://secunia.com/advisories/51001
Source: secalert_us@oracle.com
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
Source: secalert_us@oracle.com
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html
Source: secalert_us@oracle.com
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.securitytracker.com/id?1027671
Source: secalert_us@oracle.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/51001
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.securitytracker.com/id?1027671
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

549Records found
CVE-2011-0805
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.23% / 45.61%
||
7 Day CHG~0.00%
Published-20 Apr, 2011 | 03:09
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the UIX component in Oracle Database Server 10.1.0.5, 10.2.0.4, 11.1.0.7, and 11.2.0.1 allows remote attackers to affect integrity via unknown vectors.

Action-Not Available
Vendor-n/aOracle Corporation
Product-database_servern/a
CVE-2012-0071
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.29% / 51.73%
||
7 Day CHG~0.00%
Published-16 Oct, 2012 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote attackers to affect integrity via unknown vectors related to Web, a different vulnerability than CVE-2012-0093.

Action-Not Available
Vendor-n/aOracle Corporation
Product-fusion_middlewaren/a
CVE-2011-0785
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.23% / 45.61%
||
7 Day CHG~0.00%
Published-20 Apr, 2011 | 03:09
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Help component in Oracle Database Server 11.1.0.7, 11.2.0.1, 11.2.0.2, 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, and 10.1.0.5; and Oracle Fusion Middleware 11.1.1.2.0, 11.1.1.3.0, and 11.1.1.4.0 allows remote attackers to affect integrity via unknown vectors.

Action-Not Available
Vendor-n/aOracle Corporation
Product-database_serverfusion_middlewaren/a
CVE-2010-3514
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-12.69% / 93.73%
||
7 Day CHG~0.00%
Published-13 Oct, 2010 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle iPlanet Web Server (Sun Java System Web Server) component in Oracle Sun Products Suite 6.1 and 7.0 allows remote attackers to affect integrity via unknown vectors related to Web Container.

Action-Not Available
Vendor-n/aOracle Corporation
Product-sun_products_suiten/a
CVE-2021-28957
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.49% / 64.57%
||
7 Day CHG~0.00%
Published-21 Mar, 2021 | 04:39
Updated-03 Aug, 2024 | 21:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling the safe_attrs_only and forms arguments, the Cleaner class does not remove the formaction attribute allowing for JS to bypass the sanitizer. A remote attacker could exploit this flaw to run arbitrary JS code on users who interact with incorrectly sanitized HTML. This issue is patched in lxml 4.6.3.

Action-Not Available
Vendor-lxmln/aDebian GNU/LinuxNetApp, Inc.Oracle CorporationFedora Project
Product-debian_linuxfedorazfs_storage_appliance_kitlxmlsnapcentern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-14585
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-8.2||HIGH
EPSS-2.91% / 85.84%
||
7 Day CHG~0.00%
Published-15 Jul, 2020 | 17:34
Updated-27 Sep, 2024 | 18:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Mobile Service). Supported versions that are affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle BI Publisher, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle BI Publisher accessible data as well as unauthorized update, insert or delete access to some of Oracle BI Publisher accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-bi_publisherBI Publisher (formerly XML Publisher)
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2016-8330
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-3.7||LOW
EPSS-0.45% / 62.60%
||
7 Day CHG~0.00%
Published-27 Jan, 2017 | 22:01
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Solaris accessible data. CVSS v3.0 Base Score 3.7 (Integrity impacts).

Action-Not Available
Vendor-Oracle Corporation
Product-solarisSolaris Operating System
CWE ID-CWE-284
Improper Access Control
CVE-2012-0093
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.29% / 51.73%
||
7 Day CHG~0.00%
Published-16 Oct, 2012 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote attackers to affect integrity via unknown vectors related to Web, a different vulnerability than CVE-2012-0071.

