Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2013-0431

Summary
Assigner-oracle
Assigner Org ID-43595867-4340-4103-b7a2-9a5208d29a85
Published At-31 Jan, 2013 | 14:10
Updated At-22 Oct, 2025 | 00:05
Rejected At-
Credits

Oracle JRE Sandbox Bypass Vulnerability

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle allows remote attackers to bypass the Java security sandbox.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Known Exploited Vulnerabilities (KEV)
cisa.gov
Vendor:
Oracle CorporationOracle
Product:Java Runtime Environment (JRE)
Added At:25 May, 2022
Due At:15 Jun, 2022

Oracle JRE Sandbox Bypass Vulnerability

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle allows remote attackers to bypass the Java security sandbox.

Used in Ransomware

:

Known

CWE

:
N/A

Required Action:

Apply updates per vendor instructions.

Additional Notes:

https://nvd.nist.gov/vuln/detail/CVE-2013-0431
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:oracle
Assigner Org ID:43595867-4340-4103-b7a2-9a5208d29a85
Published At:31 Jan, 2013 | 14:10
Updated At:22 Oct, 2025 | 00:05
Rejected At:
â–¼CVE Numbering Authority (CNA)

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, and OpenJDK 7, allows user-assisted remote attackers to bypass the Java security sandbox via unspecified vectors related to JMX, aka "Issue 52," a different vulnerability than CVE-2013-1490.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19418
vdb-entry
signature
x_refsource_OVAL
http://security.gentoo.org/glsa/glsa-201406-32.xml
vendor-advisory
x_refsource_GENTOO
http://www.mandriva.com/security/advisories?name=MDVSA-2013:095
vendor-advisory
x_refsource_MANDRIVA
http://www.informationweek.com/security/application-security/java-hacker-uncovers-two-flaws-in-latest/240146717
x_refsource_MISC
http://www.us-cert.gov/cas/techalerts/TA13-032A.html
third-party-advisory
x_refsource_CERT
http://seclists.org/fulldisclosure/2013/Jan/142
mailing-list
x_refsource_FULLDISC
http://www.kb.cert.org/vuls/id/858729
third-party-advisory
x_refsource_CERT-VN
http://rhn.redhat.com/errata/RHSA-2013-0237.html
vendor-advisory
x_refsource_REDHAT
http://marc.info/?l=bugtraq&m=136439120408139&w=2
vendor-advisory
x_refsource_HP
http://rhn.redhat.com/errata/RHSA-2013-0247.html
vendor-advisory
x_refsource_REDHAT
http://arstechnica.com/security/2013/01/critical-java-vulnerabilies-confirmed-in-latest-version/
x_refsource_MISC
http://seclists.org/fulldisclosure/2013/Jan/195
mailing-list
x_refsource_FULLDISC
http://marc.info/?l=bugtraq&m=136733161405818&w=2
vendor-advisory
x_refsource_HP
http://marc.info/?l=bugtraq&m=136439120408139&w=2
vendor-advisory
x_refsource_HP
http://blogs.computerworld.com/malware-and-vulnerabilities/21693/yet-another-java-security-flaw-discovered-number-53
x_refsource_MISC
http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html
vendor-advisory
x_refsource_SUSE
http://www.securityfocus.com/archive/1/525387/30/0/threaded
mailing-list
x_refsource_BUGTRAQ
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16579
vdb-entry
signature
x_refsource_OVAL
http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html
x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=136733161405818&w=2
vendor-advisory
x_refsource_HP
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056
x_refsource_CONFIRM
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19418
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://security.gentoo.org/glsa/glsa-201406-32.xml
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2013:095
Resource:
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: http://www.informationweek.com/security/application-security/java-hacker-uncovers-two-flaws-in-latest/240146717
Resource:
x_refsource_MISC
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA13-032A.html
Resource:
third-party-advisory
x_refsource_CERT
Hyperlink: http://seclists.org/fulldisclosure/2013/Jan/142
Resource:
mailing-list
x_refsource_FULLDISC
Hyperlink: http://www.kb.cert.org/vuls/id/858729
Resource:
third-party-advisory
x_refsource_CERT-VN
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0237.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://marc.info/?l=bugtraq&m=136439120408139&w=2
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0247.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://arstechnica.com/security/2013/01/critical-java-vulnerabilies-confirmed-in-latest-version/
Resource:
x_refsource_MISC
Hyperlink: http://seclists.org/fulldisclosure/2013/Jan/195
Resource:
mailing-list
x_refsource_FULLDISC
Hyperlink: http://marc.info/?l=bugtraq&m=136733161405818&w=2
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://marc.info/?l=bugtraq&m=136439120408139&w=2
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://blogs.computerworld.com/malware-and-vulnerabilities/21693/yet-another-java-security-flaw-discovered-number-53
Resource:
x_refsource_MISC
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://www.securityfocus.com/archive/1/525387/30/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16579
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://marc.info/?l=bugtraq&m=136733161405818&w=2
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056
Resource:
x_refsource_CONFIRM
â–¼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19418
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://security.gentoo.org/glsa/glsa-201406-32.xml
vendor-advisory
x_refsource_GENTOO
x_transferred
http://www.mandriva.com/security/advisories?name=MDVSA-2013:095
vendor-advisory
x_refsource_MANDRIVA
x_transferred
http://www.informationweek.com/security/application-security/java-hacker-uncovers-two-flaws-in-latest/240146717
x_refsource_MISC
x_transferred
http://www.us-cert.gov/cas/techalerts/TA13-032A.html
third-party-advisory
x_refsource_CERT
x_transferred
http://seclists.org/fulldisclosure/2013/Jan/142
mailing-list
x_refsource_FULLDISC
x_transferred
http://www.kb.cert.org/vuls/id/858729
third-party-advisory
x_refsource_CERT-VN
x_transferred
http://rhn.redhat.com/errata/RHSA-2013-0237.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://marc.info/?l=bugtraq&m=136439120408139&w=2
vendor-advisory
x_refsource_HP
x_transferred
http://rhn.redhat.com/errata/RHSA-2013-0247.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://arstechnica.com/security/2013/01/critical-java-vulnerabilies-confirmed-in-latest-version/
x_refsource_MISC
x_transferred
http://seclists.org/fulldisclosure/2013/Jan/195
mailing-list
x_refsource_FULLDISC
x_transferred
http://marc.info/?l=bugtraq&m=136733161405818&w=2
vendor-advisory
x_refsource_HP
x_transferred
http://marc.info/?l=bugtraq&m=136439120408139&w=2
vendor-advisory
x_refsource_HP
x_transferred
http://blogs.computerworld.com/malware-and-vulnerabilities/21693/yet-another-java-security-flaw-discovered-number-53
x_refsource_MISC
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://www.securityfocus.com/archive/1/525387/30/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16579
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html
x_refsource_CONFIRM
x_transferred
http://marc.info/?l=bugtraq&m=136733161405818&w=2
vendor-advisory
x_refsource_HP
x_transferred
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056
x_refsource_CONFIRM
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19418
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://security.gentoo.org/glsa/glsa-201406-32.xml
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2013:095
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: http://www.informationweek.com/security/application-security/java-hacker-uncovers-two-flaws-in-latest/240146717
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA13-032A.html
Resource:
third-party-advisory
x_refsource_CERT
x_transferred
Hyperlink: http://seclists.org/fulldisclosure/2013/Jan/142
Resource:
mailing-list
x_refsource_FULLDISC
x_transferred
Hyperlink: http://www.kb.cert.org/vuls/id/858729
Resource:
third-party-advisory
x_refsource_CERT-VN
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0237.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=136439120408139&w=2
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0247.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://arstechnica.com/security/2013/01/critical-java-vulnerabilies-confirmed-in-latest-version/
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://seclists.org/fulldisclosure/2013/Jan/195
Resource:
mailing-list
x_refsource_FULLDISC
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=136733161405818&w=2
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=136439120408139&w=2
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://blogs.computerworld.com/malware-and-vulnerabilities/21693/yet-another-java-security-flaw-discovered-number-53
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/525387/30/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16579
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=136733161405818&w=2
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056
Resource:
x_refsource_CONFIRM
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-693CWE-693 Protection Mechanism Failure
Type: CWE
CWE ID: CWE-693
Description: CWE-693 Protection Mechanism Failure
Metrics
VersionBase scoreBase severityVector
3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Metrics Other Info
kev
dateAdded:
2022-05-25
reference:
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-0431
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
CVE-2013-0431 added to CISA KEV2022-05-25 00:00:00
Event: CVE-2013-0431 added to CISA KEV
Date: 2022-05-25 00:00:00
Replaced By

