Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2019-2678

Summary
Assigner-oracle
Assigner Org ID-43595867-4340-4103-b7a2-9a5208d29a85
Published At-23 Apr, 2019 | 18:16
Updated At-02 Oct, 2024 | 15:41
Rejected At-
Credits

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.28 and prior to 6.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N).

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:oracle
Assigner Org ID:43595867-4340-4103-b7a2-9a5208d29a85
Published At:23 Apr, 2019 | 18:16
Updated At:02 Oct, 2024 | 15:41
Rejected At:
▼CVE Numbering Authority (CNA)

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.28 and prior to 6.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N).

Affected Products
Vendor
Oracle CorporationOracle Corporation
Product
VM VirtualBox
Versions
Affected
  • From unspecified before 5.2.28 (custom)
  • From unspecified before 6.0.6 (custom)
Problem Types
TypeCWE IDDescription
textN/AEasily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data.
Type: text
CWE ID: N/A
Description: Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data.
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
x_refsource_MISC
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html
vendor-advisory
x_refsource_SUSE
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
Resource:
x_refsource_MISC
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html
Resource:
vendor-advisory
x_refsource_SUSE
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
x_refsource_MISC
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert_us@oracle.com
Published At:23 Apr, 2019 | 19:32
Updated At:24 Aug, 2020 | 17:37

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.28 and prior to 6.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N).

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.06.5MEDIUM
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Primary2.02.1LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
Type: Primary
Version: 3.0
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Type: Primary
Version: 2.0
Base score: 2.1
Base severity: LOW
Vector:
AV:L/AC:L/Au:N/C:P/I:N/A:N
CPE Matches
Oracle Corporation
oracle
>>vm_virtualbox>>Versions before 5.2.28(exclusive)
cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>vm_virtualbox>>Versions from 6.0.0(inclusive) to 6.0.6(exclusive)
cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.htmlsecalert_us@oracle.com
N/A
http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlsecalert_us@oracle.com
Patch
Vendor Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html
Source: secalert_us@oracle.com
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
Source: secalert_us@oracle.com
Resource:
Patch
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

152Records found
CVE-2019-2506
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-3.8||LOW
EPSS-0.04% / 10.19%
||
7 Day CHG~0.00%
Published-16 Jan, 2019 | 19:00
Updated-02 Oct, 2024 | 16:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 3.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-vm_virtualboxVM VirtualBox
CVE-2019-2556
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6.5||MEDIUM
EPSS-0.07% / 20.99%
||
7 Day CHG~0.00%
Published-16 Jan, 2019 | 19:00
Updated-02 Oct, 2024 | 15:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-vm_virtualboxVM VirtualBox
CVE-2019-2448
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.5||MEDIUM
EPSS-0.11% / 29.62%
||
7 Day CHG~0.00%
Published-16 Jan, 2019 | 19:00
Updated-02 Oct, 2024 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-vm_virtualboxVM VirtualBox
CVE-2019-19535
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.03% / 7.89%
||
7 Day CHG~0.00%
Published-03 Dec, 2019 | 15:38
Updated-05 Aug, 2024 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_fd.c driver, aka CID-30a8beeb3042.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncopenSUSEDebian GNU/LinuxOracle Corporation
Product-debian_linuxlinux_kernelsd-wan_edgeleapn/a
CWE ID-CWE-909
Missing Initialization of Resource
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2012-3206
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-2.1||LOW
EPSS-0.41% / 60.42%
||
7 Day CHG~0.00%
Published-17 Oct, 2012 | 00:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Integrated Lights Out Manager CLI in Oracle Sun Products Suite SysFW 8.2.0.a for SPARC and Netra SPARC T3 and T4-based servers, and other versions and servers, allows local users to affect confidentiality via unknown vectors.

Action-Not Available
Vendor-n/aOracle Corporation
Product-sparc_t4-1sparc_t4-1bsparc_t3-4netra_sparc_t3-1sparc_t3-1bsparc_t4-4netra_sparc_t4-1netra_sparc_t4-2sparc_t3-2netra_sparc_t4-2bnetra_sparc_t3-1bsparc_t3-1sun_products_suite_sysfwn/a
CVE-2012-2672
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.06% / 17.59%
||
7 Day CHG~0.00%
Published-17 Jun, 2012 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Oracle Mojarra 2.1.7 does not properly "clean up" the FacesContext reference during startup, which allows local users to obtain context information an access resources from another WAR file by calling the FacesContext.getCurrentInstance function.

Action-Not Available
Vendor-n/aOracle Corporation
Product-mojarran/a
CVE-1999-0524
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-0.70% / 71.12%
||
7 Day CHG~0.00%
Published-04 Feb, 2000 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts.

Action-Not Available
Vendor-windriverscon/aLinux Kernel Organization, IncNovellSilicon Graphics, Inc.IBM CorporationOracle CorporationCisco Systems, Inc.Microsoft CorporationApple Inc.HP Inc.
Product-linux_kerneltru64hp-uxbsdosaixmacossolarissco_unixioswindowsirixnetwaremac_os_xos2n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2012-0548
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-2.1||LOW
EPSS-0.18% / 40.36%
||
7 Day CHG~0.00%
Published-03 May, 2012 | 18:17
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle SPARC Enterprise M Series Servers XCP 1110 and earlier allows local users to affect confidentiality, related to XSCF Control Package (XCP).