Action-Not Available
Vendor-n/aOracle Corporation
Product-fusion_middlewaren/a
CVE-2021-2480
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-3.7||LOW
EPSS-0.55% / 67.06%
||
7 Day CHG~0.00%
Published-20 Oct, 2021 | 10:49
Updated-25 Sep, 2024 | 19:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Web Listener). The supported version that is affected is 11.1.1.9.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle HTTP Server accessible data. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-http_serverHTTP Server
CVE-2016-0404
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.31% / 53.72%
||
7 Day CHG~0.00%
Published-21 Jan, 2016 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Identity Federation component in Oracle Fusion Middleware 11.1.2.2 allows remote attackers to affect integrity via vectors related to Admin.

Action-Not Available
Vendor-n/aOracle Corporation
Product-fusion_middlewaren/a
CVE-2010-3587
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.39% / 59.48%
||
7 Day CHG~0.00%
Published-19 Jan, 2011 | 15:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Common Applications component in Oracle Applications 11.5.10.2, 12.0.4, 12.0.5, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to User Management.

Action-Not Available
Vendor-n/aOracle Corporation
Product-e-business_suiten/a
CVE-2019-17573
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-6.1||MEDIUM
EPSS-15.54% / 94.42%
||
7 Day CHG~0.00%
Published-16 Jan, 2020 | 17:50
Updated-05 Aug, 2024 | 01:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack, which allows a malicious actor to inject javascript into the web page. Please note that the attack exploits a feature which is not typically not present in modern browsers, who remove dot segments before sending the request. However, Mobile applications may be vulnerable.

Action-Not Available
Vendor-The Apache Software FoundationOracle Corporation
Product-retail_order_brokercommunications_session_route_managerflexcube_private_bankingcommunications_session_report_managercxfcommunications_element_managercommerce_guided_searchCXF
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2010-2410
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.42% / 61.09%
||
7 Day CHG~0.00%
Published-13 Oct, 2010 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Cabo/UIX component in Oracle Fusion Middleware 10.1.2.3 and 10.1.3.5 allows remote attackers to affect integrity via unknown vectors, a different vulnerability than CVE-2010-2395 and CVE-2010-2409.

Action-Not Available
Vendor-n/aOracle Corporation
Product-fusion_middlewaren/a
CVE-2010-2409
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.42% / 61.09%
||
7 Day CHG~0.00%
Published-13 Oct, 2010 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Cabo/UIX component in Oracle Fusion Middleware 10.1.2.3 and 10.1.3.5 allows remote attackers to affect integrity via unknown vectors, a different vulnerability than CVE-2010-2395 and CVE-2010-2410.

Action-Not Available
Vendor-n/aOracle Corporation
Product-fusion_middlewaren/a
CVE-2019-17091
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-8.42% / 91.98%
||
7 Day CHG~0.00%
Published-02 Oct, 2019 | 13:58
Updated-05 Aug, 2024 | 01:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

faces/context/PartialViewContextImpl.java in Eclipse Mojarra, as used in Mojarra for Eclipse EE4J before 2.3.10 and Mojarra JavaServer Faces before 2.2.20, allows Reflected XSS because a client window field is mishandled.

Action-Not Available
Vendor-n/aOracle CorporationEclipse Foundation AISBL
Product-communications_diameter_signaling_routerretail_bulk_data_integrationhealthcare_data_repositoryretail_store_inventory_managementrapid_planningcommunications_network_integrityretail_service_backboneretail_financial_integrationretail_assortment_planningretail_integration_busenterprise_data_qualityretail_merchandising_systembanking_enterprise_product_manufacturingretail_advanced_inventory_planningretail_invoice_matchingprimavera_p6_enterprise_project_portfolio_managementhealth_sciences_information_managersecure_global_desktoptime_and_labormojarra_javaserver_facescommunications_unified_inventory_managementmojarraapplication_testing_suiten/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2010-2372
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.31% / 53.72%
||
7 Day CHG~0.00%
Published-13 Jul, 2010 | 22:07
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1.1 allows remote attackers to affect integrity via unknown vectors, a different vulnerability than CVE-2010-2371.

