Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2015-4020

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-25 Aug, 2015 | 17:00
Updated At-06 Aug, 2024 | 06:04
Rejected At-
Credits

RubyGems 2.0.x before 2.0.17, 2.2.x before 2.2.5, and 2.4.x before 2.4.8 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record with a domain that is suffixed with the original domain name, aka a "DNS hijack attack." NOTE: this vulnerability exists because to an incomplete fix for CVE-2015-3900.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:25 Aug, 2015 | 17:00
Updated At:06 Aug, 2024 | 06:04
Rejected At:
▼CVE Numbering Authority (CNA)

RubyGems 2.0.x before 2.0.17, 2.2.x before 2.2.5, and 2.4.x before 2.4.8 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record with a domain that is suffixed with the original domain name, aka a "DNS hijack attack." NOTE: this vulnerability exists because to an incomplete fix for CVE-2015-3900.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://blog.rubygems.org/2015/06/08/2.2.5-released.html
x_refsource_CONFIRM
https://www.trustwave.com/Resources/SpiderLabs-Blog/Attacking-Ruby-Gem-Security-with-CVE-2015-3900/
x_refsource_MISC
http://www.securityfocus.com/bid/75431
vdb-entry
x_refsource_BID
https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-009/?fid=6478
x_refsource_MISC
http://blog.rubygems.org/2015/06/08/2.4.8-released.html
x_refsource_CONFIRM
https://github.com/rubygems/rubygems/commit/5c7bfb5
x_refsource_CONFIRM
https://puppet.com/security/cve/CVE-2015-3900
x_refsource_CONFIRM
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
x_refsource_CONFIRM
Hyperlink: http://blog.rubygems.org/2015/06/08/2.2.5-released.html
Resource:
x_refsource_CONFIRM
Hyperlink: https://www.trustwave.com/Resources/SpiderLabs-Blog/Attacking-Ruby-Gem-Security-with-CVE-2015-3900/
Resource:
x_refsource_MISC
Hyperlink: http://www.securityfocus.com/bid/75431
Resource:
vdb-entry
x_refsource_BID
Hyperlink: https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-009/?fid=6478
Resource:
x_refsource_MISC
Hyperlink: http://blog.rubygems.org/2015/06/08/2.4.8-released.html
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/rubygems/rubygems/commit/5c7bfb5
Resource:
x_refsource_CONFIRM
Hyperlink: https://puppet.com/security/cve/CVE-2015-3900
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://blog.rubygems.org/2015/06/08/2.2.5-released.html
x_refsource_CONFIRM
x_transferred
https://www.trustwave.com/Resources/SpiderLabs-Blog/Attacking-Ruby-Gem-Security-with-CVE-2015-3900/
x_refsource_MISC
x_transferred
http://www.securityfocus.com/bid/75431
vdb-entry
x_refsource_BID
x_transferred
https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-009/?fid=6478
x_refsource_MISC
x_transferred
http://blog.rubygems.org/2015/06/08/2.4.8-released.html
x_refsource_CONFIRM
x_transferred
https://github.com/rubygems/rubygems/commit/5c7bfb5
x_refsource_CONFIRM
x_transferred
https://puppet.com/security/cve/CVE-2015-3900
x_refsource_CONFIRM
x_transferred
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
x_refsource_CONFIRM
x_transferred
Hyperlink: http://blog.rubygems.org/2015/06/08/2.2.5-released.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://www.trustwave.com/Resources/SpiderLabs-Blog/Attacking-Ruby-Gem-Security-with-CVE-2015-3900/
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.securityfocus.com/bid/75431
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-009/?fid=6478
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://blog.rubygems.org/2015/06/08/2.4.8-released.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://github.com/rubygems/rubygems/commit/5c7bfb5
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://puppet.com/security/cve/CVE-2015-3900
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:25 Aug, 2015 | 17:59
Updated At:12 Apr, 2025 | 10:46