Action-Not Available
Vendor-n/aOracle Corporation
Product-sparc_enterprise_m9000_serversparc_enterprise_m8000_serverxcpsparc_enterprise_m5000_serversparc_enterprise_m3000_serversparc_enterprise_m4000_servern/a
CVE-2019-2446
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.5||MEDIUM
EPSS-0.11% / 29.62%
||
7 Day CHG~0.00%
Published-16 Jan, 2019 | 19:00
Updated-02 Oct, 2024 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-vm_virtualboxVM VirtualBox
CVE-2019-2969
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6.2||MEDIUM
EPSS-0.89% / 74.65%
||
7 Day CHG~0.00%
Published-16 Oct, 2019 | 17:40
Updated-01 Oct, 2024 | 16:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 6.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Action-Not Available
Vendor-NetApp, Inc.Canonical Ltd.Oracle Corporation
Product-ubuntu_linuxsnapcenteractive_iq_unified_manageroncommand_workflow_automationmysqloncommand_insightMySQL Server
CVE-2019-2504
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-3.8||LOW
EPSS-0.06% / 20.13%
||
7 Day CHG~0.00%
Published-16 Jan, 2019 | 19:00
Updated-02 Oct, 2024 | 16:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 3.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-vm_virtualboxVM VirtualBox
CVE-2011-3570
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-2.1||LOW
EPSS-0.07% / 21.07%
||
7 Day CHG~0.00%
Published-18 Jan, 2012 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Communications Unified 7.0 allows local users to affect confidentiality via unknown vectors related to Calendar Server.

Action-Not Available
Vendor-n/aOracle Corporation
Product-communications_unifiedn/a
CVE-2011-2263
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-2.1||LOW
EPSS-0.45% / 62.84%
||
7 Day CHG~0.00%
Published-20 Jul, 2011 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Sun Integrated Lights Out Manager in Oracle SysFW 8.0.3.b or earlier for various Oracle SPARC T3, SPARC Netra T3, Sun Blade, and Sun Fire servers allows local users to affect confidentiality via unknown vectors.

Action-Not Available
Vendor-n/aOracle Corporation
Product-sysfwsun_fire_x4170sun_blade_x6270sun_fire_x4170_m2sun_fire_x4540sun_blade_x6250sparc_t3-1bsun_fire_x4275sun_blade_x6275_m2sun_fire_x4270sun_blade_x6440_m2sun_fire_x4470_m2sun_blade_x6275sun_blade_x6450netra_sparc_t3-1sun_fire_x2270_m2sparc_t3-1sun_fire_x2270sun_fire_x4470sparc_t3-3sparc_t3-4sun_blade_x6270_m2sun_fire_x4270_m2n/a
CVE-2011-2327
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-2.1||LOW
EPSS-0.18% / 40.36%
||
7 Day CHG~0.00%
Published-18 Oct, 2011 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Communications Unified component in Oracle Sun Products Suite 7.0 allows local users to affect confidentiality via unknown vectors related to Delegated Administrator.

Action-Not Available
Vendor-n/aOracle Corporation
Product-sun_products_suiten/a
CVE-2021-2266
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6||MEDIUM
EPSS-0.07% / 23.04%
||
7 Day CHG~0.00%
Published-22 Apr, 2021 | 21:53
Updated-26 Sep, 2024 | 14:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-vm_virtualboxVM VirtualBox
CVE-2017-3239
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-3.3||LOW
EPSS-0.04% / 12.54%
||
7 Day CHG~0.00%
Published-27 Jan, 2017 | 22:01
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Administration). Supported versions that are affected are 3.0.1 and 3.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle GlassFish Server executes to compromise Oracle GlassFish Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GlassFish Server accessible data. CVSS v3.0 Base Score 3.3 (Confidentiality impacts).

Action-Not Available
Vendor-Oracle Corporation
Product-glassfish_serverGlassFish Server
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-12415
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 4.27%
||
7 Day CHG~0.00%
Published-23 Oct, 2019 | 19:27
Updated-04 Aug, 2024 | 23:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity (XXE) Processing.

Action-Not Available
Vendor-n/aThe Apache Software FoundationOracle Corporation
Product-insurance_rules_palettepeoplesoft_enterprise_peopletoolsprimavera_unifierendeca_information_discovery_studioenterprise_repositoryprimavera_gatewaypoiflexcube_private_bankingbanking_platformbanking_enterprise_product_manufacturingretail_clearance_optimization_engineinsurance_policy_administration_j2eebanking_paymentsbanking_enterprise_originationsretail_order_brokerfinancial_services_analytical_applications_infrastructurecommunications_diameter_signaling_router_idih\instantis_enterprisetrackjdeveloperbig_data_discoveryretail_predictive_application_serverfinancial_services_market_risk_measurement_and_managementwebcenter_siteshyperion_infrastructure_technologyapplication_testing_suiteenterprise_manager_base_platformwebcenter_portalApache POI
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2010-4178
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.22% / 44.38%
||
7 Day CHG~0.00%
Published-06 Nov, 2019 | 18:03
Updated-07 Aug, 2024 | 03:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MySQL-GUI-tools (mysql-administrator) leaks passwords into process list after with launch of mysql text console

Action-Not Available
Vendor-MySQL-GUI-toolsOracle CorporationFedora Project
Product-fedoramysql-gui-toolsMySQL-GUI-tools
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2021-2306
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6||MEDIUM
EPSS-0.08% / 23.92%
||
7 Day CHG~0.00%
Published-22 Apr, 2021 | 21:54
Updated-26 Sep, 2024 | 14:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-vm_virtualboxVM VirtualBox
CVE-2012-1717
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-2.1||LOW
EPSS-0.15% / 36.81%
||
7 Day CHG~0.00%
Published-16 Jun, 2012 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows local users to affect confidentiality via unknown vectors related to printing on Solaris or Linux.

