Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2016-0483

Summary
Assigner-oracle
Assigner Org ID-43595867-4340-4103-b7a2-9a5208d29a85
Published At-21 Jan, 2016 | 02:00
Updated At-05 Aug, 2024 | 22:22
Rejected At-
Credits

Unspecified vulnerability in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a heap-based buffer overflow in the readImage function, which allows remote attackers to execute arbitrary code via crafted image data.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:oracle
Assigner Org ID:43595867-4340-4103-b7a2-9a5208d29a85
Published At:21 Jan, 2016 | 02:00
Updated At:05 Aug, 2024 | 22:22
Rejected At:
▼CVE Numbering Authority (CNA)

Unspecified vulnerability in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a heap-based buffer overflow in the readImage function, which allows remote attackers to execute arbitrary code via crafted image data.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.zerodayinitiative.com/advisories/ZDI-16-032
x_refsource_MISC
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html
vendor-advisory
x_refsource_SUSE
http://www.securitytracker.com/id/1034715
vdb-entry
x_refsource_SECTRACK
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html
vendor-advisory
x_refsource_SUSE
https://security.gentoo.org/glsa/201610-08
vendor-advisory
x_refsource_GENTOO
http://www.ubuntu.com/usn/USN-2884-1
vendor-advisory
x_refsource_UBUNTU
http://www.debian.org/security/2016/dsa-3465
vendor-advisory
x_refsource_DEBIAN
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
x_refsource_CONFIRM
http://www.ubuntu.com/usn/USN-2885-1
vendor-advisory
x_refsource_UBUNTU
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2016:1430
vendor-advisory
x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2016-0049.html
vendor-advisory
x_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html
vendor-advisory
x_refsource_SUSE
http://rhn.redhat.com/errata/RHSA-2016-0053.html
vendor-advisory
x_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html
vendor-advisory
x_refsource_SUSE
http://rhn.redhat.com/errata/RHSA-2016-0067.html
vendor-advisory
x_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html
vendor-advisory
x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html
vendor-advisory
x_refsource_SUSE
https://security.gentoo.org/glsa/201603-14
vendor-advisory
x_refsource_GENTOO
http://rhn.redhat.com/errata/RHSA-2016-0057.html
vendor-advisory
x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2016-0055.html
vendor-advisory
x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2016-0054.html
vendor-advisory
x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2016-0056.html
vendor-advisory
x_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html
vendor-advisory
x_refsource_SUSE
http://rhn.redhat.com/errata/RHSA-2016-0050.html
vendor-advisory
x_refsource_REDHAT
http://www.debian.org/security/2016/dsa-3458
vendor-advisory
x_refsource_DEBIAN
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html
vendor-advisory
x_refsource_SUSE
Hyperlink: http://www.zerodayinitiative.com/advisories/ZDI-16-032
Resource:
x_refsource_MISC
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://www.securitytracker.com/id/1034715
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: https://security.gentoo.org/glsa/201610-08
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: http://www.ubuntu.com/usn/USN-2884-1
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://www.debian.org/security/2016/dsa-3465
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.ubuntu.com/usn/USN-2885-1
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
Resource:
x_refsource_CONFIRM
Hyperlink: https://access.redhat.com/errata/RHSA-2016:1430
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-0049.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-0053.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-0067.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: https://security.gentoo.org/glsa/201603-14
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-0057.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-0055.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-0054.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-0056.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-0050.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.debian.org/security/2016/dsa-3458
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html
Resource:
vendor-advisory
x_refsource_SUSE
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.zerodayinitiative.com/advisories/ZDI-16-032
x_refsource_MISC
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://www.securitytracker.com/id/1034715
vdb-entry
x_refsource_SECTRACK
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html
vendor-advisory
x_refsource_SUSE
x_transferred
https://security.gentoo.org/glsa/201610-08
vendor-advisory
x_refsource_GENTOO
x_transferred
http://www.ubuntu.com/usn/USN-2884-1
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://www.debian.org/security/2016/dsa-3465
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
x_refsource_CONFIRM
x_transferred
http://www.ubuntu.com/usn/USN-2885-1
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
x_refsource_CONFIRM
x_transferred
https://access.redhat.com/errata/RHSA-2016:1430
vendor-advisory
x_refsource_REDHAT
x_transferred
http://rhn.redhat.com/errata/RHSA-2016-0049.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://rhn.redhat.com/errata/RHSA-2016-0053.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://rhn.redhat.com/errata/RHSA-2016-0067.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html
vendor-advisory
x_refsource_SUSE
x_transferred
https://security.gentoo.org/glsa/201603-14
vendor-advisory
x_refsource_GENTOO
x_transferred
http://rhn.redhat.com/errata/RHSA-2016-0057.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://rhn.redhat.com/errata/RHSA-2016-0055.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://rhn.redhat.com/errata/RHSA-2016-0054.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://rhn.redhat.com/errata/RHSA-2016-0056.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://rhn.redhat.com/errata/RHSA-2016-0050.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.debian.org/security/2016/dsa-3458
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://www.zerodayinitiative.com/advisories/ZDI-16-032
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://www.securitytracker.com/id/1034715
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: https://security.gentoo.org/glsa/201610-08
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: http://www.ubuntu.com/usn/USN-2884-1
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://www.debian.org/security/2016/dsa-3465
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.ubuntu.com/usn/USN-2885-1
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2016:1430
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-0049.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-0053.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-0067.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: https://security.gentoo.org/glsa/201603-14
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-0057.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-0055.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-0054.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-0056.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-0050.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.debian.org/security/2016/dsa-3458
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert_us@oracle.com
Published At:21 Jan, 2016 | 03:00
Updated At:12 Apr, 2025 | 10:46