RubyGems 2.0.x before 2.0.17, 2.2.x before 2.2.5, and 2.4.x before 2.4.8 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record with a domain that is suffixed with the original domain name, aka a "DNS hijack attack." NOTE: this vulnerability exists because to an incomplete fix for CVE-2015-3900.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.04.3MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Type: Primary
Version: 2.0
Base score: 4.3
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CPE Matches
Oracle Corporation
oracle
>>solaris>>11.3
cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*
rubygems
rubygems
>>rubygems>>2.0.0
cpe:2.3:a:rubygems:rubygems:2.0.0:*:*:*:*:*:*:*
rubygems
rubygems
>>rubygems>>2.0.0
cpe:2.3:a:rubygems:rubygems:2.0.0:preview2:*:*:*:*:*:*
rubygems
rubygems
>>rubygems>>2.0.0
cpe:2.3:a:rubygems:rubygems:2.0.0:preview2.1:*:*:*:*:*:*
rubygems
rubygems
>>rubygems>>2.0.0
cpe:2.3:a:rubygems:rubygems:2.0.0:preview2.2:*:*:*:*:*:*
rubygems
rubygems
>>rubygems>>2.0.0
cpe:2.3:a:rubygems:rubygems:2.0.0:rc1:*:*:*:*:*:*
rubygems
rubygems
>>rubygems>>2.0.0
cpe:2.3:a:rubygems:rubygems:2.0.0:rc2:*:*:*:*:*:*
rubygems
rubygems
>>rubygems>>2.0.1
cpe:2.3:a:rubygems:rubygems:2.0.1:*:*:*:*:*:*:*
rubygems
rubygems
>>rubygems>>2.0.2
cpe:2.3:a:rubygems:rubygems:2.0.2:*:*:*:*:*:*:*
rubygems
rubygems
>>rubygems>>2.0.3
cpe:2.3:a:rubygems:rubygems:2.0.3:*:*:*:*:*:*:*
rubygems
rubygems
>>rubygems>>2.0.4
cpe:2.3:a:rubygems:rubygems:2.0.4:*:*:*:*:*:*:*
rubygems
rubygems
>>rubygems>>2.0.5
cpe:2.3:a:rubygems:rubygems:2.0.5:*:*:*:*:*:*:*
rubygems
rubygems
>>rubygems>>2.0.6
cpe:2.3:a:rubygems:rubygems:2.0.6:*:*:*:*:*:*:*
rubygems
rubygems
>>rubygems>>2.0.7
cpe:2.3:a:rubygems:rubygems:2.0.7:*:*:*:*:*:*:*
rubygems
rubygems
>>rubygems>>2.0.8
cpe:2.3:a:rubygems:rubygems:2.0.8:*:*:*:*:*:*:*
rubygems
rubygems
>>rubygems>>2.0.9
cpe:2.3:a:rubygems:rubygems:2.0.9:*:*:*:*:*:*:*
rubygems
rubygems
>>rubygems>>2.0.10
cpe:2.3:a:rubygems:rubygems:2.0.10:*:*:*:*:*:*:*
rubygems
rubygems
>>rubygems>>2.0.11
cpe:2.3:a:rubygems:rubygems:2.0.11:*:*:*:*:*:*:*
rubygems
rubygems
>>rubygems>>2.0.12
cpe:2.3:a:rubygems:rubygems:2.0.12:*:*:*:*:*:*:*
rubygems
rubygems
>>rubygems>>2.0.13
cpe:2.3:a:rubygems:rubygems:2.0.13:*:*:*:*:*:*:*
rubygems
rubygems
>>rubygems>>2.0.14
cpe:2.3:a:rubygems:rubygems:2.0.14:*:*:*:*:*:*:*
rubygems
rubygems
>>rubygems>>2.0.15
cpe:2.3:a:rubygems:rubygems:2.0.15:*:*:*:*:*:*:*
rubygems
rubygems
>>rubygems>>2.0.16
cpe:2.3:a:rubygems:rubygems:2.0.16:*:*:*:*:*:*:*
rubygems
rubygems
>>rubygems>>2.2.0
cpe:2.3:a:rubygems:rubygems:2.2.0:*:*:*:*:*:*:*
rubygems
rubygems
>>rubygems>>2.2.1
cpe:2.3:a:rubygems:rubygems:2.2.1:*:*:*:*:*:*:*
rubygems
rubygems
>>rubygems>>2.2.2
cpe:2.3:a:rubygems:rubygems:2.2.2:*:*:*:*:*:*:*
rubygems
rubygems
>>rubygems>>2.2.3
cpe:2.3:a:rubygems:rubygems:2.2.3:*:*:*:*:*:*:*
rubygems
rubygems
>>rubygems>>2.2.4
cpe:2.3:a:rubygems:rubygems:2.2.4:*:*:*:*:*:*:*
rubygems
rubygems
>>rubygems>>2.4.0
cpe:2.3:a:rubygems:rubygems:2.4.0:*:*:*:*:*:*:*
rubygems
rubygems
>>rubygems>>2.4.1
cpe:2.3:a:rubygems:rubygems:2.4.1:*:*:*:*:*:*:*
rubygems
rubygems
>>rubygems>>2.4.2
cpe:2.3:a:rubygems:rubygems:2.4.2:*:*:*:*:*:*:*
rubygems
rubygems
>>rubygems>>2.4.3
cpe:2.3:a:rubygems:rubygems:2.4.3:*:*:*:*:*:*:*
rubygems
rubygems