Action-Not Available
Vendor-n/aOracle Corporation
Product-supply_chain_products_suiten/a
CVE-2010-2087
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.24% / 47.22%
||
7 Day CHG~0.00%
Published-27 May, 2010 | 18:32
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Oracle Mojarra 1.2_14 and 2.0.2, as used in IBM WebSphere Application Server, Caucho Resin, and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.

Action-Not Available
Vendor-cauchon/aIBM CorporationOracle Corporation
Product-websphere_application_serverresinmojarran/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2010-2370
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-16.17% / 94.55%
||
7 Day CHG~0.00%
Published-13 Jul, 2010 | 22:07
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Business Process Management component in Oracle Fusion Middleware 5.7 MP3, 6.0 MP5, and 10.3 MP2 allows remote attackers to affect integrity, related to BPM.

Action-Not Available
Vendor-n/aOracle Corporation
Product-fusion_middlewaren/a
CVE-2010-2396
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.42% / 61.09%
||
7 Day CHG~0.00%
Published-13 Oct, 2010 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Forms component in Oracle Fusion Middleware 10.1.2.3 allows remote attackers to affect integrity via unknown vectors.

Action-Not Available
Vendor-n/aOracle Corporation
Product-fusion_middlewaren/a
CVE-2010-2408
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.42% / 61.09%
||
7 Day CHG~0.00%
Published-13 Oct, 2010 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle iRecruitment component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect integrity via unknown vectors.

Action-Not Available
Vendor-n/aOracle Corporation
Product-e-business_suiten/a
CVE-2010-2407
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.31% / 53.51%
||
7 Day CHG~0.00%
Published-13 Oct, 2010 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the XDK component in Oracle Database Server 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote attackers to affect integrity via unknown vectors.

Action-Not Available
Vendor-n/aOracle Corporation
Product-database_servern/a
CVE-2011-2275
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.68% / 70.59%
||
7 Day CHG~0.00%
Published-21 Jul, 2011 | 00:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.49.31, 8.50.20, and 8.51.11 allows remote attackers to affect integrity via unknown vectors.

Action-Not Available
Vendor-n/aOracle Corporation
Product-peoplesoft_enterprise_peopletoolspeoplesoft_productsn/a
CVE-2020-11022
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-6.9||MEDIUM
EPSS-2.57% / 84.96%
||
7 Day CHG~0.00%
Published-29 Apr, 2020 | 00:00
Updated-04 Aug, 2024 | 11:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Potential XSS vulnerability in jQuery

In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

Action-Not Available
Vendor-jQuery (OpenJS Foundation)Tenable, Inc.The Drupal AssociationopenSUSEOracle CorporationNetApp, Inc.Fedora ProjectDebian GNU/Linux
Product-peoplesoft_enterprise_peopletoolsfinancial_services_data_foundationretail_back_officeinsurance_allocation_manager_for_enterprise_profitabilityfinancial_services_hedge_management_and_ifrs_valuationsh410c_firmwareh300s_firmwarehospitality_simphonystoragetek_acslsfinancial_services_loan_loss_forecasting_and_provisioningsnapcenterpolicy_automation_for_mobile_devicescommunications_application_session_controllerjqueryfedorafinancial_services_profitability_managementoncommand_system_managerh500s_firmwareleapfinancial_services_liquidity_risk_measurement_and_managementh300ebanking_digital_experiencefinancial_services_asset_liability_managementinsurance_accounting_analyzerretail_returns_managementfinancial_services_regulatory_reporting_for_us_federal_reservepolicy_automation_connector_for_siebeldebian_linuxweblogic_serverfinancial_services_liquidity_risk_managementinsurance_data_foundationsnap_creator_frameworkfinancial_services_market_risk_measurement_and_managementh410ccommunications_diameter_signaling_router_idih\h410spolicy_automationh300sfinancial_services_price_creation_and_discoveryh300e_firmwareblockchain_platformhealthcare_foundationmax_datafinancial_services_analytical_applications_infrastructurefinancial_services_balance_sheet_planningh500eh500e_firmwaredrupalh700eenterprise_manager_ops_centerapplication_testing_suitecommunications_services_gatekeeperfinancial_services_basel_regulatory_capital_internal_ratings_based_approachfinancial_services_data_governance_for_us_regulatory_reportinginsurance_insbridge_rating_and_underwritingretail_customer_management_and_segmentation_foundationoncommand_insightagile_product_lifecycle_management_for_processfinancial_services_basel_regulatory_capital_basiccommunications_billing_and_revenue_managementh500ssiebel_ui_frameworkfinancial_services_regulatory_reporting_for_european_banking_authorityhospitality_materials_controllog_correlation_enginefinancial_services_institutional_performance_analyticsenterprise_session_border_controllercommunications_webrtc_session_controllerfinancial_services_data_integration_hubh410s_firmwarecommunications_eagle_application_processorh700s_firmwarejdeveloperagile_product_supplier_collaboration_for_processfinancial_services_analytical_applications_reconciliation_frameworkh700e_firmwareh700sfinancial_services_funds_transfer_pricingjQuery
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2010-2418
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.42% / 61.09%
||
7 Day CHG~0.00%
Published-13 Oct, 2010 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Territory Management component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect integrity via unknown vectors.