Unspecified vulnerability in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a heap-based buffer overflow in the readImage function, which allows remote attackers to execute arbitrary code via crafted image data.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.010.0HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
Type: Primary
Version: 2.0
Base score: 10.0
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
CPE Matches
Oracle Corporation
oracle
>>jdk>>1.6.0
cpe:2.3:a:oracle:jdk:1.6.0:update105:*:*:*:*:*:*
Oracle Corporation
oracle
>>jdk>>1.7.0
cpe:2.3:a:oracle:jdk:1.7.0:update91:*:*:*:*:*:*
Oracle Corporation
oracle
>>jdk>>1.8.0
cpe:2.3:a:oracle:jdk:1.8.0:update66:*:*:*:*:*:*
Oracle Corporation
oracle
>>jre>>1.6.0
cpe:2.3:a:oracle:jre:1.6.0:update105:*:*:*:*:*:*
Oracle Corporation
oracle
>>jre>>1.7.0
cpe:2.3:a:oracle:jre:1.7.0:update91:*:*:*:*:*:*
Oracle Corporation
oracle
>>jre>>1.8.0
cpe:2.3:a:oracle:jre:1.8.0:update66:*:*:*:*:*:*
Oracle Corporation
oracle
>>jrockit>>r28.3.8
cpe:2.3:a:oracle:jrockit:r28.3.8:*:*:*:*:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>12.04
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>14.04
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>15.04
cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>15.10
cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Per Oracle: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service.
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.htmlsecalert_us@oracle.com
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.htmlsecalert_us@oracle.com
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.htmlsecalert_us@oracle.com
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.htmlsecalert_us@oracle.com
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.htmlsecalert_us@oracle.com
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.htmlsecalert_us@oracle.com
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.htmlsecalert_us@oracle.com
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.htmlsecalert_us@oracle.com
N/A
http://rhn.redhat.com/errata/RHSA-2016-0049.htmlsecalert_us@oracle.com
N/A
http://rhn.redhat.com/errata/RHSA-2016-0050.htmlsecalert_us@oracle.com
N/A
http://rhn.redhat.com/errata/RHSA-2016-0053.htmlsecalert_us@oracle.com
N/A
http://rhn.redhat.com/errata/RHSA-2016-0054.htmlsecalert_us@oracle.com
N/A
http://rhn.redhat.com/errata/RHSA-2016-0055.htmlsecalert_us@oracle.com
N/A
http://rhn.redhat.com/errata/RHSA-2016-0056.htmlsecalert_us@oracle.com
N/A
http://rhn.redhat.com/errata/RHSA-2016-0057.htmlsecalert_us@oracle.com
N/A
http://rhn.redhat.com/errata/RHSA-2016-0067.htmlsecalert_us@oracle.com
N/A
http://www.debian.org/security/2016/dsa-3458secalert_us@oracle.com
N/A
http://www.debian.org/security/2016/dsa-3465secalert_us@oracle.com
N/A
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.htmlsecalert_us@oracle.com
Patch
Vendor Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.htmlsecalert_us@oracle.com
N/A
http://www.securitytracker.com/id/1034715secalert_us@oracle.com
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/USN-2884-1secalert_us@oracle.com
Third Party Advisory
http://www.ubuntu.com/usn/USN-2885-1secalert_us@oracle.com
Third Party Advisory
http://www.zerodayinitiative.com/advisories/ZDI-16-032secalert_us@oracle.com
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2016:1430secalert_us@oracle.com
N/A
https://security.gentoo.org/glsa/201603-14secalert_us@oracle.com
N/A
https://security.gentoo.org/glsa/201610-08secalert_us@oracle.com
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://rhn.redhat.com/errata/RHSA-2016-0049.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://rhn.redhat.com/errata/RHSA-2016-0050.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://rhn.redhat.com/errata/RHSA-2016-0053.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://rhn.redhat.com/errata/RHSA-2016-0054.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://rhn.redhat.com/errata/RHSA-2016-0055.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://rhn.redhat.com/errata/RHSA-2016-0056.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://rhn.redhat.com/errata/RHSA-2016-0057.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://rhn.redhat.com/errata/RHSA-2016-0067.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.debian.org/security/2016/dsa-3458af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.debian.org/security/2016/dsa-3465af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.htmlaf854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securitytracker.com/id/1034715af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/USN-2884-1af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.ubuntu.com/usn/USN-2885-1af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.zerodayinitiative.com/advisories/ZDI-16-032af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2016:1430af854a3a-2127-422b-91ae-364da2661108