Rejected Reason

References
HyperlinkResource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-0431
government-resource
Hyperlink: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-0431
Resource:
government-resource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert_us@oracle.com
Published At:31 Jan, 2013 | 14:55
Updated At:21 Apr, 2026 | 19:02

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, and OpenJDK 7, allows user-assisted remote attackers to bypass the Java security sandbox via unspecified vectors related to JMX, aka "Issue 52," a different vulnerability than CVE-2013-1490.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
2022-05-252022-06-15Oracle JRE Sandbox Bypass VulnerabilityApply updates per vendor instructions.
Date Added: 2022-05-25
Due Date: 2022-06-15
Vulnerability Name: Oracle JRE Sandbox Bypass Vulnerability
Required Action: Apply updates per vendor instructions.
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:P/A:N
Type: Secondary
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:N
CPE Matches

Oracle Corporation
oracle
>>jre>>1.7.0
cpe:2.3:a:oracle:jre:1.7.0:-:*:*:*:*:*:*
Oracle Corporation
oracle
>>jre>>1.7.0
cpe:2.3:a:oracle:jre:1.7.0:update1:*:*:*:*:*:*
Oracle Corporation
oracle
>>jre>>1.7.0
cpe:2.3:a:oracle:jre:1.7.0:update10:*:*:*:*:*:*
Oracle Corporation
oracle
>>jre>>1.7.0
cpe:2.3:a:oracle:jre:1.7.0:update11:*:*:*:*:*:*
Oracle Corporation
oracle
>>jre>>1.7.0
cpe:2.3:a:oracle:jre:1.7.0:update2:*:*:*:*:*:*
Oracle Corporation
oracle
>>jre>>1.7.0
cpe:2.3:a:oracle:jre:1.7.0:update3:*:*:*:*:*:*
Oracle Corporation
oracle
>>jre>>1.7.0
cpe:2.3:a:oracle:jre:1.7.0:update4:*:*:*:*:*:*
Oracle Corporation
oracle
>>jre>>1.7.0
cpe:2.3:a:oracle:jre:1.7.0:update5:*:*:*:*:*:*
Oracle Corporation
oracle
>>jre>>1.7.0
cpe:2.3:a:oracle:jre:1.7.0:update6:*:*:*:*:*:*
Oracle Corporation
oracle
>>jre>>1.7.0
cpe:2.3:a:oracle:jre:1.7.0:update7:*:*:*:*:*:*
Oracle Corporation
oracle
>>jre>>1.7.0
cpe:2.3:a:oracle:jre:1.7.0:update9:*:*:*:*:*:*
Oracle Corporation
oracle
>>openjdk>>7
cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-OtherPrimarynvd@nist.gov
CWE-693Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: NVD-CWE-Other
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-693
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://arstechnica.com/security/2013/01/critical-java-vulnerabilies-confirmed-in-latest-version/secalert_us@oracle.com
Third Party Advisory
http://blogs.computerworld.com/malware-and-vulnerabilities/21693/yet-another-java-security-flaw-discovered-number-53secalert_us@oracle.com
Not Applicable
http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.htmlsecalert_us@oracle.com
Third Party Advisory
http://marc.info/?l=bugtraq&m=136439120408139&w=2secalert_us@oracle.com
Mailing List
Third Party Advisory
http://marc.info/?l=bugtraq&m=136733161405818&w=2secalert_us@oracle.com
Mailing List
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0237.htmlsecalert_us@oracle.com
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0247.htmlsecalert_us@oracle.com
Third Party Advisory
http://seclists.org/fulldisclosure/2013/Jan/142secalert_us@oracle.com
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2013/Jan/195secalert_us@oracle.com
Mailing List
Third Party Advisory
http://security.gentoo.org/glsa/glsa-201406-32.xmlsecalert_us@oracle.com
Third Party Advisory
http://www.informationweek.com/security/application-security/java-hacker-uncovers-two-flaws-in-latest/240146717secalert_us@oracle.com
Broken Link
http://www.kb.cert.org/vuls/id/858729secalert_us@oracle.com
Third Party Advisory
US Government Resource
http://www.mandriva.com/security/advisories?name=MDVSA-2013:095secalert_us@oracle.com
Not Applicable
http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.htmlsecalert_us@oracle.com
Vendor Advisory
http://www.securityfocus.com/archive/1/525387/30/0/threadedsecalert_us@oracle.com
Third Party Advisory
VDB Entry
http://www.us-cert.gov/cas/techalerts/TA13-032A.htmlsecalert_us@oracle.com
Third Party Advisory
US Government Resource
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16579secalert_us@oracle.com
Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19418secalert_us@oracle.com
Broken Link
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056secalert_us@oracle.com
Third Party Advisory
http://arstechnica.com/security/2013/01/critical-java-vulnerabilies-confirmed-in-latest-version/af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://blogs.computerworld.com/malware-and-vulnerabilities/21693/yet-another-java-security-flaw-discovered-number-53af854a3a-2127-422b-91ae-364da2661108
Not Applicable
http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://marc.info/?l=bugtraq&m=136439120408139&w=2af854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://marc.info/?l=bugtraq&m=136733161405818&w=2af854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0237.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0247.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://seclists.org/fulldisclosure/2013/Jan/142af854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2013/Jan/195af854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://security.gentoo.org/glsa/glsa-201406-32.xmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.informationweek.com/security/application-security/java-hacker-uncovers-two-flaws-in-latest/240146717af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.kb.cert.org/vuls/id/858729af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