Action-Not Available
Vendor-n/aOracle Corporation
Product-e-business_suiten/a
CVE-2010-2413
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.42% / 61.09%
||
7 Day CHG~0.00%
Published-13 Oct, 2010 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the BI Publisher component in Oracle Fusion Middleware 10.1.3.3.2 and 10.1.3.4.1 allows remote attackers to affect integrity via unknown vectors.

Action-Not Available
Vendor-n/aOracle Corporation
Product-fusion_middlewaren/a
CVE-2019-14862
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.55% / 66.93%
||
7 Day CHG~0.00%
Published-02 Jan, 2020 | 14:18
Updated-05 Aug, 2024 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a vulnerability in knockout before version 3.5.0-beta, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it.

Action-Not Available
Vendor-knockoutjsOracle CorporationRed Hat, Inc.
Product-knockoutprocess_automationbusiness_intelligencegoldengatedecision_managerknockout
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2011-2309
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.44% / 62.36%
||
7 Day CHG~0.00%
Published-18 Oct, 2011 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Health Sciences - Oracle Clinical, Remote Data Capture component in Oracle Industry Applications 4.6 and 4.6.2 allows remote attackers to affect integrity, related to RDC Help.

Action-Not Available
Vendor-n/aOracle Corporation
Product-industry_applicationsn/a
CVE-2011-2314
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.50% / 64.86%
||
7 Day CHG~0.00%
Published-18 Oct, 2011 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Fusion Middleware 10.1.2.3 allows remote attackers to affect integrity via unknown vectors related to JavaServer Pages.

Action-Not Available
Vendor-n/aOracle Corporation
Product-fusion_middlewaren/a
CVE-2019-13038
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.14% / 35.08%
||
7 Day CHG~0.00%
Published-29 Jun, 2019 | 00:00
Updated-04 Aug, 2024 | 23:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

mod_auth_mellon through 0.14.2 has an Open Redirect via the login?ReturnTo= substring, as demonstrated by omitting the // after http: in the target URL.

Action-Not Available
Vendor-mod_auth_mellon_projectn/aOracle CorporationCanonical Ltd.Fedora Project
Product-ubuntu_linuxfedorazfs_storage_appliance_kitmod_auth_mellonn/a
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2019-12387
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.87% / 74.27%
||
7 Day CHG~0.00%
Published-10 Jun, 2019 | 11:34
Updated-25 Nov, 2024 | 18:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF.

Action-Not Available
Vendor-twistedn/aOracle CorporationCanonical Ltd.Fedora Project
Product-ubuntu_linuxsolarisfedorazfs_storage_appliance_kittwistedn/a
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2016-5554
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-1.40% / 79.65%
||
7 Day CHG~0.00%
Published-25 Oct, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect integrity via vectors related to JMX.

Action-Not Available
Vendor-n/aOracle Corporation
Product-jrejdkn/a
CVE-2016-0513
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.31% / 53.72%
||
7 Day CHG~0.00%
Published-21 Jan, 2016 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via vectors related to BIS Common Components.