N/A
https://security.gentoo.org/glsa/201603-14af854a3a-2127-422b-91ae-364da2661108
N/A
https://security.gentoo.org/glsa/201610-08af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html
Source: secalert_us@oracle.com
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html
Source: secalert_us@oracle.com
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html
Source: secalert_us@oracle.com
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html
Source: secalert_us@oracle.com
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html
Source: secalert_us@oracle.com
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html
Source: secalert_us@oracle.com
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html
Source: secalert_us@oracle.com
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html
Source: secalert_us@oracle.com
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-0049.html
Source: secalert_us@oracle.com
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-0050.html
Source: secalert_us@oracle.com
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-0053.html
Source: secalert_us@oracle.com
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-0054.html
Source: secalert_us@oracle.com
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-0055.html
Source: secalert_us@oracle.com
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-0056.html
Source: secalert_us@oracle.com
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-0057.html
Source: secalert_us@oracle.com
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-0067.html
Source: secalert_us@oracle.com
Resource: N/A
Hyperlink: http://www.debian.org/security/2016/dsa-3458
Source: secalert_us@oracle.com
Resource: N/A
Hyperlink: http://www.debian.org/security/2016/dsa-3465
Source: secalert_us@oracle.com
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
Source: secalert_us@oracle.com
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
Source: secalert_us@oracle.com
Resource: N/A
Hyperlink: http://www.securitytracker.com/id/1034715
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.ubuntu.com/usn/USN-2884-1
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
Hyperlink: http://www.ubuntu.com/usn/USN-2885-1
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
Hyperlink: http://www.zerodayinitiative.com/advisories/ZDI-16-032
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://access.redhat.com/errata/RHSA-2016:1430
Source: secalert_us@oracle.com
Resource: N/A
Hyperlink: https://security.gentoo.org/glsa/201603-14
Source: secalert_us@oracle.com
Resource: N/A
Hyperlink: https://security.gentoo.org/glsa/201610-08
Source: secalert_us@oracle.com
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-0049.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-0050.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-0053.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-0054.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-0055.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-0056.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-0057.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-0067.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.debian.org/security/2016/dsa-3458
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.debian.org/security/2016/dsa-3465
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securitytracker.com/id/1034715
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.ubuntu.com/usn/USN-2884-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.ubuntu.com/usn/USN-2885-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.zerodayinitiative.com/advisories/ZDI-16-032
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://access.redhat.com/errata/RHSA-2016:1430
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://security.gentoo.org/glsa/201603-14
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://security.gentoo.org/glsa/201610-08
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