>>rubygems>>2.4.4
cpe:2.3:a:rubygems:rubygems:2.4.4:*:*:*:*:*:*:*
rubygems
rubygems
>>rubygems>>2.4.5
cpe:2.3:a:rubygems:rubygems:2.4.5:*:*:*:*:*:*:*
rubygems
rubygems
>>rubygems>>2.4.6
cpe:2.3:a:rubygems:rubygems:2.4.6:*:*:*:*:*:*:*
rubygems
rubygems
>>rubygems>>2.4.7
cpe:2.3:a:rubygems:rubygems:2.4.7:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-20Primarynvd@nist.gov
CWE ID: CWE-20
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://blog.rubygems.org/2015/06/08/2.2.5-released.htmlcve@mitre.org
Vendor Advisory
http://blog.rubygems.org/2015/06/08/2.4.8-released.htmlcve@mitre.org
Vendor Advisory
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.htmlcve@mitre.org
Third Party Advisory
http://www.securityfocus.com/bid/75431cve@mitre.org
N/A
https://github.com/rubygems/rubygems/commit/5c7bfb5cve@mitre.org
N/A
https://puppet.com/security/cve/CVE-2015-3900cve@mitre.org
N/A
https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-009/?fid=6478cve@mitre.org
Third Party Advisory
https://www.trustwave.com/Resources/SpiderLabs-Blog/Attacking-Ruby-Gem-Security-with-CVE-2015-3900/cve@mitre.org
Third Party Advisory
http://blog.rubygems.org/2015/06/08/2.2.5-released.htmlaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://blog.rubygems.org/2015/06/08/2.4.8-released.htmlaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.securityfocus.com/bid/75431af854a3a-2127-422b-91ae-364da2661108
N/A
https://github.com/rubygems/rubygems/commit/5c7bfb5af854a3a-2127-422b-91ae-364da2661108
N/A
https://puppet.com/security/cve/CVE-2015-3900af854a3a-2127-422b-91ae-364da2661108
N/A
https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-009/?fid=6478af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://www.trustwave.com/Resources/SpiderLabs-Blog/Attacking-Ruby-Gem-Security-with-CVE-2015-3900/af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Hyperlink: http://blog.rubygems.org/2015/06/08/2.2.5-released.html
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://blog.rubygems.org/2015/06/08/2.4.8-released.html
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://www.securityfocus.com/bid/75431
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://github.com/rubygems/rubygems/commit/5c7bfb5
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://puppet.com/security/cve/CVE-2015-3900
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-009/?fid=6478
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://www.trustwave.com/Resources/SpiderLabs-Blog/Attacking-Ruby-Gem-Security-with-CVE-2015-3900/
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://blog.rubygems.org/2015/06/08/2.2.5-released.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://blog.rubygems.org/2015/06/08/2.4.8-released.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.securityfocus.com/bid/75431
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://github.com/rubygems/rubygems/commit/5c7bfb5
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://puppet.com/security/cve/CVE-2015-3900
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-009/?fid=6478
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://www.trustwave.com/Resources/SpiderLabs-Blog/Attacking-Ruby-Gem-Security-with-CVE-2015-3900/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