US Government Resource
http://www.mandriva.com/security/advisories?name=MDVSA-2013:095af854a3a-2127-422b-91ae-364da2661108
Not Applicable
http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.htmlaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.securityfocus.com/archive/1/525387/30/0/threadedaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
http://www.us-cert.gov/cas/techalerts/TA13-032A.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
US Government Resource
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16579af854a3a-2127-422b-91ae-364da2661108
Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19418af854a3a-2127-422b-91ae-364da2661108
Broken Link
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-0431134c704f-9b21-4f2e-91b3-4a467353bcc0
US Government Resource
Hyperlink: http://arstechnica.com/security/2013/01/critical-java-vulnerabilies-confirmed-in-latest-version/
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
Hyperlink: http://blogs.computerworld.com/malware-and-vulnerabilities/21693/yet-another-java-security-flaw-discovered-number-53
Source: secalert_us@oracle.com
Resource:
Not Applicable
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
Hyperlink: http://marc.info/?l=bugtraq&m=136439120408139&w=2
Source: secalert_us@oracle.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://marc.info/?l=bugtraq&m=136733161405818&w=2
Source: secalert_us@oracle.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0237.html
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0247.html
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
Hyperlink: http://seclists.org/fulldisclosure/2013/Jan/142
Source: secalert_us@oracle.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://seclists.org/fulldisclosure/2013/Jan/195
Source: secalert_us@oracle.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://security.gentoo.org/glsa/glsa-201406-32.xml
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
Hyperlink: http://www.informationweek.com/security/application-security/java-hacker-uncovers-two-flaws-in-latest/240146717
Source: secalert_us@oracle.com
Resource:
Broken Link
Hyperlink: http://www.kb.cert.org/vuls/id/858729
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
US Government Resource
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2013:095
Source: secalert_us@oracle.com
Resource:
Not Applicable
Hyperlink: http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html
Source: secalert_us@oracle.com
Resource:
Vendor Advisory
Hyperlink: http://www.securityfocus.com/archive/1/525387/30/0/threaded
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA13-032A.html
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
US Government Resource
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16579
Source: secalert_us@oracle.com
Resource:
Broken Link
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19418
Source: secalert_us@oracle.com
Resource:
Broken Link
Hyperlink: https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
Hyperlink: http://arstechnica.com/security/2013/01/critical-java-vulnerabilies-confirmed-in-latest-version/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://blogs.computerworld.com/malware-and-vulnerabilities/21693/yet-another-java-security-flaw-discovered-number-53
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Not Applicable
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://marc.info/?l=bugtraq&m=136439120408139&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://marc.info/?l=bugtraq&m=136733161405818&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0237.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0247.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://seclists.org/fulldisclosure/2013/Jan/142
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://seclists.org/fulldisclosure/2013/Jan/195
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://security.gentoo.org/glsa/glsa-201406-32.xml
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.informationweek.com/security/application-security/java-hacker-uncovers-two-flaws-in-latest/240146717
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://www.kb.cert.org/vuls/id/858729
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
US Government Resource
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2013:095
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Not Applicable
Hyperlink: http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.securityfocus.com/archive/1/525387/30/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA13-032A.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
US Government Resource
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16579
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19418
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-0431
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Resource:
US Government Resource