503Records found
CVE-2021-42392
Matching Score-8
Assigner-JFrog
ShareView Details
Matching Score-8
Assigner-JFrog
CVSS Score-9.8||CRITICAL
EPSS-91.68% / 99.67%
||
7 Day CHG~0.00%
Published-07 Jan, 2022 | 00:00
Updated-04 Aug, 2024 | 03:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. An attacker may pass a JNDI driver name and a URL leading to a LDAP or RMI servers, causing remote code execution. This can be exploited through various attack vectors, most notably through the H2 Console which leads to unauthenticated remote code execution.

Action-Not Available
Vendor-h2databaseh2databaseOracle CorporationDebian GNU/Linux
Product-communications_cloud_native_core_policydebian_linuxh2h2
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2016-0686
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-9.6||CRITICAL
EPSS-5.41% / 89.76%
||
7 Day CHG~0.00%
Published-21 Apr, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Serialization.

Action-Not Available
Vendor-n/aOracle Corporation
Product-jrejdkn/a
CVE-2015-8812
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-7.95% / 91.70%
||
7 Day CHG~0.00%
Published-27 Apr, 2016 | 17:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

drivers/infiniband/hw/cxgb3/iwch_cm.c in the Linux kernel before 4.5 does not properly identify error conditions, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted packets.

Action-Not Available
Vendor-n/aNovellLinux Kernel Organization, IncCanonical Ltd.
Product-suse_linux_enterprise_real_time_extensionlinux_kernelubuntu_linuxn/a
CVE-2020-14882
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-9.8||CRITICAL
EPSS-94.45% / 99.99%
||
7 Day CHG~0.00%
Published-21 Oct, 2020 | 14:04
Updated-30 Jul, 2025 | 01:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-05-03||Apply updates per vendor instructions.

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-weblogic_serverWebLogic ServerWebLogic Server
CVE-2008-0599
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-54.45% / 97.94%
||
7 Day CHG~0.00%
Published-05 May, 2008 | 17:00
Updated-07 Aug, 2024 | 07:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI.

Action-Not Available
Vendor-n/aCanonical Ltd.Fedora ProjectThe PHP GroupApple Inc.
Product-ubuntu_linuxphpfedoramac_os_xmac_os_x_servern/a
CWE ID-CWE-131
Incorrect Calculation of Buffer Size
CVE-2015-6015
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-10||HIGH
EPSS-19.92% / 95.25%
||
7 Day CHG~0.00%
Published-22 Jan, 2016 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2015-4808, CVE-2015-6013, CVE-2015-6014, and CVE-2016-0432. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this issue is a stack-based buffer overflow in Oracle Outside In 8.5.2 and earlier, which allows remote attackers to execute arbitrary code via a crafted Paradox DB file.

Action-Not Available
Vendor-n/aOracle Corporation
Product-outside_in_technologyn/a
CVE-2008-0345
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-1.72% / 81.61%
||
7 Day CHG~0.00%
Published-17 Jan, 2008 | 22:00
Updated-07 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Core RDBMS component in Oracle Database 11.1.0.6 has unknown impact and remote attack vectors, aka DB08.

Action-Not Available
Vendor-n/aOracle Corporation
Product-peoplesoft_enterprise_peopletoolse-business_suitecollaboration_suiteapplication_serverdatabase_servern/a
CVE-2015-2590
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-9.8||CRITICAL
EPSS-76.85% / 98.91%
||
7 Day CHG~0.00%
Published-16 Jul, 2015 | 10:00
Updated-30 Jul, 2025 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-03-24||Apply updates per vendor instructions.

Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2015-4732.

Action-Not Available
Vendor-n/aSUSEopenSUSERed Hat, Inc.Oracle CorporationCanonical Ltd.Debian GNU/Linux
Product-enterprise_linux_serverenterprise_linux_for_ibm_z_systems_eusenterprise_linux_for_power_little_endian_eusenterprise_linux_eusenterprise_linux_for_power_big_endian_eusenterprise_linux_for_power_little_endianjdklinux_enterprise_desktopdebian_linuxenterprise_linux_for_power_big_endianenterprise_linux_server_ausenterprise_linux_for_ibm_z_systemsopensuseenterprise_linux_desktopubuntu_linuxsatelliteenterprise_linux_server_tusenterprise_linux_workstationjrelinux_enterprise_serverlinux_enterprise_debuginfon/aJava SE
CVE-2015-4883
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-10||HIGH
EPSS-8.74% / 92.13%
||
7 Day CHG~0.00%
Published-21 Oct, 2015 | 23:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI, a different vulnerability than CVE-2015-4860.

Action-Not Available
Vendor-n/aOracle Corporation
Product-jrejdkn/a
CVE-2015-4860
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-10||HIGH
EPSS-8.74% / 92.13%
||
7 Day CHG~0.00%
Published-21 Oct, 2015 | 23:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI, a different vulnerability than CVE-2015-4883.