1117Records found
CVE-2015-7703
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.95% / 89.24%
||
7 Day CHG~0.00%
Published-24 Jul, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The "pidfile" or "driftfile" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, when ntpd is configured to allow remote configuration, allows remote attackers with an IP address that is allowed to send configuration requests, and with knowledge of the remote configuration password to write to arbitrary files via the :config command.

Action-Not Available
Vendor-ntpn/aDebian GNU/LinuxRed Hat, Inc.Oracle CorporationNetApp, Inc.
Product-oncommand_unified_managerlinuxoncommand_performance_managerenterprise_linux_desktopenterprise_linux_server_ausenterprise_linux_server_tusenterprise_linux_workstationclustered_data_ontapenterprise_linux_server_eusdebian_linuxenterprise_linux_serverntpdata_ontapn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-5144
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-1.49% / 80.31%
||
7 Day CHG~0.00%
Published-14 Jul, 2015 | 17:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 uses an incorrect regular expression, which allows remote attackers to inject arbitrary headers and conduct HTTP response splitting attacks via a newline character in an (1) email message to the EmailValidator, a (2) URL to the URLValidator, or unspecified vectors to the (3) validate_ipv4_address or (4) validate_slug validator.

Action-Not Available
Vendor-n/aCanonical Ltd.DjangoOracle CorporationDebian GNU/Linux
Product-debian_linuxdjangoubuntu_linuxsolarisn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-3283
Matching Score-10
Assigner-Oracle
ShareView Details
Matching Score-10
Assigner-Oracle
CVSS Score-4.7||MEDIUM
EPSS-0.55% / 66.92%
||
7 Day CHG~0.00%
Published-27 Jan, 2017 | 22:01
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Partner Management component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Partner Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Partner Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Partner Management accessible data. CVSS v3.0 Base Score 4.7 (Integrity impacts).

Action-Not Available
Vendor-Oracle Corporation
Product-partner_managementPartner Management
CWE ID-CWE-20
Improper Input Validation
CVE-2017-3280
Matching Score-10
Assigner-Oracle
ShareView Details
Matching Score-10
Assigner-Oracle
CVSS Score-4.7||MEDIUM
EPSS-0.64% / 69.67%
||
7 Day CHG~0.00%
Published-27 Jan, 2017 | 22:01
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Partner Management component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Partner Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Partner Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Partner Management accessible data. CVSS v3.0 Base Score 4.7 (Integrity impacts).

Action-Not Available
Vendor-Oracle Corporation
Product-partner_managementPartner Management
CWE ID-CWE-20
Improper Input Validation
CVE-2017-3236
Matching Score-10
Assigner-Oracle
ShareView Details
Matching Score-10
Assigner-Oracle
CVSS Score-4.7||MEDIUM
EPSS-0.64% / 69.67%
||
7 Day CHG~0.00%
Published-27 Jan, 2017 | 22:01
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 and 12.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Universal Banking, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data. CVSS v3.0 Base Score 4.7 (Integrity impacts).

Action-Not Available
Vendor-Oracle Corporation
Product-flexcube_universal_bankingFLEXCUBE Universal Banking
CWE ID-CWE-20
Improper Input Validation
CVE-2011-0881
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.42% / 61.10%
||
7 Day CHG~0.00%
Published-20 Jul, 2011 | 22:36
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the EMCTL component in Oracle Database Server 10.2.0.3, 10.2.0.4, and 11.1.0.7, and Oracle Enterprise Manager Grid Control 10.1.0.6, allows remote attackers to affect integrity via unknown vectors.

Action-Not Available
Vendor-n/aOracle Corporation
Product-database_serverenterprise_manager_grid_controln/a
CVE-2011-0849
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.27% / 50.56%
||
7 Day CHG~0.00%
Published-20 Apr, 2011 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Java Dynamic Management Kit 5.1 allows remote attackers to affect integrity, related to HTML Adaptor.

Action-Not Available
Vendor-n/aOracle Corporation
Product-java_dynamic_management_kitn/a
CVE-2011-0798
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.31% / 53.73%
||
7 Day CHG~0.00%
Published-20 Apr, 2011 | 03:09
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Portal component in Oracle Fusion Middleware 10.1.2.3 and 11.1.1.2.0 allows remote attackers to affect integrity via unknown vectors related to Midtier Infrastructure.