Action-Not Available
Vendor-n/aSUSERed Hat, Inc.Sun Microsystems (Oracle Corporation)Linux Kernel Organization, IncOracle Corporation
Product-linux_enterprise_javaenterprise_linux_eusenterprise_linux_workstationicedtea6jreenterprise_linux_for_power_big_endianenterprise_linux_for_scientific_computingenterprise_linux_for_ibm_z_systemsenterprise_linux_server_from_rhuisatellite_with_embedded_oracleenterprise_linux_desktoplinux_enterprise_serverenterprise_linux_server_auslinux_enterprise_software_development_kitsunosjdklinux_enterprise_desktoplinux_kernelenterprise_linux_servern/a
CVE-2021-32553
Matching Score-8
Assigner-Canonical Ltd.
ShareView Details
Matching Score-8
Assigner-Canonical Ltd.
CVSS Score-7.3||HIGH
EPSS-0.04% / 9.59%
||
7 Day CHG~0.00%
Published-12 Jun, 2021 | 03:40
Updated-16 Sep, 2024 | 22:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
apport read_file() function could follow maliciously constructed symbolic links

It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-17 package apport hooks, it could expose private data to other local users.

Action-Not Available
Vendor-Oracle CorporationCanonical Ltd.
Product-ubuntu_linuxopenjdkapport
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CWE ID-CWE-61
UNIX Symbolic Link (Symlink) Following
CVE-2019-11135
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.39% / 59.50%
||
7 Day CHG+0.01%
Published-14 Nov, 2019 | 18:19
Updated-04 Aug, 2024 | 22:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.