Change History

0
Information is not available yet

Similar CVEs

297Records found

CVE-2019-2427
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.3||MEDIUM
EPSS-1.27% / 66.39%
||
7 Day CHG~0.00%
Published-16 Jan, 2019 | 19:00
Updated-02 Oct, 2024 | 16:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle WebCenter Portal component of Oracle Fusion Middleware (subcomponent: WebCenter Spaces Application). Supported versions that are affected are 11.1.1.9.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Portal. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebCenter Portal accessible data. CVSS 3.0 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-webcenter_portalWebCenter Portal
CVE-2016-0526
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5||MEDIUM
EPSS-1.58% / 72.58%
||
7 Day CHG~0.00%
Published-21 Jan, 2016 | 02:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suite 11.5.10.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect integrity via unknown vectors related to Wireless Framework.

Action-Not Available
Vendor-n/aOracle Corporation
Product-e-business_suiten/a
CVE-2016-0460
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5||MEDIUM
EPSS-1.58% / 72.58%
||
7 Day CHG~0.00%
Published-21 Jan, 2016 | 02:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.55 allows remote attackers to affect integrity via unknown vectors related to Fluid Homepage and NavBar.

Action-Not Available
Vendor-n/aOracle Corporation
Product-peoplesoft_enterprise_peopletoolsn/a
CVE-2016-0565
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5||MEDIUM
EPSS-1.58% / 72.58%
||
7 Day CHG~0.00%
Published-21 Jan, 2016 | 02:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Marketing component in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors.

Action-Not Available
Vendor-n/aOracle Corporation
Product-marketingn/a
CVE-2005-2371
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-22.29% / 97.39%
||
7 Day CHG~0.00%
Published-26 Jul, 2005 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in Oracle Reports 6.0, 6i, 9i, and 10g allows remote attackers to overwrite arbitrary files via (1) "..", (2) Windows drive letter (C:), and (3) absolute path sequences in the desname parameter. NOTE: this issue was probably fixed by REP06 in CPU Jan 2006, in which case it overlaps CVE-2006-0289.

Action-Not Available
Vendor-n/aOracle Corporation
Product-reportsn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2019-20916
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.03% / 85.85%
||
7 Day CHG+0.02%
Published-04 Sep, 2020 | 19:20
Updated-05 Aug, 2024 | 03:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _internal/download.py.

Action-Not Available
Vendor-pypan/aopenSUSEOracle CorporationDebian GNU/Linux
Product-debian_linuxcommunications_cloud_native_core_network_function_cloud_native_environmentpipcommunications_cloud_native_core_policyleapn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2016-0402
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5||MEDIUM
EPSS-4.64% / 90.61%
||
7 Day CHG~0.00%
Published-21 Jan, 2016 | 02:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect integrity via unknown vectors related to Networking.

Action-Not Available
Vendor-n/aCanonical Ltd.Oracle Corporation
Product-ubuntu_linuxjdkjren/a
CVE-2019-19924
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-7.86% / 93.97%
||
7 Day CHG~0.00%
Published-24 Dec, 2019 | 15:53
Updated-05 Aug, 2024 | 02:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite() error handling.

Action-Not Available
Vendor-sqliten/aNetApp, Inc.The Apache Software FoundationOracle CorporationSiemens AG
Product-sinec_infrastructure_network_servicesbookkeepersqlitecloud_backupmysql_workbenchn/a
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2026-46790
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.3||MEDIUM
EPSS-0.34% / 25.64%
||
7 Day CHG~0.00%
Published-16 Jun, 2026 | 19:27
Updated-17 Jun, 2026 | 21:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). The supported version that is affected is 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Content. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle WebCenter Content accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-webcenter_contentOracle WebCenter Content
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-17566
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-10.74% / 95.28%
||
7 Day CHG~0.00%
Published-12 Nov, 2020 | 00:00
Updated-05 Aug, 2024 | 01:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.