Action-Not Available
Vendor-n/aOracle Corporation
Product-jrejdkn/a
CVE-2015-4473
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-10||HIGH
EPSS-2.75% / 85.42%
||
7 Day CHG~0.00%
Published-16 Aug, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aMozilla CorporationopenSUSEDebian GNU/LinuxCanonical Ltd.
Product-debian_linuxfirefoxopensuseubuntu_linuxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2008-0341
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-2.30% / 84.09%
||
7 Day CHG~0.00%
Published-17 Jan, 2008 | 22:00
Updated-07 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Advanced Queuing component in Oracle Database 9.0.1.5 FIPS+ and 10.1.0.5 has unknown impact and remote attack vectors, aka DB03.

Action-Not Available
Vendor-n/aOracle Corporation
Product-database_servern/a
CVE-2015-4479
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-10||HIGH
EPSS-4.23% / 88.31%
||
7 Day CHG~0.00%
Published-16 Aug, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple integer overflows in libstagefright in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allow remote attackers to execute arbitrary code via a crafted saio chunk in MPEG-4 video data.

Action-Not Available
Vendor-n/aMozilla CorporationopenSUSECanonical Ltd.
Product-firefoxopensuseubuntu_linuxn/a
CVE-2015-4760
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-10||HIGH
EPSS-8.69% / 92.11%
||
7 Day CHG~0.00%
Published-16 Jul, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.

Action-Not Available
Vendor-n/aOracle Corporation
Product-jrejdkn/a
CVE-2015-4843
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-10||HIGH
EPSS-22.06% / 95.57%
||
7 Day CHG~0.00%
Published-21 Oct, 2015 | 23:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.

Action-Not Available
Vendor-n/aOracle Corporation
Product-jrejdkn/a
CVE-2015-4915
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-10||HIGH
EPSS-2.47% / 84.64%
||
7 Day CHG~0.00%
Published-21 Oct, 2015 | 23:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Integrated Lights Out Manager (ILOM) component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to System Management.

Action-Not Available
Vendor-n/aOracle Corporation
Product-oracle_and_sun_systems_product_suiten/a
CVE-2008-0348
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-1.72% / 81.61%
||
7 Day CHG~0.00%
Published-17 Jan, 2008 | 22:00
Updated-07 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in the PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.22.18, 8.48.15, and 8.49.07 have unknown impact and remote attack vectors, aka (1) PSE01, (2) PSE03, and (3) PSE04.

Action-Not Available
Vendor-n/aOracle Corporation
Product-peoplesoft_enterprise_peopletoolse-business_suitecollaboration_suiteapplication_serverdatabase_servern/a
CVE-2015-4733
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-10||HIGH
EPSS-14.84% / 94.26%
||
7 Day CHG~0.00%
Published-16 Jul, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI.

Action-Not Available
Vendor-n/aOracle Corporation
Product-jrejdkn/a
CVE-2015-4798
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-10||HIGH
EPSS-2.71% / 85.34%
||
7 Day CHG~0.00%
Published-21 Oct, 2015 | 21:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to DB Listener, a different vulnerability than CVE-2015-4839.

Action-Not Available
Vendor-n/aOracle Corporation
Product-e-business_suiten/a
CVE-2015-4835
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-10||HIGH
EPSS-4.77% / 89.03%
||
7 Day CHG~0.00%
Published-21 Oct, 2015 | 23:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2015-4881.

Action-Not Available
Vendor-n/aOracle Corporation
Product-jrejdkn/a
CVE-2008-0339
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-27.19% / 96.20%
||
7 Day CHG~0.00%
Published-17 Jan, 2008 | 22:00
Updated-07 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the XML DB component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 has unknown impact and remote attack vectors, aka DB01.

Action-Not Available
Vendor-n/aOracle Corporation
Product-database_servern/a
CVE-2015-4486
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-10||HIGH
EPSS-2.19% / 83.72%
||
7 Day CHG~0.00%
Published-16 Aug, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The decrease_ref_count function in libvpx in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via malformed WebM video data.