Action-Not Available
Vendor-n/aOracle Corporation
Product-fusion_middlewaren/a
CVE-2011-0834
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.31% / 53.73%
||
7 Day CHG~0.00%
Published-20 Apr, 2011 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Siebel CRM Core component in Oracle Siebel CRM 8.0.0 and 8.1.1 allows remote attackers to affect integrity via unknown vectors related to Globalization - Automotive.

Action-Not Available
Vendor-n/aOracle Corporation
Product-siebel_crmn/a
CVE-2011-0828
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.31% / 53.73%
||
7 Day CHG~0.00%
Published-20 Apr, 2011 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle PeopleSoft Enterprise 8.8 Bundle #13 allows remote attackers to affect integrity via unknown vectors related to Application Portal.

Action-Not Available
Vendor-n/aOracle Corporation
Product-peoplesoft_enterprisen/a
CVE-2011-0805
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.23% / 45.62%
||
7 Day CHG~0.00%
Published-20 Apr, 2011 | 03:09
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the UIX component in Oracle Database Server 10.1.0.5, 10.2.0.4, 11.1.0.7, and 11.2.0.1 allows remote attackers to affect integrity via unknown vectors.

Action-Not Available
Vendor-n/aOracle Corporation
Product-database_servern/a
CVE-2009-3762
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.31% / 53.73%
||
7 Day CHG~0.00%
Published-13 Jul, 2010 | 22:07
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle OpenSSO Enterprise 8.0 allows remote attackers to affect integrity via unknown vectors.

Action-Not Available
Vendor-n/aOracle Corporation
Product-opensso_enterprisen/a
CVE-2011-0877
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.31% / 53.52%
||
7 Day CHG~0.00%
Published-20 Jul, 2011 | 22:36
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Instance Management component in Oracle Database Server 10.1.0.5, 10.2.0.3, and 10.2.0.4, and Oracle Enterprise Manager Grid Control 10.1.0.6, allows remote attackers to affect integrity via unknown vectors.

Action-Not Available
Vendor-n/aOracle Corporation
Product-database_serverenterprise_manager_grid_controln/a
CVE-2020-24553
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.18% / 40.38%
||
7 Day CHG~0.00%
Published-02 Sep, 2020 | 16:25
Updated-04 Aug, 2024 | 15:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header.

Action-Not Available
Vendor-n/aOracle CorporationFedora ProjectGoopenSUSE
Product-gocommunications_cloud_native_core_policyfedoraleapn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2011-0785
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.23% / 45.62%
||
7 Day CHG~0.00%
Published-20 Apr, 2011 | 03:09
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Help component in Oracle Database Server 11.1.0.7, 11.2.0.1, 11.2.0.2, 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, and 10.1.0.5; and Oracle Fusion Middleware 11.1.1.2.0, 11.1.1.3.0, and 11.1.1.4.0 allows remote attackers to affect integrity via unknown vectors.

Action-Not Available
Vendor-n/aOracle Corporation
Product-database_serverfusion_middlewaren/a
CVE-2011-0809
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.29% / 51.73%
||
7 Day CHG~0.00%
Published-20 Apr, 2011 | 03:09
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Web ADI component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors.

Action-Not Available
Vendor-n/aOracle Corporation
Product-e-business_suiten/a
CVE-2011-0830
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.31% / 53.52%
||
7 Day CHG~0.00%
Published-20 Jul, 2011 | 22:36
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Event Management component in Oracle Database Server 10.1.0.5, 10.2.0.3, and 10.2.0.4, and Oracle Enterprise Manager Grid Control 10.1.0.6, allows remote attackers to affect integrity via unknown vectors related to Rules Management UI.

Action-Not Available
Vendor-n/aOracle Corporation
Product-database_serverenterprise_manager_grid_controln/a
CVE-2011-0879
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.31% / 53.52%
||
7 Day CHG~0.00%
Published-20 Jul, 2011 | 22:36
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Instance Management component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and 11.2.0.2; and Oracle Enterprise Manager Grid Control 10.1.0.6 and 10.2.0.5; allows remote attackers to affect integrity via unknown vectors.