Action-Not Available
Vendor-n/aIntel CorporationOracle CorporationFedora ProjectCanonical Ltd.SlackwareHP Inc.Debian GNU/LinuxRed Hat, Inc.openSUSE
Product-xeon_w-2223xeon_8276_firmwarexeon_4214c_firmwarexeon_5222core_i7-8665uenterprise_linux_server_ausxeon_w-3245mxeon_5215l_firmwarexeon_6240y_firmwarexeon_w-3225proliant_dl580_firmwarexeon_4215_firmwareproliant_bl460c_firmwarexeon_5218tcore_i9-9880h_firmwareceleron_5305ucore_i7-9700kfxeon_5220t_firmwarexeon_5220_firmwarexeon_6238mxeon_6262vxeon_w-3225_firmwarexeon_9282xeon_w-2295core_i5-10210uproliant_dl120xeon_w-3245m_firmwarexeon_9220_firmwarecore_i9-9900kfxeon_5215_firmwarexeon_6262v_firmwarexeon_5220proliant_xl170rxeon_w-2255xeon_6246core_i7-10510u_firmwarecore_i5-10110y_firmwareproliant_dl560_firmwareenterprise_linux_serverxeon_5218_firmwarecore_i5-9400f_firmwareslackwarecore_i5-10110ycore_i5-10310y_firmwarexeon_9222xeon_9242core_i7-10510yxeon_4208xeon_e-2278gexeon_6246_firmwarexeon_5218bxeon_w-2275_firmwarecore_i5-8210y_firmwarexeon_6230txeon_w-2245xeon_8280_firmwaresynergy_480_firmwarepentium_6405u_firmwarexeon_6254xeon_6252n_firmwarecore_i5-9600kxeon_8260lxeon_6242_firmwarexeon_3206rxeon_4214xeon_8260_firmwareproliant_ml30_firmwarexeon_5220sceleron_5305u_firmwarexeon_8253_firmwarexeon_6222v_firmwareproliant_dl20xeon_w-3223_firmwarexeon_5217_firmwarexeon_6240yxeon_4214yxeon_w-3265mcore_i7-9700kxeon_3206r_firmwarecore_i5-9400_firmwarecore_i7-10510ucore_i7-8500y_firmwarexeon_8268xeon_w-2255_firmwarexeon_6234xeon_w-2265xeon_6240lproliant_xl230kproliant_ml350xeon_5215rxeon_w-2245_firmwarevirtualization_managerfedorazfs_storage_appliance_kitproliant_dl360_firmwarexeon_8256_firmwarexeon_4210xeon_8260yxeon_5220txeon_5218n_firmwarexeon_w-2223_firmwarexeon_8256xeon_8280xeon_4209t_firmwarecore_i5-8365uxeon_6244_firmwarecore_i5-9600kfxeon_w-3265_firmwarexeon_e-2286mxeon_9220xeon_6230n_firmwarexeon_5218nxeon_w-3235_firmwarexeon_6226_firmwarexeon_5215mcore_i9-9900kproliant_dl580xeon_4214_firmwareproliant_dl20_firmwareenterprise_linux_euscore_i5-8200y_firmwarexeon_5220rproliant_xl190r_firmwarexeon_5215lcore_i5-9400core_m3-8100y_firmwarexeon_6238_firmwarecore_i5-10210yxeon_5220r_firmwarecore_i9-9900kf_firmwareproliant_dl380apollo_2000_firmwaresynergy_480xeon_w-3275mxeon_e-2278ge_firmwarecore_i5-10210u_firmwarexeon_6252xeon_6230_firmwarexeon_e-2286m_firmwareproliant_dl560proliant_xl230k_firmwarexeon_6242xeon_8270_firmwarexeon_8276m_firmwarexeon_4208rxeon_6230t_firmwarexeon_w-3265core_i7-8565u_firmwareapollo_2000core_i5-9600kf_firmwareproliant_dl360xeon_w-3245xeon_4216_firmwarecore_i7-9750hfenterprise_linux_workstationcore_i5-9300h_firmwarexeon_6244xeon_6230nxeon_6252nxeon_e-2278gelapollo_4200_firmwarexeon_e-2288gxeon_9221_firmwareproliant_ml30xeon_6238m_firmwarecore_i7-9850hcore_i5-9400fxeon_8276l_firmwarecore_i9-9880hcodeready_linux_builderdebian_linuxxeon_8280lxeon_6238t_firmwarexeon_6230xeon_4208r_firmwarexeon_6238xeon_4214capollo_4200xeon_4216xeon_5215r_firmwarecore_i5-10210y_firmwarecore_i7-8565uxeon_3204xeon_4210_firmwarexeon_5218b_firmwarexeon_6234_firmwarexeon_w-3275xeon_8270xeon_w-2265_firmwarexeon_6238l_firmwarexeon_9282_firmwareproliant_dl180_firmwareproliant_dl380_firmwarexeon_5222_firmwarexeon_6248_firmwareproliant_e910core_i7-10510y_firmwarexeon_8276xeon_6226xeon_w-3245_firmwarexeon_w-3265m_firmwarexeon_8260mcore_i9-9900k_firmwarecore_m3-8100yxeon_5218t_firmwarecore_i7-9700kf_firmwarexeon_4208_firmwarexeon_w-2225_firmwarecore_i7-9850h_firmwarexeon_8280l_firmwareproliant_xl270d_firmwareproliant_dl160_firmwareproliant_bl460cxeon_6254_firmwarexeon_8260y_firmwarexeon_8276menterprise_linux_server_tusxeon_9222_firmwarexeon_e-2278g_firmwarexeon_8260l_firmwarecore_i5-10310yxeon_9242_firmwarecore_i7-9750hf_firmwareubuntu_linuxxeon_4216r_firmwarecore_i5-8365u_firmwarecore_i5-8310y_firmwarexeon_8280m_firmwarexeon_8276lproliant_ml110_firmwarexeon_e-2278gsynergy_660core_i5-9300hpentium_6405uxeon_w-2235xeon_4210rcore_i5-8265u_firmwareproliant_xl270denterprise_linux_desktopcore_i7-8665u_firmwareleapcore_i7-8500ycore_i5-9400hxeon_4214rxeon_w-2295_firmwareproliant_xl170r_firmwareenterprise_linuxxeon_5215m_firmwarexeon_8268_firmwarexeon_4216rproliant_e910_firmwarecore_i5-8210yxeon_4215proliant_ml350_firmwareproliant_xl190rxeon_6222vxeon_5220s_firmwareproliant_ml110xeon_6240mcore_i7-9700k_firmwarexeon_4214r_firmwarexeon_6238tsynergy_660_firmwarexeon_6240_firmwarexeon_4214y_firmwarexeon_8260m_firmwarexeon_e-2288g_firmwarexeon_6240l_firmwarecore_i9-9980hk_firmwarexeon_w-3275_firmwarecore_i5-9400h_firmwarexeon_5215core_i5-8200yproliant_xl450_firmwarecore_i5-8310yxeon_w-2275xeon_6238lxeon_5218xeon_8280mproliant_dl180proliant_xl450xeon_4209txeon_w-3223xeon_e-2278gel_firmwarexeon_w-3275m_firmwarexeon_4210r_firmwareproliant_dl120_firmwarexeon_w-2235_firmwarecore_i5-8265uxeon_8260xeon_6240xeon_w-3235xeon_9221xeon_6248xeon_w-2225xeon_6252_firmwarexeon_3204_firmwarecore_i9-9980hkcore_i5-9600k_firmwareproliant_dl160xeon_8253xeon_5217codeready_linux_builder_eusxeon_6240m_firmware2019.2 IPU – TSX Asynchronous Abort
CVE-2017-10317
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4||MEDIUM
EPSS-0.18% / 39.70%
||
7 Day CHG~0.00%
Published-19 Oct, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hospitality Applications (subcomponent: WebConnect). Supported versions that are affected are 8.10.1 and 8.10.2. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Hospitality Suite8 executes to compromise Oracle Hospitality Suite8. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Hospitality Suite8 accessible data. CVSS 3.0 Base Score 4.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-hospitality_suite8Hospitality Suite8
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-28168
Matching Score-8
Assigner-Eclipse Foundation
ShareView Details
Matching Score-8
Assigner-Eclipse Foundation
CVSS Score-6.2||MEDIUM
EPSS-0.16% / 37.27%
||
7 Day CHG~0.00%
Published-22 Apr, 2021 | 17:35
Updated-03 Aug, 2024 | 21:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Eclipse Jersey 2.28 to 2.33 and Eclipse Jersey 3.0.0 to 3.0.1 contains a local information disclosure vulnerability. This is due to the use of the File.createTempFile which creates a file inside of the system temporary directory with the permissions: -rw-r--r--. Thus the contents of this file are viewable by all other users locally on the system. As such, if the contents written is security sensitive, it can be disclosed to other local users.