Action-Not Available
Vendor-n/aThe Apache Software FoundationOracle Corporation
Product-communications_metasolv_solutioncommunications_offline_mediation_controllerenterprise_repositorybusiness_intelligenceretail_integration_busretail_returns_managementbatikretail_point-of-servicecommunications_application_session_controllerretail_order_brokerfinancial_services_analytical_applications_infrastructurehyperion_financial_reportinginstantis_enterprisetrackfusion_middleware_mapviewerhospitality_opera_5retail_order_management_system_cloud_servicejd_edwards_enterpriseone_toolsapi_gatewayApache Batik
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2015-4872
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5||MEDIUM
EPSS-3.70% / 88.40%
||
7 Day CHG~0.00%
Published-21 Oct, 2015 | 23:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect integrity via unknown vectors related to Security.

Action-Not Available
Vendor-n/aOracle Corporation
Product-jrockitjdkjren/a
CVE-2015-4902
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.3||MEDIUM
EPSS-13.35% / 95.95%
||
7 Day CHG~0.00%
Published-21 Oct, 2015 | 23:00
Updated-22 Apr, 2026 | 13:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-03-24||Apply updates per vendor instructions.

Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60 allows remote attackers to affect integrity via unknown vectors related to Deployment.

Action-Not Available
Vendor-n/aopenSUSERed Hat, Inc.Oracle CorporationSUSE
Product-enterprise_linux_eusenterprise_linux_for_power_little_endianjreenterprise_linux_for_ibm_z_systemsenterprise_linux_desktopenterprise_linux_for_power_big_endian_eusenterprise_linux_server_from_rhuienterprise_linux_for_power_big_endianlinux_enterprise_serverlinux_enterprise_software_development_kitenterprise_linux_for_ibm_z_systems_eussatellitejdkenterprise_linux_serverenterprise_linux_workstationleapenterprise_linux_for_scientific_computingenterprise_linux_for_power_little_endian_euslinux_enterprise_module_for_legacyenterprise_linux_eus_compute_nodeopensusen/aJava SE
CWE ID-CWE-284
Improper Access Control
CVE-2019-17567
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-5.3||MEDIUM
EPSS-60.27% / 99.03%
||
7 Day CHG~0.00%
Published-10 Jun, 2021 | 07:10
Updated-05 Aug, 2024 | 01:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
mod_proxy_wstunnel tunneling of non Upgraded connections

Apache HTTP Server versions 2.4.6 to 2.4.46 mod_proxy_wstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connection to pass through with no HTTP validation, authentication or authorization possibly configured.

Action-Not Available
Vendor-The Apache Software FoundationFedora ProjectOracle Corporation
Product-http_serverinstantis_enterprisetrackfedorazfs_storage_appliance_kitenterprise_manager_ops_centerApache HTTP Server
CWE ID-CWE-444
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CVE-2019-17561
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-1.63% / 73.39%
||
7 Day CHG~0.00%
Published-30 Mar, 2020 | 18:44
Updated-05 Aug, 2024 | 01:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The "Apache NetBeans" autoupdate system does not fully validate code signatures. An attacker could modify the downloaded nbm and include additional code. "Apache NetBeans" versions up to and including 11.2 are affected by this vulnerability.

Action-Not Available
Vendor-n/aThe Apache Software FoundationOracle Corporation
Product-netbeansgraalvmApache NetBeans
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2025-30726
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.3||MEDIUM
EPSS-0.26% / 17.71%
||
7 Day CHG~0.00%
Published-15 Apr, 2025 | 20:31
Updated-21 Apr, 2025 | 19:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: Core). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Application Object Library accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-application_object_libraryOracle Application Object Library
CWE ID-CWE-284
Improper Access Control
CVE-2015-2652
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5||MEDIUM
EPSS-2.87% / 85.08%
||
7 Day CHG~0.00%
Published-16 Jul, 2015 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Marketing component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect integrity via unknown vectors related to Web Management.

Action-Not Available
Vendor-n/aOracle Corporation
Product-e-business_suiten/a
CVE-2025-30702
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.3||MEDIUM
EPSS-0.45% / 35.84%
||
7 Day CHG~0.00%
Published-15 Apr, 2025 | 20:41
Updated-26 Jun, 2025 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Fleet Patching and amp; Provisioning component of Oracle Database Server. Supported versions that are affected are 19.3-19.26. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Fleet Patching and amp; Provisioning. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Fleet Patching and amp; Provisioning accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-fleet_patching_and_provisioningOracle Database Server
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-3200
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-9.98% / 95.03%
||
7 Day CHG~0.00%
Published-09 Jun, 2015 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

mod_auth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a basic HTTP authentication string without a colon character, as demonstrated by a string containing a NULL and new line character.

Action-Not Available
Vendor-lighttpdn/aHP Inc.Oracle Corporation
Product-virtual_customer_access_systemlighttpdsolarisn/a
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2025-30758
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.3||MEDIUM
EPSS-0.30% / 21.71%
||
7 Day CHG~0.00%
Published-15 Jul, 2025 | 19:27
Updated-29 Jul, 2025 | 17:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Siebel CRM End User product of Oracle Siebel CRM (component: User Interface). Supported versions that are affected are 25.0-25.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel CRM End User. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Siebel CRM End User accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-siebel_crm_deploymentSiebel CRM End User
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-3276
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-5.33% / 91.62%
||
7 Day CHG~0.00%
Published-07 Dec, 2015 | 20:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors.