Action-Not Available
Vendor-n/aOracle Corporation
Product-database_serverenterprise_manager_grid_controln/a
CVE-2011-0876
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.31% / 53.52%
||
7 Day CHG~0.00%
Published-20 Jul, 2011 | 22:36
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Enterprise Manager Console component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and 11.2.0.2; and Oracle Enterprise Manager Grid Control 10.1.0.6 and 10.2.0.5; allows remote attackers to affect integrity via unknown vectors related to Security.

Action-Not Available
Vendor-n/aOracle Corporation
Product-database_serverenterprise_manager_grid_controln/a
CVE-2009-3416
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.42% / 61.10%
||
7 Day CHG~0.00%
Published-13 Jan, 2010 | 01:00
Updated-07 Aug, 2024 | 06:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.1 allows remote attackers to affect integrity via unknown vectors.

Action-Not Available
Vendor-n/aOracle Corporation
Product-e-business_suiten/a
CVE-2011-0833
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.31% / 53.73%
||
7 Day CHG~0.00%
Published-20 Apr, 2011 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Siebel CRM Core component in Oracle Siebel CRM 7.8.2, 8.0.0, and 8.1.1 allows remote attackers to affect integrity, related to UIF Client.

Action-Not Available
Vendor-n/aOracle Corporation
Product-siebel_crmn/a
CVE-2014-0436
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.49% / 64.45%
||
7 Day CHG~0.00%
Published-17 Jul, 2014 | 02:36
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Hyperion BI+ component in Oracle Hyperion 11.1.2.2 and 11.1.2.3 allows remote attackers to affect integrity via unknown vectors related to Web Analysis.

Action-Not Available
Vendor-n/aOracle Corporation
Product-hyperionn/a
CVE-2010-4453
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.48% / 64.24%
||
7 Day CHG~0.00%
Published-19 Jan, 2011 | 16:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 7.0.7, 8.1.6, 9.0, 9.1, 9.2.4, 10.0.2, 10.3.2, and 10.3.3 allows remote attackers to affect integrity via unknown vectors related to Servlet Container.

Action-Not Available
Vendor-n/aOracle Corporation
Product-weblogic_serverfusion_middlewaren/a
CVE-2010-3514
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-12.69% / 93.72%
||
7 Day CHG~0.00%
Published-13 Oct, 2010 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle iPlanet Web Server (Sun Java System Web Server) component in Oracle Sun Products Suite 6.1 and 7.0 allows remote attackers to affect integrity via unknown vectors related to Web Container.

Action-Not Available
Vendor-n/aOracle Corporation
Product-sun_products_suiten/a
CVE-2010-3587
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.39% / 59.49%
||
7 Day CHG~0.00%
Published-19 Jan, 2011 | 15:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Common Applications component in Oracle Applications 11.5.10.2, 12.0.4, 12.0.5, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to User Management.

Action-Not Available
Vendor-n/aOracle Corporation
Product-e-business_suiten/a
CVE-2010-2416
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.42% / 61.10%
||
7 Day CHG~0.00%
Published-13 Oct, 2010 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle E-Business Intelligence component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect integrity via unknown vectors.

Action-Not Available
Vendor-n/aOracle Corporation
Product-e-business_suiten/a
CVE-2010-2372
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.31% / 53.73%
||
7 Day CHG~0.00%
Published-13 Jul, 2010 | 22:07
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1.1 allows remote attackers to affect integrity via unknown vectors, a different vulnerability than CVE-2010-2371.

Action-Not Available
Vendor-n/aOracle Corporation
Product-supply_chain_products_suiten/a
CVE-2010-2087
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.24% / 47.21%
||
7 Day CHG~0.00%
Published-27 May, 2010 | 18:32
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Oracle Mojarra 1.2_14 and 2.0.2, as used in IBM WebSphere Application Server, Caucho Resin, and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.

Action-Not Available
Vendor-cauchon/aIBM CorporationOracle Corporation
Product-websphere_application_serverresinmojarran/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2010-2418
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.42% / 61.10%
||
7 Day CHG~0.00%
Published-13 Oct, 2010 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Territory Management component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect integrity via unknown vectors.