Action-Not Available
Vendor-n/aOracle Corporation
Product-e-business_suiten/a
CVE-2016-5450
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.7||MEDIUM
EPSS-0.37% / 57.88%
||
7 Day CHG~0.00%
Published-21 Jul, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote attackers to affect integrity via vectors related to UIF Open UI.

Action-Not Available
Vendor-n/aOracle Corporation
Product-siebel_ui_frameworkn/a
CVE-2011-0828
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.31% / 53.72%
||
7 Day CHG~0.00%
Published-20 Apr, 2011 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle PeopleSoft Enterprise 8.8 Bundle #13 allows remote attackers to affect integrity via unknown vectors related to Application Portal.

Action-Not Available
Vendor-n/aOracle Corporation
Product-peoplesoft_enterprisen/a
CVE-2019-11358
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-1.29% / 78.88%
||
7 Day CHG~0.00%
Published-19 Apr, 2019 | 00:00
Updated-15 Nov, 2024 | 15:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.

Action-Not Available
Vendor-backdropcmsn/ajQuery (OpenJS Foundation)The Drupal AssociationRed Hat, Inc.Juniper Networks, Inc.Joomla!openSUSEOracle CorporationNetApp, Inc.Fedora ProjectDebian GNU/Linux
Product-communications_diameter_signaling_routerpeoplesoft_enterprise_peopletoolsprimavera_unifierjdeveloper_and_adffinancial_services_data_foundationtape_library_acslsretail_back_officediagnostic_assistantinsurance_allocation_manager_for_enterprise_profitabilityfinancial_services_hedge_management_and_ifrs_valuationscommunications_session_route_managerfinancial_services_regulatory_reporting_for_de_nederlandsche_bankhospitality_simphonybackdropbi_publisherfinancial_services_retail_customer_analyticsapplication_service_level_managementfinancial_services_loan_loss_forecasting_and_provisioningsnapcenterpolicy_automation_for_mobile_devicescommunications_application_session_controllerservice_busvirtualization_managerjqueryfedoraoncommand_system_managerfinancial_services_profitability_managementsiebel_mobile_applicationsfusion_middleware_mapviewerjunoscommunications_unified_inventory_managementwebcenter_sitesleapbusiness_process_management_suitefinancial_services_liquidity_risk_measurement_and_managementcommunications_operations_monitorinsurance_ifrs_17_analyzerbanking_digital_experienceretail_customer_insightshealthcare_translational_researchfinancial_services_asset_liability_managementinsurance_accounting_analyzerfinancial_services_enterprise_financial_performance_analyticsretail_returns_managementbackports_slefinancial_services_regulatory_reporting_for_us_federal_reservefinancial_services_revenue_management_and_billingpolicy_automation_connector_for_siebelfinancial_services_retail_performance_analyticsdebian_linuxweblogic_serverfinancial_services_liquidity_risk_managementreal-time_schedulerinsurance_data_foundationhospitality_guest_accessfinancial_services_market_risk_measurement_and_managementidentity_managercommunications_element_managerretail_central_officeprimavera_gatewayutilities_mobile_workforce_managementpolicy_automationbanking_platformcommunications_session_report_managerfinancial_services_price_creation_and_discoveryretail_point-of-serviceinsurance_performance_insighthealthcare_foundationbanking_enterprise_collectionsfinancial_services_analytical_applications_infrastructurefinancial_services_balance_sheet_planningcloudformstransportation_managementdrupalbig_data_discoverycommunications_interactive_session_recorderenterprise_manager_ops_centerapplication_testing_suitecommunications_services_gatekeeperfinancial_services_basel_regulatory_capital_internal_ratings_based_approachfinancial_services_data_governance_for_us_regulatory_reportinginsurance_insbridge_rating_and_underwritingretail_customer_management_and_segmentation_foundationapplication_expressagile_product_lifecycle_management_for_processfinancial_services_basel_regulatory_capital_basicrest_data_servicescommunications_billing_and_revenue_managementsiebel_ui_frameworkfinancial_services_regulatory_reporting_for_european_banking_authorityhospitality_materials_controlfinancial_services_institutional_performance_analyticsknowledgeenterprise_session_border_controllerstoragetek_tape_analytics_sw_toolcommunications_webrtc_session_controllerfinancial_services_data_integration_hubjoomla\!communications_eagle_application_processorjdevelopersystem_utilitiescommunications_analyticsfinancial_services_analytical_applications_reconciliation_frameworkjd_edwards_enterpriseone_toolsfinancial_services_funds_transfer_pricingn/a
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2010-0855
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.73% / 71.70%
||
7 Day CHG~0.00%
Published-13 Apr, 2010 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Portal component in Oracle Fusion Middleware 10.1.2.3 allows remote attackers to affect integrity via unknown vectors, a different vulnerability than CVE-2010-0086.