Action-Not Available
Vendor-n/aMozilla CorporationopenSUSEOracle CorporationCanonical Ltd.
Product-firefoxopensuseubuntu_linuxsolarisn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-4474
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-10||HIGH
EPSS-3.78% / 87.60%
||
7 Day CHG~0.00%
Published-16 Aug, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 40.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aMozilla CorporationopenSUSECanonical Ltd.
Product-firefoxopensuseubuntu_linuxn/a
CVE-2008-0346
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-2.31% / 84.14%
||
7 Day CHG~0.00%
Published-17 Jan, 2008 | 22:00
Updated-07 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Jinitiator component in Oracle Application Server 1.3.1.27 and E-Business Suite 11.5.10.2 has unknown impact and remote attack vectors, aka AS01.

Action-Not Available
Vendor-n/aOracle Corporation
Product-peoplesoft_enterprise_peopletoolse-business_suitecollaboration_suiteapplication_serverdatabase_servern/a
CVE-2015-4839
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-10||HIGH
EPSS-2.71% / 85.34%
||
7 Day CHG~0.00%
Published-21 Oct, 2015 | 23:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to DB Listener, a different vulnerability than CVE-2015-4798.

Action-Not Available
Vendor-n/aOracle Corporation
Product-e-business_suiten/a
CVE-2008-0347
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-2.46% / 84.62%
||
7 Day CHG~0.00%
Published-17 Jan, 2008 | 22:00
Updated-07 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Ultra Search component in Oracle Collaboration Suite 10.1.2; Database 9.2.0.8, 10.1.0.5, and 10.2.0.3; and Application Server 9.0.4.3 and 10.1.2.0.2; has unknown impact and local attack vectors, aka OCS01. NOTE: Oracle has not disputed a reliable claim that this issue is related to WKSYS schema privileges.

Action-Not Available
Vendor-n/aOracle Corporation
Product-peoplesoft_enterprise_peopletoolse-business_suitecollaboration_suiteapplication_server_9iapplication_serverdatabase_servern/a
CVE-2015-4485
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-10||HIGH
EPSS-7.88% / 91.65%
||
7 Day CHG~0.00%
Published-16 Aug, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in the resize_context_buffers function in libvpx in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code via malformed WebM video data.

Action-Not Available
Vendor-n/aMozilla CorporationopenSUSEOracle CorporationCanonical Ltd.
Product-firefoxopensuseubuntu_linuxsolarisn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-4881
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-10||HIGH
EPSS-7.29% / 91.28%
||
7 Day CHG~0.00%
Published-21 Oct, 2015 | 23:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2015-4835.

Action-Not Available
Vendor-n/aOracle Corporation
Product-jrejdkn/a
CVE-2015-4732
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-10||HIGH
EPSS-14.87% / 94.27%
||
7 Day CHG~0.00%
Published-16 Jul, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2015-2590.

Action-Not Available
Vendor-n/aOracle Corporation
Product-jrejdkn/a
CVE-2015-4805
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-10||HIGH
EPSS-6.39% / 90.63%
||
7 Day CHG~0.00%
Published-21 Oct, 2015 | 21:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Serialization.

Action-Not Available
Vendor-n/aOracle Corporation
Product-jrejdkn/a
CVE-2008-0344
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-1.72% / 81.61%
||
7 Day CHG~0.00%
Published-17 Jan, 2008 | 22:00
Updated-07 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Spatial component in Oracle Database 10.1.0.5 and 10.2.0.3 has unknown impact and remote attack vectors, aka DB07.

Action-Not Available
Vendor-n/aOracle Corporation
Product-peoplesoft_enterprise_peopletoolse-business_suitecollaboration_suiteapplication_serverdatabase_servern/a
CVE-2015-3408
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-3.93% / 87.84%
||
7 Day CHG-0.95%
Published-19 May, 2015 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Module::Signature before 0.74 allows remote attackers to execute arbitrary shell commands via a crafted SIGNATURE file which is not properly handled when generating checksums from a signed manifest.

Action-Not Available
Vendor-module-signature_projectn/aCanonical Ltd.
Product-module-signatureubuntu_linuxn/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2008-0342
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-2.30% / 84.09%
||
7 Day CHG~0.00%
Published-17 Jan, 2008 | 22:00
Updated-07 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Upgrade/Downgrade component in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3 has unknown impact and remote attack vectors, aka DB05.

Action-Not Available
Vendor-n/aOracle Corporation
Product-database_servern/a
CVE-2008-0340
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-1.72% / 81.61%
||
7 Day CHG~0.00%
Published-17 Jan, 2008 | 22:00
Updated-07 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 have unknown impact and remote attack vectors, related to the (1) Advanced Queuing component (DB02) and (2) Oracle Spatial component (DB04).