Action-Not Available
Vendor-n/aOracle Corporation
Product-e-business_suiten/a
CVE-2010-2407
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.31% / 53.52%
||
7 Day CHG~0.00%
Published-13 Oct, 2010 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the XDK component in Oracle Database Server 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote attackers to affect integrity via unknown vectors.

Action-Not Available
Vendor-n/aOracle Corporation
Product-database_servern/a
CVE-2010-2395
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.42% / 61.10%
||
7 Day CHG~0.00%
Published-13 Oct, 2010 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Cabo/UIX component in Oracle Fusion Middleware 10.1.2.3 and 10.1.3.5 allows remote attackers to affect integrity via unknown vectors, a different vulnerability than CVE-2010-2409 and CVE-2010-2410.

Action-Not Available
Vendor-n/aOracle Corporation
Product-fusion_middlewaren/a
CVE-2010-2373
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.31% / 53.73%
||
7 Day CHG~0.00%
Published-13 Jul, 2010 | 22:07
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Console component in Oracle Enterprise Manager Grid Control 10.1.0.6 and 10.2.0.5 allows remote attackers to affect integrity via unknown vectors.

Action-Not Available
Vendor-n/aOracle Corporation
Product-enterprise_manager_grid_controln/a
CVE-2010-2413
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.42% / 61.10%
||
7 Day CHG~0.00%
Published-13 Oct, 2010 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the BI Publisher component in Oracle Fusion Middleware 10.1.3.3.2 and 10.1.3.4.1 allows remote attackers to affect integrity via unknown vectors.

Action-Not Available
Vendor-n/aOracle Corporation
Product-fusion_middlewaren/a
CVE-2010-2408
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.42% / 61.10%
||
7 Day CHG~0.00%
Published-13 Oct, 2010 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle iRecruitment component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect integrity via unknown vectors.

Action-Not Available
Vendor-n/aOracle Corporation
Product-e-business_suiten/a
CVE-2010-2409
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.42% / 61.10%
||
7 Day CHG~0.00%
Published-13 Oct, 2010 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Cabo/UIX component in Oracle Fusion Middleware 10.1.2.3 and 10.1.3.5 allows remote attackers to affect integrity via unknown vectors, a different vulnerability than CVE-2010-2395 and CVE-2010-2410.

Action-Not Available
Vendor-n/aOracle Corporation
Product-fusion_middlewaren/a
CVE-2010-2410
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.42% / 61.10%
||
7 Day CHG~0.00%
Published-13 Oct, 2010 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Cabo/UIX component in Oracle Fusion Middleware 10.1.2.3 and 10.1.3.5 allows remote attackers to affect integrity via unknown vectors, a different vulnerability than CVE-2010-2395 and CVE-2010-2409.

Action-Not Available
Vendor-n/aOracle Corporation
Product-fusion_middlewaren/a
CVE-2010-0863
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.73% / 71.68%
||
7 Day CHG~0.00%
Published-13 Apr, 2010 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Retail - Oracle Retail Plan In-Season component in Oracle Industry Product Suite 12.2 allows remote attackers to affect integrity via unknown vectors related to Online Help.

Action-Not Available
Vendor-n/aOracle Corporation
Product-industry_product_suiten/a
CVE-2010-0892
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.31% / 53.73%
||
7 Day CHG~0.00%
Published-13 Jul, 2010 | 22:07
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Application Express component in Oracle Database Server 3.2.0.00.27 allows remote attackers to affect integrity via unknown vectors.

Action-Not Available
Vendor-n/aOracle Corporation
Product-database_servern/a
CVE-2010-0905
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.31% / 53.73%
||
7 Day CHG~0.00%
Published-13 Jul, 2010 | 22:07
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Applications Manager component in Oracle E-Business Suite 11.5.10.2 and 12.0.4 allows remote attackers to affect integrity via unknown vectors.

Action-Not Available
Vendor-n/aOracle Corporation
Product-e-business_suiten/a
CVE-2010-0862
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.81% / 73.24%
||
7 Day CHG~0.00%
Published-13 Apr, 2010 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Retail - Oracle Retail Markdown Optimization component in Oracle Industry Product Suite 13.1 allows remote attackers to affect integrity via unknown vectors related to Online Help.