Action-Not Available
Vendor-n/aOracle Corporation
Product-fusion_middlewaren/a
CVE-2010-0881
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.81% / 73.27%
||
7 Day CHG~0.00%
Published-14 Apr, 2010 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the User Interface Components in Oracle Collaboration Suite 10.1.2.4 allows remote attackers to affect integrity via unknown vectors.

Action-Not Available
Vendor-n/aOracle Corporation
Product-collaboration_suiten/a
CVE-2010-4453
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.48% / 64.23%
||
7 Day CHG~0.00%
Published-19 Jan, 2011 | 16:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 7.0.7, 8.1.6, 9.0, 9.1, 9.2.4, 10.0.2, 10.3.2, and 10.3.3 allows remote attackers to affect integrity via unknown vectors related to Servlet Container.

Action-Not Available
Vendor-n/aOracle Corporation
Product-weblogic_serverfusion_middlewaren/a
CVE-2019-10241
Matching Score-8
Assigner-Eclipse Foundation
ShareView Details
Matching Score-8
Assigner-Eclipse Foundation
CVSS Score-6.1||MEDIUM
EPSS-21.60% / 95.51%
||
7 Day CHG~0.00%
Published-22 Apr, 2019 | 20:14
Updated-04 Aug, 2024 | 22:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents.

Action-Not Available
Vendor-Eclipse Foundation AISBLDebian GNU/LinuxOracle CorporationThe Apache Software Foundation
Product-debian_linuxrest_data_servicesretail_xstore_point_of_serviceflexcube_core_bankingactivemqdrilljettyEclipse Jetty
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-10219
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-1.86% / 82.34%
||
7 Day CHG~0.00%
Published-08 Nov, 2019 | 14:46
Updated-07 Jul, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.