Action-Not Available
Vendor-n/aOracle Corporation
Product-peoplesoft_enterprise_peopletoolse-business_suitecollaboration_suiteapplication_serverdatabase_servern/a
CVE-2020-14859
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-9.8||CRITICAL
EPSS-4.77% / 89.04%
||
7 Day CHG~0.00%
Published-21 Oct, 2020 | 14:04
Updated-26 Sep, 2024 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-weblogic_serverWebLogic Server
CVE-2020-14606
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-10||CRITICAL
EPSS-2.04% / 83.12%
||
7 Day CHG~0.00%
Published-15 Jul, 2020 | 17:34
Updated-27 Sep, 2024 | 18:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle SD-WAN Edge product of Oracle Communications Applications (component: User Interface). Supported versions that are affected are 8.2 and 9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle SD-WAN Edge. While the vulnerability is in Oracle SD-WAN Edge, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle SD-WAN Edge. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-sd-wan_edgeSD-WAN Edge
CVE-2007-5526
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-1.12% / 77.37%
||
7 Day CHG~0.00%
Published-17 Oct, 2007 | 23:00
Updated-07 Aug, 2024 | 15:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 10.1.2.0.2, 10.1.2.2, and 10.1.4.1, and Collaboration Suite 10.1.2, has unknown impact and remote attack vectors, aka AS11.

Action-Not Available
Vendor-n/aOracle Corporation
Product-collaboration_suiteapplication_servern/a
CVE-2015-2731
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-10||HIGH
EPSS-3.05% / 86.16%
||
7 Day CHG~0.00%
Published-06 Jul, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the CSPService::ShouldLoad function in the microtask implementation in Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 allows remote attackers to execute arbitrary code by leveraging client-side JavaScript that triggers removal of a DOM object on the basis of a Content Policy.

Action-Not Available
Vendor-n/aMozilla CorporationOracle Corporation
Product-firefoxfirefox_esrsolaristhunderbirdn/a
CVE-2015-2737
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-10||HIGH
EPSS-0.95% / 75.36%
||
7 Day CHG~0.00%
Published-06 Jul, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The rx::d3d11::SetBufferData function in the Direct3D 11 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors.

Action-Not Available
Vendor-n/aMozilla CorporationSUSEDebian GNU/LinuxOracle CorporationCanonical Ltd.
Product-solarisfirefoxfirefox_esrubuntu_linuxsuse_linux_enterprise_serverlinux_enterprise_desktopthunderbirddebian_linuxlinux_enterprise_serverlinux_enterprise_software_development_kitn/a
CVE-2015-2733
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-10||HIGH
EPSS-2.69% / 85.27%
||
7 Day CHG~0.00%
Published-06 Jul, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 allows remote attackers to execute arbitrary code via vectors involving attachment of an XMLHttpRequest object to a dedicated worker.

Action-Not Available
Vendor-n/aMozilla CorporationOracle CorporationNovell
Product-solarisfirefoxfirefox_esrsuse_linux_enterprise_serversuse_linux_enterprise_desktopn/a
CVE-2015-2739
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-10||HIGH
EPSS-0.75% / 72.13%
||
7 Day CHG~0.00%
Published-06 Jul, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ArrayBufferBuilder::append function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which has unspecified impact and attack vectors.

Action-Not Available
Vendor-n/aMozilla CorporationOracle CorporationDebian GNU/LinuxNovellCanonical Ltd.
Product-thunderbirdsolarisfirefoxfirefox_esrubuntu_linuxsuse_linux_enterprise_serversuse_linux_enterprise_desktopdebian_linuxsuse_linux_enterprise_software_development_kitn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2007-5528
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-1.12% / 77.37%
||
7 Day CHG~0.00%
Published-17 Oct, 2007 | 23:00
Updated-07 Aug, 2024 | 15:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in Oracle E-Business Suite 12.0.2 have unknown impact and attack vectors related to (1) Public Sector Human Resources (APP03) and (2) Quoting component (APP06).

Action-Not Available
Vendor-n/aOracle Corporation
Product-e-business_suiten/a
CVE-2015-2722
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-10||HIGH
EPSS-2.29% / 84.06%
||
7 Day CHG~0.00%
Published-06 Jul, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 allows remote attackers to execute arbitrary code via vectors involving attachment of an XMLHttpRequest object to a shared worker.