Action-Not Available
Vendor-Oracle CorporationEclipse Foundation AISBL
Product-communications_cloud_native_core_policyjerseycommunications_cloud_native_core_unified_data_repositoryEclipse Jersey
CWE ID-CWE-378
Creation of Temporary File With Insecure Permissions
CWE ID-CWE-379
Creation of Temporary File in Directory with Insecure Permissions
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2018-3002
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.1||HIGH
EPSS-0.19% / 40.83%
||
7 Day CHG~0.00%
Published-18 Jul, 2018 | 13:00
Updated-02 Oct, 2024 | 20:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Hospitality Cruise Fleet Management System component of Oracle Hospitality Applications (subcomponent: Fleet Management System Suite). The supported version that is affected is 9.x. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Hospitality Cruise Fleet Management System executes to compromise Oracle Hospitality Cruise Fleet Management System. While the vulnerability is in Oracle Hospitality Cruise Fleet Management System, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Cruise Fleet Management System accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-hospitality_cruise_fleet_managementHospitality Cruise Fleet Management
CVE-2015-2574
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-2.1||LOW
EPSS-0.16% / 37.74%
||
7 Day CHG~0.00%
Published-16 Apr, 2015 | 16:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality via unknown vectors related to Text Utilities.

Action-Not Available
Vendor-n/aOracle Corporation
Product-solarisn/a
CVE-2016-5498
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-3.3||LOW
EPSS-0.11% / 30.44%
||
7 Day CHG~0.00%
Published-25 Oct, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the RDBMS Security component in Oracle Database Server 11.2.0.4 and 12.1.0.2 allows local users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2016-5499.

Action-Not Available
Vendor-n/aOracle Corporation
Product-database_servern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-5452
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.5||MEDIUM
EPSS-0.10% / 27.33%
||
7 Day CHG~0.00%
Published-21 Jul, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect confidentiality via vectors related to Verified Boot.

Action-Not Available
Vendor-n/aOracle Corporation
Product-solarisn/a
CVE-2021-2321
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6||MEDIUM
EPSS-0.07% / 22.76%
||
7 Day CHG~0.00%
Published-28 Apr, 2021 | 21:00
Updated-26 Sep, 2024 | 14:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-vm_virtualboxVM VirtualBox
CWE ID-CWE-125
Out-of-bounds Read
CVE-2016-5499
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-3.3||LOW
EPSS-0.12% / 32.57%
||
7 Day CHG~0.00%
Published-25 Oct, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the RDBMS Security component in Oracle Database Server 11.2.0.4 and 12.1.0.2 allows local users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2016-5498.

Action-Not Available
Vendor-n/aOracle Corporation
Product-database_servern/a
CVE-2021-2353
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.4||MEDIUM
EPSS-0.19% / 40.75%
||
7 Day CHG~0.00%
Published-20 Jul, 2021 | 22:43
Updated-26 Sep, 2024 | 14:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Siebel Core - Server Framework product of Oracle Siebel CRM (component: Loging). Supported versions that are affected are 21.5 and Prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Siebel Core - Server Framework executes to compromise Siebel Core - Server Framework. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Siebel Core - Server Framework accessible data. CVSS 3.1 Base Score 4.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-siebel_core_-_server_frameworkSiebel Core - Server Framework
CVE-2019-2574
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6.5||MEDIUM
EPSS-0.13% / 33.04%
||
7 Day CHG~0.00%
Published-23 Apr, 2019 | 18:16
Updated-02 Oct, 2024 | 15:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.28 and prior to 6.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-vm_virtualboxVM VirtualBox
CVE-2010-4177
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.07% / 20.91%
||
7 Day CHG~0.00%
Published-12 Nov, 2019 | 22:23
Updated-07 Aug, 2024 | 03:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

mysql-gui-tools (mysql-query-browser and mysql-admin) before 5.0r14+openSUSE-2.3 exposes the password of a user connected to the MySQL server in clear text form via the list of running processes.

Action-Not Available
Vendor-mysql-gui-toolsOracle CorporationFedora Project
Product-fedoramysql-gui-toolsmysql-gui-tools
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2008-2588
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-0.18% / 39.60%
||
7 Day CHG~0.00%
Published-14 Oct, 2008 | 21:00
Updated-07 Aug, 2024 | 09:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle JDeveloper component in Oracle Application Server 10.1.2.2 allows local users to affect confidentiality via unknown vectors.

Action-Not Available
Vendor-n/aOracle Corporation
Product-jdevelopern/a
CVE-2011-3522
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-2.1||LOW
EPSS-0.08% / 24.14%
||
7 Day CHG~0.00%
Published-18 Oct, 2011 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in SysFW 8.0 on certain SPARC T3, Netra SPARC T3, Sun Fire, and Sun Blade based servers allows local users to affect confidentiality, related to Integrated Lights Out Manager CLI.

Action-Not Available
Vendor-n/aOracle Corporation
Product-sun_fire_x4170netra_sparc_t3-1bsun_blade_x6270sun_fire_x4170_m2sparc_t3-1bsun_blade_x6275_m2sun_fire_x4270sun_blade_x6440_m2sun_fire_x4470_m2sun_blade_x6275sun_blade_x6450netra_sparc_t3-1sun_fire_x2270_m2sparc_t3-1sun_fire_x2270sun_fire_x4470sparc_t3-4sun_blade_x6270_m2sun_fire_x4270_m2n/a
CVE-2011-3564
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-2.1||LOW
EPSS-0.06% / 17.45%
||
7 Day CHG~0.00%
Published-18 Jan, 2012 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle GlassFish Enterprise Server 2.1.1 allows local users to affect confidentiality via unknown vectors related to Administration.

Action-Not Available
Vendor-n/aOracle Corporation
Product-sun_glassfish_enterprise_servern/a
CVE-2014-6551
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-2.1||LOW
EPSS-0.16% / 37.93%
||
7 Day CHG~0.00%
Published-15 Oct, 2014 | 22:03
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality via vectors related to CLIENT:MYSQLADMIN.