Action-Not Available
Vendor-openldapn/aOracle CorporationRed Hat, Inc.
Product-enterprise_linux_serverenterprise_linux_workstationenterprise_linux_server_tusenterprise_linux_desktoplinuxenterprise_linux_hpc_nodeenterprise_linux_eusenterprise_linux_server_ausopenldapn/a
CVE-2015-3900
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-8.93% / 94.61%
||
7 Day CHG~0.00%
Published-24 Jun, 2015 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a "DNS hijack attack."

Action-Not Available
Vendor-rubygemsn/aRed Hat, Inc.Oracle CorporationRuby
Product-solarisrubyrubygemsenterprise_linuxn/a
CVE-2019-16792
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-7.1||HIGH
EPSS-2.12% / 79.63%
||
7 Day CHG~0.00%
Published-22 Jan, 2020 | 18:30
Updated-05 Aug, 2024 | 01:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HTTP Request Smuggling: Content-Length Sent Twice in Waitress

Waitress through version 1.3.1 allows request smuggling by sending the Content-Length header twice. Waitress would header fold a double Content-Length header and due to being unable to cast the now comma separated value to an integer would set the Content-Length to 0 internally. If two Content-Length headers are sent in a single request, Waitress would treat the request as having no body, thereby treating the body of the request as a new request in HTTP pipelining. This issue is fixed in Waitress 1.4.0.

Action-Not Available
Vendor-agendalessPylonsOracle CorporationDebian GNU/Linux
Product-communications_cloud_native_core_network_function_cloud_native_environmentwaitressdebian_linuxWaitress
CWE ID-CWE-444
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CVE-2022-24329
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-2.18% / 80.13%
||
7 Day CHG~0.00%
Published-25 Feb, 2022 | 14:35
Updated-29 Oct, 2024 | 15:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains Kotlin before 1.6.0, it was not possible to lock dependencies for Multiplatform Gradle Projects.

Action-Not Available
Vendor-n/aJetBrains s.r.o.Oracle Corporation
Product-kotlincommunications_cloud_native_core_binding_support_functioncommunications_pricing_design_centern/a
CWE ID-CWE-829
Inclusion of Functionality from Untrusted Control Sphere
CVE-2026-46830
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.3||MEDIUM
EPSS-0.21% / 10.65%
||
7 Day CHG~0.00%
Published-28 May, 2026 | 20:17
Updated-03 Jun, 2026 | 18:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in Oracle REST Data Services (component: Mongoapi). Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle REST Data Services. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle REST Data Services accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-rest_data_servicesOracle REST Data Services
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2026-46841
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.3||MEDIUM
EPSS-0.21% / 11.82%
||
7 Day CHG~0.00%
Published-28 May, 2026 | 20:17
Updated-04 Jun, 2026 | 14:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in Oracle REST Data Services (component: General). Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle REST Data Services. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle REST Data Services accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-rest_data_servicesOracle REST Data Services
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2022-22968
Matching Score-8
Assigner-VMware by Broadcom
ShareView Details
Matching Score-8
Assigner-VMware by Broadcom
CVSS Score-5.3||MEDIUM
EPSS-5.67% / 92.03%
||
7 Day CHG+0.25%
Published-14 Apr, 2022 | 20:05
Updated-03 Aug, 2024 | 03:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)NetApp, Inc.Oracle Corporation
Product-snapmanagermysql_enterprise_monitoractive_iq_unified_managermetrocluster_tiebreakersnap_creator_frameworkcloud_secure_agentspring_frameworkSpring Framework
CWE ID-CWE-178
Improper Handling of Case Sensitivity
CVE-2022-21296
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.3||MEDIUM
EPSS-2.83% / 84.86%
||
7 Day CHG~0.00%
Published-19 Jan, 2022 | 11:23
Updated-27 May, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

Action-Not Available
Vendor-Oracle CorporationDebian GNU/LinuxNetApp, Inc.
Product-cloud_secure_agentsantricity_unified_managerhci_management_nodeoncommand_workflow_automationsolidfirejdk7-mode_transition_toolgraalvmdebian_linuxopenjdksnapmanagere-series_santricity_web_servicese-series_santricity_storage_managerjreoncommand_insightsantricity_storage_plugine-series_santricity_os_controlleractive_iq_unified_managercloud_insights_acquisition_unitJava SE JDK and JRE
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2022-21496
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.3||MEDIUM
EPSS-2.65% / 83.78%
||
7 Day CHG~0.00%
Published-19 Apr, 2022 | 20:38
Updated-24 Sep, 2024 | 20:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).

Action-Not Available
Vendor-azulDebian GNU/LinuxNetApp, Inc.Oracle Corporation
Product-bootstrap_osactive_iq_unified_managercloud_insights_acquisition_unithci_compute_nodeelement_softwaresolidfiresantricity_unified_managerdebian_linuxgraalvmzuluhci_management_nodejava_see-series_santricity_os_controllere-series_santricity_storage_managere-series_santricity_web_servicescloud_secure_agentoncommand_insightJava SE JDK and JRE
CVE-2022-21602
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.3||MEDIUM
EPSS-0.60% / 44.12%
||
7 Day CHG~0.00%
Published-18 Oct, 2022 | 00:00
Updated-24 Sep, 2024 | 15:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Supported versions that are affected are 8.58, 8.59 and 8.60. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-peoplesoft_enterprisePeopleSoft Enterprise PT PeopleTools
CVE-2022-21305
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.3||MEDIUM
EPSS-2.76% / 84.45%
||
7 Day CHG~0.00%
Published-19 Jan, 2022 | 11:23
Updated-27 May, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).