Action-Not Available
Vendor-HibernateOracle CorporationNetApp, Inc.Red Hat, Inc.
Product-communications_pricing_design_centeragile_product_lifecycle_management_integration_packcommunications_cloud_native_core_consolemysql_serverdata_integratorbanking_platformcommerce_platformwebcenter_portalfuseretail_order_brokerpolicy_automationpeoplesoft_enterprise_peopletoolsweblogic_servere-business_suitemysql_clustercommunications_data_modelenterprise_manager_ops_centeressbaseretail_back_officecommunications_cloud_native_core_network_repository_functionhospitality_reporting_and_analyticscommunications_metasolv_solutioncommunications_offline_mediation_controllerpeoplesoft_enterprise_cs_sa_integration_packflexcube_private_bankingretail_predictive_application_serverhealthcare_data_repositoryjd_edwards_enterpriseone_orchestratorcommunications_cloud_native_core_unified_data_repositoryclinicalenterprise_session_border_controllerinsurance_rules_palettecommunications_webrtc_session_controllerretail_financial_integrationflexcube_investor_servicinghealthcare_foundationcommunications_network_integritymysql_connectorshospitality_opera_5_property_servicescommunications_diameter_signaling_routenosql_databasetimesten_in-memory_databasebusiness_process_management_suiteretail_allocationfujitsu_m12-2_firmwareretail_assortment_planningsolarisbanking_apisprimavera_p6_professional_project_managementgraph_server_and_clientjboss_enterprise_application_platformretail_customer_management_and_segmentation_foundationapplication_performance_managementdatabase_serverfinancial_services_analytical_applications_infrastructureapplication_testing_suitebanking_deposits_and_lines_of_credit_servicingfujitsu_m10-4elementretail_order_management_systemutilities_frameworkprimavera_unifiercommunications_convergencebig_data_spatial_and_graphfinancial_services_enterprise_case_managementhealth_sciences_clinical_development_analyticsretail_returns_managementargus_analyticshospitality_cruise_shipboard_property_management_systemfusion_middleware_mapviewerutilities_testing_acceleratorsiebel_applicationsfujitsu_m12-2svm_virtualboxcommunications_cloud_native_core_automated_test_suitecommunications_converged_application_server_-_service_controllerretail_point-of-saleretail_service_backboneretail_integration_buscommunications_convergent_charging_controllerinsurance_insbridge_rating_and_underwritingaccess_managerenterprise_manager_base_platformretail_customer_insightsreal-time_decision_serverjboss_data_gridfujitsu_m10-4sessbase_administration_serviceshyperion_infrastructure_technologyfujitsu_m12-1_firmwarebusiness_activity_monitoringprimavera_data_warehousecommunications_session_border_controllergoldengate_application_adaptershealth_sciences_information_managermanagement_services_for_element_software_and_netapp_hcipeoplesoft_enterprise_people_toolsrest_data_servicesairlines_data_modelretail_size_profile_optimizationdocumakergoldengateretail_central_officeapplication_expresssnapcenter_plug-inhealth_sciences_inform_crf_submitcommunications_billing_and_revenue_managementinsurance_data_gatewayfujitsu_m12-1primavera_portfolio_managementspatial_studiohyperion_financial_managementretail_analyticsretail_fiscal_managementfinancial_services_foreign_account_tax_compliance_act_managementbanking_digital_experiencecommunications_services_gatekeeperfinancial_services_behavior_detection_platforminstantis_enterprisetrackenterprise_communications_brokerbanking_loans_servicingcommunications_service_brokercommunications_cloud_native_core_service_communication_proxysecure_backupcommunications_operations_monitorfinancial_services_trade-based_anti_money_launderingcommunications_cloud_native_core_security_edge_protection_proxyenterprise_data_qualityretail_price_managementbanking_enterprise_default_managementinsurance_policy_administration_j2eecommunications_cloud_native_core_network_function_cloud_native_environmentcommunications_unified_inventory_managementretail_eftlinkcommunications_eagle_application_processorcommunications_design_studiobanking_enterprise_default_managmentagile_engineering_data_managementjdkcommunications_contacts_serveropenshift_application_runtimeshibernate_validatorhyperion_ilearningrapid_planninggraalvmcommunications_application_session_controllerenterprise_linuxretail_invoice_matchingargus_insightdemantra_demand_managementfujitsu_m10-1banking_party_managementhttp_serverfinancial_services_model_management_and_governancehospitality_suite8communications_cloud_native_core_binding_support_functioncommunications_cloud_native_core_policycommunications_network_charging_and_controlhealthcare_translational_researchcommerce_guided_searchprimavera_p6_enterprise_project_portfolio_managementretail_extract_transform_and_loadcommunications_calendar_servercommunications_billing_and_revenue_management_elastic_charging_enginebusiness_intelligencefusion_middlewaresd-wan_awareagile_product_lifecycle_analyticscommunications_messaging_serverzfs_storage_appliance_kitfujitsu_m10-4s_firmwareinsurance_policy_administrationcommunications_instant_messaging_serverargus_safetyfujitsu_m12-2agile_plmactive_iq_unified_managerfujitsu_m10-4_firmwareretail_xstore_point_of_servicereal_user_experience_insightzfs_storage_application_integration_engineering_softwareprimavera_analyticscommunications_interactive_session_recordersingle_sign-onbi_publisheross_support_toolsjava_semysql_workbenchprimavera_gatewaymanaged_file_transferthesaurus_management_systemsd-wan_edgeretail_merchandising_systemfujitsu_m12-2s_firmwarefujitsu_m10-1_firmwarehibernate-validator
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2010-0874
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.64% / 69.71%
||
7 Day CHG~0.00%
Published-13 Apr, 2010 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Communications - Oracle Communications Unified Inventory Management component in Oracle Industry Product Suite 7.1 allows remote attackers to affect integrity via unknown vectors.