Action-Not Available
Vendor-n/aSUSEOracle CorporationMariaDB Foundation
Product-solarismariadbmysqllinux_enterprise_desktoplinux_enterprise_workstation_extensionlinux_enterprise_serverlinux_enterprise_software_development_kitn/a
CVE-2014-1738
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-2.1||LOW
EPSS-0.03% / 6.89%
||
7 Day CHG~0.00%
Published-11 May, 2014 | 21:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The raw_cmd_copyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which allows local users to obtain sensitive information from kernel heap memory by leveraging write access to a /dev/fd device.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncSUSERed Hat, Inc.Debian GNU/LinuxOracle Corporation
Product-linux_enterprise_high_availability_extensionlinux_kernelenterprise_linux_euslinux_enterprise_real_time_extensionlinux_enterprise_desktopdebian_linuxlinuxlinux_enterprise_servern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-3001
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6.2||MEDIUM
EPSS-0.26% / 48.70%
||
7 Day CHG~0.00%
Published-18 Jul, 2018 | 13:00
Updated-02 Oct, 2024 | 20:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Hospitality Cruise Shipboard Property Management System component of Oracle Hospitality Applications (subcomponent: SPMS Suite). The supported version that is affected is 8.x. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Hospitality Cruise Shipboard Property Management System executes to compromise Oracle Hospitality Cruise Shipboard Property Management System. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Cruise Shipboard Property Management System accessible data. CVSS 3.0 Base Score 6.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-hospitality_cruise_shipboard_property_management_systemHospitality Cruise Shipboard Property Management System
CVE-2018-3003
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6.2||MEDIUM
EPSS-0.26% / 48.70%
||
7 Day CHG~0.00%
Published-18 Jul, 2018 | 13:00
Updated-02 Oct, 2024 | 20:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Hospitality Cruise Fleet Management System component of Oracle Hospitality Applications (subcomponent: Fleet Management System Suite). The supported version that is affected is 9.x. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Hospitality Cruise Fleet Management System executes to compromise Oracle Hospitality Cruise Fleet Management System. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Cruise Fleet Management System accessible data. CVSS 3.0 Base Score 6.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-hospitality_cruise_fleet_managementHospitality Cruise Fleet Management
CVE-2018-3639
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-5.5||MEDIUM
EPSS-46.74% / 97.59%
||
7 Day CHG~0.00%
Published-22 May, 2018 | 12:00
Updated-16 Sep, 2024 | 22:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.