Action-Not Available
Vendor-Oracle CorporationDebian GNU/LinuxNetApp, Inc.
Product-cloud_secure_agentsantricity_unified_managerhci_management_nodeoncommand_workflow_automationsolidfirejdk7-mode_transition_toolgraalvmdebian_linuxopenjdksnapmanagere-series_santricity_web_servicese-series_santricity_storage_managerjreoncommand_insightsantricity_storage_plugine-series_santricity_os_controlleractive_iq_unified_managercloud_insights_acquisition_unitJava SE JDK and JRE
CWE ID-CWE-284
Improper Access Control
CVE-2022-21545
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.3||MEDIUM
EPSS-0.57% / 43.15%
||
7 Day CHG~0.00%
Published-19 Jul, 2022 | 21:07
Updated-24 Sep, 2024 | 19:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle iRecruitment product of Oracle E-Business Suite (component: Candidate Self Service Registration). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iRecruitment. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle iRecruitment accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-irecruitmentiRecruitment
CVE-2022-21387
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.3||MEDIUM
EPSS-1.15% / 62.90%
||
7 Day CHG~0.00%
Published-19 Jan, 2022 | 11:26
Updated-24 Sep, 2024 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Commerce Platform product of Oracle Commerce (component: Dynamo Application Framework). Supported versions that are affected are 11.3.0, 11.3.1 and 11.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Platform. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Commerce Platform accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-commerce_platformCommerce Platform
CVE-2022-21540
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.3||MEDIUM
EPSS-2.96% / 85.53%
||
7 Day CHG~0.00%
Published-19 Jul, 2022 | 00:00
Updated-27 May, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

Action-Not Available
Vendor-azulOracle CorporationNetApp, Inc.Debian GNU/LinuxFedora Project
Product-cloud_secure_agenthci_compute_nodehci_management_nodejreoncommand_insightjdk7-mode_transition_toolgraalvmsolidfiredebian_linuxzuluactive_iq_unified_managerfedoracloud_insights_acquisition_unitopenjdkJava SE JDK and JRE
CWE ID-CWE-416
Use After Free
CVE-2022-21597
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.3||MEDIUM
EPSS-0.76% / 50.82%
||
7 Day CHG~0.00%
Published-18 Oct, 2022 | 00:00
Updated-24 Sep, 2024 | 19:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaScript). Supported versions that are affected are Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GraalVM Enterprise Edition accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-graalvmGraalVM Enterprise Edition
CVE-2025-21554
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.3||MEDIUM
EPSS-0.37% / 28.93%
||
7 Day CHG~0.00%
Published-21 Jan, 2025 | 20:53
Updated-20 Jun, 2025 | 16:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Communications Order and Service Management product of Oracle Communications Applications (component: Security). Supported versions that are affected are 7.4.0, 7.4.1 and 7.5.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Order and Service Management. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Communications Order and Service Management accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-communications_order_and_service_managementOracle Communications Order and Service Management
CWE ID-CWE-863
Incorrect Authorization
CVE-2015-0449
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5||MEDIUM
EPSS-1.91% / 77.28%
||
7 Day CHG~0.00%
Published-16 Apr, 2015 | 16:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect integrity via unknown vectors related to Console.

Action-Not Available
Vendor-n/aOracle Corporation
Product-fusion_middlewaren/a
CVE-2022-0391
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-8.33% / 94.26%
||
7 Day CHG~0.00%
Published-09 Feb, 2022 | 00:00
Updated-17 Dec, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the URL path. This flaw allows an attacker to input a crafted URL, leading to injection attacks. This flaw affects Python versions prior to 3.10.0b1, 3.9.5, 3.8.11, 3.7.11 and 3.6.14.

Action-Not Available
Vendor-n/aNetApp, Inc.Fedora ProjectPython Software FoundationOracle Corporation
Product-solidfire\,_enterprise_sds_\&_hci_storage_nodeontap_select_deploy_administration_utilityhcimanagement_services_for_element_softwareactive_iq_unified_managerhttp_serverfedorapythonzfs_storage_appliance_kithci_compute_nodepython
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2015-0440
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5||MEDIUM
EPSS-1.59% / 72.63%
||
7 Day CHG~0.00%
Published-16 Apr, 2015 | 16:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Knowledge component in Oracle Right Now Service Cloud 8.2.3.10.1 and 8.4.7.2 allows remote attackers to affect integrity via unknown vectors related to Information Manager Console.

Action-Not Available
Vendor-n/aOracle Corporation
Product-right_now_service_cloudn/a
CVE-2017-10173
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.8||MEDIUM
EPSS-1.85% / 76.53%
||
7 Day CHG~0.00%
Published-08 Aug, 2017 | 15:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Retail Open Commerce Platform component of Oracle Retail Applications (subcomponent: Website). Supported versions that are affected are 5.0, 5.1, 5.2, 5.3, 6.0, 6.1, 15.0 and 15.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Open Commerce Platform. While the vulnerability is in Oracle Retail Open Commerce Platform, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Open Commerce Platform accessible data. CVSS 3.0 Base Score 5.8 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-retail_open_commerce_platform_cloud_serviceRetail Open Commerce Platform Cloud Service
CVE-2015-0367
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5||MEDIUM
EPSS-2.13% / 79.72%
||
7 Day CHG~0.00%
Published-21 Jan, 2015 | 18:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.1, and 11.1.2.2 allows remote attackers to affect integrity via vectors related to SSO Engine.