Action-Not Available
Vendor-n/aOracle Corporation
Product-industry_product_suiten/a
CVE-2010-0912
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.31% / 53.72%
||
7 Day CHG~0.00%
Published-13 Jul, 2010 | 22:07
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.2 allows remote attackers to affect integrity via unknown vectors.

Action-Not Available
Vendor-n/aOracle Corporation
Product-e-business_suiten/a
CVE-2010-0863
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.73% / 71.70%
||
7 Day CHG~0.00%
Published-13 Apr, 2010 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Retail - Oracle Retail Plan In-Season component in Oracle Industry Product Suite 12.2 allows remote attackers to affect integrity via unknown vectors related to Online Help.

Action-Not Available
Vendor-n/aOracle Corporation
Product-industry_product_suiten/a
CVE-2010-0876
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.64% / 69.71%
||
7 Day CHG~0.00%
Published-13 Apr, 2010 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Life Sciences - Oracle Clinical Remote Data Capture Option component in Oracle Industry Product Suite 4.5.3 and 4.6 allows remote attackers to affect integrity, related to RDC Onsite.

Action-Not Available
Vendor-n/aOracle Corporation
Product-industry_product_suiten/a
CVE-2016-0536
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.31% / 53.72%
||
7 Day CHG~0.00%
Published-21 Jan, 2016 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Universal Work Queue component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via unknown vectors related to error messages.

Action-Not Available
Vendor-n/aOracle Corporation
Product-universal_work_queuen/a
CVE-2010-0069
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.42% / 61.09%
||
7 Day CHG~0.00%
Published-13 Jan, 2010 | 01:00
Updated-07 Aug, 2024 | 00:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 7.0, SP7, 8.1SP6, 9.0, 9.1, 9.2MP3, 10.0MP1, and 10.3.0 allows remote attackers to affect integrity via unknown vectors.

Action-Not Available
Vendor-n/aOracle Corporation
Product-bea_product_suiten/a
CVE-2010-2395
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.42% / 61.09%
||
7 Day CHG~0.00%
Published-13 Oct, 2010 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Cabo/UIX component in Oracle Fusion Middleware 10.1.2.3 and 10.1.3.5 allows remote attackers to affect integrity via unknown vectors, a different vulnerability than CVE-2010-2409 and CVE-2010-2410.

Action-Not Available
Vendor-n/aOracle Corporation
Product-fusion_middlewaren/a
CVE-2010-0892
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.31% / 53.72%
||
7 Day CHG~0.00%
Published-13 Jul, 2010 | 22:07
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Application Express component in Oracle Database Server 3.2.0.00.27 allows remote attackers to affect integrity via unknown vectors.

Action-Not Available
Vendor-n/aOracle Corporation
Product-database_servern/a
CVE-2010-0862
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.81% / 73.27%
||
7 Day CHG~0.00%
Published-13 Apr, 2010 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Retail - Oracle Retail Markdown Optimization component in Oracle Industry Product Suite 13.1 allows remote attackers to affect integrity via unknown vectors related to Online Help.

Action-Not Available
Vendor-n/aOracle Corporation
Product-industry_product_suiten/a
CVE-2010-2373
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.31% / 53.72%
||
7 Day CHG~0.00%
Published-13 Jul, 2010 | 22:07
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Console component in Oracle Enterprise Manager Grid Control 10.1.0.6 and 10.2.0.5 allows remote attackers to affect integrity via unknown vectors.

Action-Not Available
Vendor-n/aOracle Corporation
Product-enterprise_manager_grid_controln/a
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • ...
  • 10
  • 11
  • Next
Details not found