Action-Not Available
Vendor-Debian GNU/LinuxMitel Networks Corp.Siemens AGIntel CorporationSonicWall Inc.Microsoft CorporationRed Hat, Inc.NVIDIA CorporationOracle CorporationCanonical Ltd.Arm Limited
Product-surface_proenterprise_linux_server_ausopenstackxeon_e3_1225_v3xeon_e5_2450lxeon_e5_1620_v3xeon_e5_1428lxeon_e5_1620_v4xeon_e3_1240l_v5windows_10xeon_e3_1270xeon_e3_1230l_v3xeon_e3_1225_v5xeon_e5_2643_v2simatic_ipc677c_firmwaresinumerik_tcu_30.3xeon_e3_1220l_v3itc1900_pro_firmwarexeon_e5_2450_v2simatic_ipc647cweb_application_firewallxeon_e5_2408l_v3xeon_e3_1240_v2xeon_e5_2609_v4simatic_ipc627catom_zxeon_e3_1265l_v2xeon_e3_1278l_v4xeon_e3_1240simatic_ipc547g_firmwarexeon_e3_1246_v3xeon_e5_2637itc1900_proxeon_e5_2448litc1500_pro_firmwaresimatic_ipc347esinema_remote_connect_firmwareitc1900jetson_tx1xeon_e3enterprise_linux_serverxeon_e5_2608l_v3xeon_e3_1501l_v6solarisxeon_e5_1650_v3xeon_e5_2430lsimatic_ipc677cxeon_e7xeon_e3_1240_v5xeon_e5_2428l_v3xeon_e5_2430l_v2xeon_e3_1280_v5simatic_ipc847dxeon_e5_2648l_v3simatic_ipc827cceleron_nxeon_e5_2428lxeon_e5_1660_v4itc1900_firmwarexeon_e5_2428l_v2simatic_ipc477exeon_e5_2407_v2simatic_field_pg_m4_firmwaresimatic_ipc427d_firmwarexeon_e5_2650_v2xeon_e3_1245_v3xeon_e3_1245xeon_e3_1225xeon_e5_2630l_v3xeon_e3_1275_v2xeon_e5_2620_v3cortex-axeon_e3_1241_v3simatic_ipc427e_firmwareitc2200_pro_firmwaresimatic_ipc647d_firmwarexeon_platinummivoice_connectxeon_e5_1680_v4xeon_e5_2628l_v3xeon_e5_2430xeon_e5_2643_v3xeon_e5_1428l_v2xeon_e3_1240l_v3sinumerik_tcu_30.3_firmwarexeon_e3_1285l_v4secure_mobile_accessitc2200xeon_e3_1230_v6local_service_management_systemxeon_e5_2643_v4xeon_e5_2620xeon_e3_1285_v6xeon_e5_2418lxeon_e3_1275_v5xeon_e3_1286_v3xeon_e3_1268l_v5xeon_e3_1290xeon_e5_2448l_v2xeon_e5_1650_v4xeon_e5_2630l_v4simatic_ipc677dsinumerik_840_d_sl_firmwarexeon_e5_2403_v2virtualization_managerxeon_e3_1268l_v3simatic_ipc477d_firmwarexeon_e3_1285_v3xeon_e5_2450xeon_e5_2623_v3xeon_e5_2650l_v3simatic_field_pg_m5xeon_e3_1501m_v6mivoice_businessxeon_e3_1265l_v4simatic_ipc477e_firmwaresimatic_ipc847c_firmwaresimatic_et_200_sp_firmwaresimatic_ipc477e_proatom_csimatic_ipc827datom_esimatic_et_200_spxeon_e5_1660xeon_e5_2618l_v3surface_pro_with_lte_advancedxeon_e5_2618l_v2xeon_e3_1280_v3simatic_ipc627dxeon_e3_12201_v2xeon_e3_1270_v2xeon_e5xeon_e3_1280simatic_s7-1500xeon_e5_2628l_v4xeon_e5_2640_v3xeon_e3_1270_v3simatic_ipc3000_smart_firmwarexeon_e5_2608l_v4xeon_e5_2650enterprise_linux_eusxeon_e3_1265l_v3xeon_e5_1650_v2cloud_global_management_systemxeon_e5_2609xeon_e3_1260l_v5xeon_e5_2650lvirtualizationxeon_e5_2418l_v2xeon_e3_1225_v6xeon_e5_2640sinumerik_840_d_slruggedcom_ape_firmwareatom_x5-e3930simatic_ipc547gsimatic_ipc847cxeon_e3_1285_v4atom_x7-e3950xeon_e5_2630l_v2simatic_ipc477e_pro_firmwaremicollabxeon_e5_2403xeon_e3_1260lxeon_e5_2438l_v3xeon_e3_12201pentiumsimatic_s7-1500_firmwarexeon_e3_1220_v6xeon_e3_1230_v2xeon_e5_1680_v3xeon_e5_1630_v3simatic_ipc647c_firmwareenterprise_linux_workstationxeon_e3_1235xeon_e3_1281_v3xeon_e5_1428l_v3simatic_ipc477c_firmwaresimotion_p320-4e_firmwarexeon_e5_2648lsimatic_ipc347e_firmwarexeon_e3_1276_v3xeon_silverxeon_e5_1620_v2xeon_e5_2630_v2itc2200_firmwaremivoic_mx-onecore_i7xeon_e-1105cxeon_e5_2630lxeon_e5_2643simatic_ipc827c_firmwaresimotion_p320-4exeon_e3_1275l_v3debian_linuxitc1500xeon_e3_1105c_v2xeon_e5_2637_v2itc1500_proxeon_e3_1245_v5xeon_e5_2430_v2xeon_e5_2640_v4xeon_e5_2648l_v2windows_server_2008itc2200_prosimatic_ipc677d_firmwarexeon_e3_1230_v3xeon_e3_1226_v3xeon_e5_2637_v3ruggedcom_apesimatic_ipc547e_firmwarexeon_e3_1245_v6xeon_e5_2420_v2core_i3xeon_e3_1505m_v5mivoice_border_gatewayxeon_e5_2620_v4simatic_ipc827d_firmwarecore_i5xeon_e3_1235l_v5surface_studioxeon_e5_1660_v3celeron_jxeon_e3_1505l_v5xeon_e3_1230simatic_ipc427c_firmwarexeon_e5_2630_v4pentium_jxeon_e3_1275_v6xeon_e3_1285l_v3xeon_e5_1620atom_x5-e3940simatic_ipc427exeon_e5_2640_v2simatic_ipc477dsimatic_ipc427dxeon_e5_2609_v2simatic_itp1000_firmwarexeon_e5_1630_v4xeon_e5_2407xeon_e3_1220_v3windows_7xeon_e3_1280_v6pentium_silversimatic_ipc3000_smartenterprise_linux_server_tussimatic_ipc547exeon_e5_2618l_v4xeon_e3_1275_v3xeon_e3_1505l_v6ubuntu_linuxwindows_8.1xeon_e3_1240_v6global_management_systemxeon_e5_2620_v2xeon_e3_1270_v5itc1500_firmwaresinema_remote_connectsurfacexeon_e5_2450l_v2simatic_ipc627c_firmwaremivoice_5000xeon_e5_2609_v3xeon_e3_1220_v5xeon_e5_2603xeon_e5_2630_v3simatic_itp1000core_mxeon_e5_2650l_v2enterprise_linux_desktopxeon_e3_1231_v3simatic_ipc427cxeon_e3_1280_v2xeon_e5_1650xeon_e5_2470enterprise_linuxxeon_goldsimatic_ipc647dxeon_e5_2603_v3xeon_e3_1286l_v3simatic_field_pg_m5_firmwaresimatic_ipc847d_firmwarexeon_e5_2603_v2open_integration_gatewayxeon_e3_1290_v2xeon_e5_2603_v4xeon_e3_1220_v2xeon_e3_1270_v6simatic_ipc477cwindows_server_2012sinumerik_pcu_50.5windows_server_2016xeon_e3_1225_v2jetson_tx2xeon_e3_1271_v3surface_bookxeon_e5_2623_v4xeon_e3_1230_v5xeon_e5_2440simatic_ipc627d_firmwarexeon_e5_2440_v2mrg_realtimexeon_e3_1258l_v4xeon_e5_2650_v4sonicosvxeon_e5_2418l_v3sinumerik_pcu_50.5_firmwarexeon_e5_2628l_v2micloud_management_portalxeon_e5_2470_v2simatic_field_pg_m4xeon_e3_1245_v2xeon_e5_2637_v4struxureware_data_center_expertxeon_e5_2650_v3xeon_e3_1240_v3xeon_e5_2648l_v4xeon_e5_1660_v2email_securityxeon_e5_2630xeon_e5_2420xeon_e3_1125c_v2Multiple
CWE ID-CWE-203
Observable Discrepancy
CVE-2018-3000
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.1||HIGH
EPSS-0.25% / 47.73%
||
7 Day CHG~0.00%
Published-18 Jul, 2018 | 13:00
Updated-02 Oct, 2024 | 20:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Hospitality Cruise Shipboard Property Management System component of Oracle Hospitality Applications (subcomponent: SPMS Suite). The supported version that is affected is 8.x. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Hospitality Cruise Shipboard Property Management System executes to compromise Oracle Hospitality Cruise Shipboard Property Management System. While the vulnerability is in Oracle Hospitality Cruise Shipboard Property Management System, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Cruise Shipboard Property Management System accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-hospitality_cruise_shipboard_property_management_systemHospitality Cruise Shipboard Property Management System
CVE-2018-2951
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6.2||MEDIUM
EPSS-0.26% / 48.70%
||
7 Day CHG~0.00%
Published-18 Jul, 2018 | 13:00
Updated-02 Oct, 2024 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Configuration Manager). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where PeopleSoft Enterprise PeopleTools executes to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-peoplesoft_enterprise_peopletoolsPeopleSoft Enterprise PT PeopleTools
CVE-2018-2923
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-2.3||LOW
EPSS-0.09% / 26.06%
||
7 Day CHG~0.00%
Published-18 Jul, 2018 | 13:00
Updated-02 Oct, 2024 | 20:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: Core Services). The supported version that is affected is Prior to 8.7.20. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Sun ZFS Storage Appliance Kit (AK) executes to compromise Sun ZFS Storage Appliance Kit (AK). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Sun ZFS Storage Appliance Kit (AK) accessible data. CVSS 3.0 Base Score 2.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-sun_zfs_storage_appliance_kitSun ZFS Storage Appliance Kit (AK) Software
CVE-2012-3160
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-2.1||LOW
EPSS-0.15% / 35.86%
||
7 Day CHG~0.00%
Published-16 Oct, 2012 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows local users to affect confidentiality via unknown vectors related to Server Installation.