Action-Not Available
Vendor-n/aOracle Corporation
Product-fusion_middlewaren/a
CVE-2025-21498
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.3||MEDIUM
EPSS-0.50% / 38.84%
||
7 Day CHG~0.00%
Published-21 Jan, 2025 | 20:52
Updated-10 Apr, 2025 | 17:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Core). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle HTTP Server accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-http_serverOracle HTTP Server
CWE ID-CWE-862
Missing Authorization
CVE-2019-2935
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.3||MEDIUM
EPSS-1.55% / 72.11%
||
7 Day CHG~0.00%
Published-16 Oct, 2019 | 17:40
Updated-15 Oct, 2024 | 18:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM (component: EAI). Supported versions that are affected are 19.8 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Siebel UI Framework accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-siebel_ui_frameworkSiebel UI Framework
CVE-2017-10066
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.3||MEDIUM
EPSS-1.89% / 77.04%
||
7 Day CHG~0.00%
Published-19 Oct, 2017 | 17:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Applications Technology Stack component of Oracle E-Business Suite (subcomponent: Oracle Forms). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Technology Stack. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Technology Stack accessible data. CVSS 3.0 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-e-business_suite_technology_stackE-Business Suite Technology Stack
CVE-2014-6472
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5||MEDIUM
EPSS-1.41% / 69.34%
||
7 Day CHG~0.00%
Published-15 Oct, 2014 | 15:15
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote attackers to affect integrity via vectors related to LOV, a different vulnerability than CVE-2014-6539.

Action-Not Available
Vendor-n/aOracle Corporation
Product-e-business_suiten/a
CVE-2014-6519
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5||MEDIUM
EPSS-3.43% / 87.48%
||
7 Day CHG~0.00%
Published-15 Oct, 2014 | 22:03
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Java SE 7u67 and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Hotspot.

Action-Not Available
Vendor-n/aOracle Corporation
Product-jdkjren/a
CVE-2021-44533
Matching Score-8
Assigner-HackerOne
ShareView Details
Matching Score-8
Assigner-HackerOne
CVSS Score-5.3||MEDIUM
EPSS-9.36% / 94.78%
||
7 Day CHG~0.00%
Published-24 Feb, 2022 | 18:27
Updated-30 Apr, 2025 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 did not handle multi-value Relative Distinguished Names correctly. Attackers could craft certificate subjects containing a single-value Relative Distinguished Name that would be interpreted as a multi-value Relative Distinguished Name, for example, in order to inject a Common Name that would allow bypassing the certificate subject verification.Affected versions of Node.js that do not accept multi-value Relative Distinguished Names and are thus not vulnerable to such attacks themselves. However, third-party code that uses node's ambiguous presentation of certificate subjects may be vulnerable.

Action-Not Available
Vendor-Node.js (OpenJS Foundation)Oracle CorporationDebian GNU/Linux
Product-peoplesoft_enterprise_peopletoolsdebian_linuxgraalvmmysql_clustermysql_enterprise_monitormysql_connectorsmysql_workbenchnode.jsmysql_serverNode
CWE ID-CWE-295
Improper Certificate Validation
CVE-2019-16785
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-7.1||HIGH
EPSS-2.71% / 84.19%
||
7 Day CHG~0.00%
Published-20 Dec, 2019 | 23:00
Updated-05 Aug, 2024 | 01:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HTTP Request Smuggling: LF vs CRLF handling in Waitress

Waitress through version 1.3.1 implemented a "MAY" part of the RFC7230 which states: "Although the line terminator for the start-line and header fields is the sequence CRLF, a recipient MAY recognize a single LF as a line terminator and ignore any preceding CR." Unfortunately if a front-end server does not parse header fields with an LF the same way as it does those with a CRLF it can lead to the front-end and the back-end server parsing the same HTTP message in two different ways. This can lead to a potential for HTTP request smuggling/splitting whereby Waitress may see two requests while the front-end server only sees a single HTTP message. This issue is fixed in Waitress 1.4.0.

Action-Not Available
Vendor-agendalessPylonsOracle CorporationRed Hat, Inc.Fedora ProjectDebian GNU/Linux
Product-debian_linuxcommunications_cloud_native_core_network_function_cloud_native_environmentopenstackfedorawaitressWaitress
CWE ID-CWE-444
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CVE-2005-1382
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-7.01% / 93.38%
||
7 Day CHG~0.00%
Published-02 May, 2005 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The webcacheadmin module in Oracle Webcache 9i allows remote attackers to corrupt arbitrary files via a full pathname in the cache_dump_file parameter.

Action-Not Available
Vendor-n/aOracle Corporation
Product-application_server_web_cachen/a
CVE-2014-4265
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5||MEDIUM
EPSS-3.23% / 86.74%
||
7 Day CHG~0.00%
Published-17 Jul, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect integrity via unknown vectors related to Deployment.

Action-Not Available
Vendor-n/aOracle Corporation
Product-jdkjren/a
CVE-2014-4220
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5||MEDIUM
EPSS-3.19% / 86.54%
||
7 Day CHG~0.00%
Published-17 Jul, 2014 | 02:36
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4208.

Action-Not Available
Vendor-n/aOracle Corporation
Product-jdkjren/a
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • Next
Details not found