Action-Not Available
Vendor-n/aOracle Corporation
Product-industry_product_suiten/a
CVE-2010-0913
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.31% / 53.73%
||
7 Day CHG~0.00%
Published-13 Jul, 2010 | 22:07
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Applications Manager component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.2 allows remote attackers to affect integrity via unknown vectors.

Action-Not Available
Vendor-n/aOracle Corporation
Product-e-business_suiten/a
CVE-2010-0875
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.64% / 69.71%
||
7 Day CHG~0.00%
Published-13 Apr, 2010 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Life Sciences - Oracle Thesaurus Management System component in Oracle Industry Product Suite 4.5.2, 4.6, and 4.6.1 allows remote attackers to affect integrity, related to TMS Browser.

Action-Not Available
Vendor-n/aOracle Corporation
Product-industry_product_suiten/a
CVE-2010-0855
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.73% / 71.68%
||
7 Day CHG~0.00%
Published-13 Apr, 2010 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Portal component in Oracle Fusion Middleware 10.1.2.3 allows remote attackers to affect integrity via unknown vectors, a different vulnerability than CVE-2010-0086.

Action-Not Available
Vendor-n/aOracle Corporation
Product-fusion_middlewaren/a
CVE-2010-0881
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.81% / 73.24%
||
7 Day CHG~0.00%
Published-14 Apr, 2010 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the User Interface Components in Oracle Collaboration Suite 10.1.2.4 allows remote attackers to affect integrity via unknown vectors.

Action-Not Available
Vendor-n/aOracle Corporation
Product-collaboration_suiten/a
CVE-2014-6580
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.31% / 53.73%
||
7 Day CHG~0.00%
Published-21 Jan, 2015 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.7 and 11.1.2.2 allows remote attackers to affect integrity via unknown vectors.

Action-Not Available
Vendor-n/aOracle Corporation
Product-fusion_middlewaren/a
CVE-2009-3763
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.31% / 53.73%
||
7 Day CHG~0.00%
Published-13 Jul, 2010 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Access Manager / OpenSSO component in Oracle OpenSSO Enterprise 7.1, 7, 2005Q4, and 8.0 allows remote attackers to affect integrity via unknown vectors.

Action-Not Available
Vendor-n/aOracle Corporation
Product-opensso_enterprisen/a
CVE-2020-1941
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-6.1||MEDIUM
EPSS-4.42% / 88.60%
||
7 Day CHG~0.00%
Published-14 May, 2020 | 16:29
Updated-04 Aug, 2024 | 06:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open to XSS, in the view that lists the contents of a queue.

Action-Not Available
Vendor-n/aThe Apache Software FoundationOracle Corporation
Product-communications_diameter_signaling_routerenterprise_repositorycommunications_session_route_manageractivemqflexcube_private_bankingcommunications_session_report_managercommunications_element_managerApache ActiveMQ
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2009-3764
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.31% / 53.73%
||
7 Day CHG~0.00%
Published-13 Jul, 2010 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the OpenSSO component in Oracle OpenSSO Enterprise 8.0 allows remote attackers to affect integrity via unknown vectors.

Action-Not Available
Vendor-n/aOracle Corporation
Product-opensso_enterprisen/a
CVE-2009-3407
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-3.13% / 86.34%
||
7 Day CHG~0.00%
Published-22 Oct, 2009 | 18:00
Updated-07 Aug, 2024 | 06:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Portal component in Oracle Application Server 10.1.2.3 and 10.1.4.2 allows remote attackers to affect integrity via unknown vectors, a different vulnerability than CVE-2009-0974 and CVE-2009-0983.

Action-Not Available
Vendor-n/aOracle Corporation
Product-application_servern/a
CVE-2009-3393
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.88% / 74.46%
||
7 Day CHG~0.00%
Published-22 Oct, 2009 | 18:00
Updated-07 Aug, 2024 | 06:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via unknown vectors.

Action-Not Available
Vendor-n/aOracle Corporation
Product-e-business_suiten/a
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 22
  • 23
  • Next
Details not found