Action-Not Available
Vendor-n/aMozilla CorporationOracle CorporationNovell
Product-solarisfirefoxfirefox_esrsuse_linux_enterprise_serversuse_linux_enterprise_desktopsuse_linux_enterprise_software_development_kitn/a
CVE-2015-2608
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-10||HIGH
EPSS-2.47% / 84.64%
||
7 Day CHG~0.00%
Published-21 Oct, 2015 | 21:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in (1) the Oracle Communications Diameter Signaling Router (DSR) component in Oracle Communications Applications 4.1.6 and earlier, 5.1.0 and earlier, 6.0.2 and earlier, and 7.1.0 and earlier; (2) the Oracle Communications Performance Intelligence Center Software component in Oracle Communications Applications 9.0.3 and earlier and 10.1.5 and earlier; (3) the Oracle Communications Policy Management component in Oracle Communications Applications 9.9.0 and earlier, 10.5.0 and earlier, 11.5.0 and earlier, and 12.1.0 and earlier; and (4) the Oracle Communications Tekelec HLR Router component in Oracle Communications Applications 4.0.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to PMAC.

Action-Not Available
Vendor-n/aOracle Corporation
Product-communications_applicationsn/a
CVE-2015-2726
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-10||HIGH
EPSS-1.53% / 80.56%
||
7 Day CHG~0.00%
Published-06 Jul, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aMozilla CorporationOracle CorporationNovell
Product-solarisfirefoxsuse_linux_enterprise_serversuse_linux_enterprise_desktopsuse_linux_enterprise_software_development_kitn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-2725
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-10||HIGH
EPSS-1.98% / 82.85%
||
7 Day CHG~0.00%
Published-06 Jul, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aMozilla CorporationOracle CorporationNovell
Product-solarisfirefoxfirefox_esrsuse_linux_enterprise_serverthunderbirdsuse_linux_enterprise_software_development_kitsuse_linux_enterprise_desktopn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-2734
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-10||HIGH
EPSS-0.95% / 75.36%
||
7 Day CHG~0.00%
Published-06 Jul, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The CairoTextureClientD3D9::BorrowDrawTarget function in the Direct3D 9 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors.

Action-Not Available
Vendor-n/aMozilla CorporationSUSEDebian GNU/LinuxOracle CorporationCanonical Ltd.
Product-solarisfirefoxfirefox_esrubuntu_linuxsuse_linux_enterprise_serverlinux_enterprise_desktopthunderbirddebian_linuxlinux_enterprise_serverlinux_enterprise_software_development_kitn/a
CVE-2015-2724
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-10||HIGH
EPSS-1.74% / 81.72%
||
7 Day CHG~0.00%
Published-06 Jul, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aMozilla CorporationOracle CorporationDebian GNU/LinuxNovellCanonical Ltd.
Product-thunderbirdsolarisfirefoxfirefox_esrubuntu_linuxsuse_linux_enterprise_serversuse_linux_enterprise_desktopdebian_linuxsuse_linux_enterprise_software_development_kitn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-2740
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-10||HIGH
EPSS-4.14% / 88.20%
||
7 Day CHG~0.00%
Published-06 Jul, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the nsXMLHttpRequest::AppendToResponseText function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 might allow remote attackers to cause a denial of service or have unspecified other impact via unknown vectors.

Action-Not Available
Vendor-n/aMozilla CorporationOracle CorporationDebian GNU/LinuxNovellCanonical Ltd.
Product-solarisfirefoxfirefox_esrubuntu_linuxsuse_linux_enterprise_serverthunderbirddebian_linuxsuse_linux_enterprise_software_development_kitsuse_linux_enterprise_desktopn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2004-1018
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-36.63% / 97.01%
||
7 Day CHG~0.00%
Published-08 Dec, 2004 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple integer handling errors in PHP before 4.3.10 allow attackers to bypass safe mode restrictions, cause a denial of service, or execute arbitrary code via (1) a negative offset value to the shmop_write function, (2) an "integer overflow/underflow" in the pack function, or (3) an "integer overflow/underflow" in the unpack function. NOTE: this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute. This candidate may change significantly in the future as a result of further discussion.

Action-Not Available
Vendor-n/aCanonical Ltd.The PHP Group
Product-phpubuntu_linuxn/a
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 10
  • 11
  • Next
Details not found