Action-Not Available
Vendor-n/aCanonical Ltd.Red Hat, Inc.Oracle CorporationMariaDB FoundationDebian GNU/Linux
Product-enterprise_linux_desktopubuntu_linuxenterprise_linux_eusenterprise_linux_workstationmariadbdebian_linuxmysqlenterprise_linux_servern/a
CVE-2018-3181
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.5||MEDIUM
EPSS-0.15% / 36.19%
||
7 Day CHG~0.00%
Published-17 Oct, 2018 | 01:00
Updated-02 Oct, 2024 | 19:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Hospitality Cruise Shipboard Property Management System component of Oracle Hospitality Applications (subcomponent: OHC ENOAD). The supported version that is affected is 8.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Hospitality Cruise Shipboard Property Management System executes to compromise Oracle Hospitality Cruise Shipboard Property Management System. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Cruise Shipboard Property Management System accessible data. CVSS 3.0 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-hospitality_cruise_shipboard_property_management_systemHospitality Cruise Shipboard Property Management System
CVE-2018-2967
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.3||MEDIUM
EPSS-0.08% / 25.14%
||
7 Day CHG~0.00%
Published-18 Jul, 2018 | 13:00
Updated-02 Oct, 2024 | 20:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Primavera Unifier component of Oracle Construction and Engineering Suite (subcomponent: Core). Supported versions that are affected are 16.x, 17.x and 18.x. Easily exploitable vulnerability allows physical access to compromise Primavera Unifier. While the vulnerability is in Primavera Unifier, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Primavera Unifier accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-primavera_unifierPrimavera Unifier
CVE-2018-2793
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6.2||MEDIUM
EPSS-0.26% / 48.70%
||
7 Day CHG~0.00%
Published-19 Apr, 2018 | 02:00
Updated-03 Oct, 2024 | 20:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of Oracle PeopleSoft Products (subcomponent: PsAdmin). Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where PeopleSoft Enterprise PT PeopleTools executes to compromise PeopleSoft Enterprise PT PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PT PeopleTools accessible data. CVSS 3.0 Base Score 6.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-peoplesoft_enterprise_pt_peopletoolsPeopleSoft Enterprise PT PeopleTools
CVE-2013-2415
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-2.1||LOW
EPSS-0.11% / 29.92%
||
7 Day CHG~0.00%
Published-17 Apr, 2013 | 15:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows local users to affect confidentiality via vectors related to JAX-WS. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "processing of MTOM attachments" and the creation of temporary files with weak permissions.

Action-Not Available
Vendor-n/aOracle Corporation
Product-jrejdkn/a
CVE-2021-20191
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 5.65%
||
7 Day CHG-0.00%
Published-26 May, 2021 | 00:00
Updated-03 Aug, 2024 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality. Versions before ansible 2.9.18 are affected.

Action-Not Available
Vendor-n/aOracle CorporationRed Hat, Inc.
Product-cisco_nx-os_collectionvirtualizationgoogle_cloud_platform_ansible_collectioncommunity_general_collectionansibledocker_community_collectioncommunity_network_collectionansible_toweransible
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found