Oracle Security Vulnerabilities (CVEs)

This vulnerability in Oracle Database Enterprise Edition Sharding allows attackers with local logon privileges to compromise the sharding component, p...

This vulnerability allows a high-privileged attacker with local access to the Oracle ZFS Storage Appliance infrastructure to completely compromise the...

An unauthenticated attacker can exploit this vulnerability in Oracle Enterprise Manager Base Platform via HTTP to partially modify or delete data, rea...

This vulnerability in Oracle Solaris 11's filesystem component allows authenticated attackers with network access via SMB to cause denial of service (...

This vulnerability in Oracle Communications Billing and Revenue Management allows an unauthenticated attacker with network access via HTTP to potentia...

CVE-2020-29505 is a key management vulnerability in Dell BSAFE cryptographic libraries that could allow attackers to compromise cryptographic operatio...

This vulnerability in curl versions before 7.83.1 could cause the wrong file to be deleted when using the --no-clobber option with --remove-on-error. ...

CVE-2020-26185 is a buffer over-read vulnerability in Dell BSAFE Micro Edition Suite that could allow attackers to read sensitive information from adj...

CVE-2022-1292 is a command injection vulnerability in the c_rehash script distributed with OpenSSL. It allows attackers to execute arbitrary commands ...

CVE-2022-25647 is a deserialization vulnerability in Google's Gson library versions before 2.8.9. Attackers can exploit the writeReplace() method in i...

This vulnerability in Oracle VM VirtualBox allows a low-privileged attacker with local access to the Windows host system to completely compromise the ...

This vulnerability in Oracle Web Services Manager allows unauthenticated attackers with network access via HTTP to compromise the system when a user i...

This vulnerability in Oracle Java SE and GraalVM Enterprise Edition allows unauthenticated remote attackers to access sensitive data from Java applica...

This vulnerability in Oracle Java SE and GraalVM Enterprise Edition allows unauthenticated attackers with network access to modify critical data witho...

This vulnerability in Oracle JD Edwards EnterpriseOne Tools allows unauthenticated attackers with network access via HTTP to cause denial of service (...

This vulnerability in Oracle Commerce Guided Search allows unauthenticated attackers to remotely access sensitive data via HTTP. It affects Oracle Com...

This vulnerability in Oracle Communications Billing and Revenue Management allows authenticated attackers with network access to manipulate critical d...

This vulnerability in Oracle Communications Billing and Revenue Management allows low-privileged attackers with network access via TCP to potentially ...

CVE-2022-21441 is a denial-of-service vulnerability in Oracle WebLogic Server that allows unauthenticated attackers to crash the server via T3/IIOP ne...

This vulnerability in Oracle Helidon's Reactive WebServer component allows an unauthenticated remote attacker with network access via HTTP to potentia...

This vulnerability in Oracle Database 19c Enterprise Edition Sharding allows attackers with Create Any Procedure privilege and network access via Orac...

This vulnerability in Oracle Communications Billing and Revenue Management allows authenticated attackers with network access to potentially compromis...

This vulnerability in Twisted's HTTP 1.1 server allows HTTP request smuggling due to non-RFC-compliant parsing of HTTP requests. Attackers can exploit...

CVE-2022-1154 is a use-after-free vulnerability in Vim's utf_ptr2char function that could allow an attacker to execute arbitrary code or cause a denia...

This vulnerability is an out-of-bounds memory write flaw in the Linux kernel's NFS subsystem, specifically affecting mirroring/replication functionali...

This Linux kernel vulnerability allows a local unprivileged user to write to file handlers in the cgroups subsystem, potentially leading to system cra...

A use-after-free vulnerability in the Linux kernel's FUSE filesystem allows a local attacker to trigger write() operations that can lead to unauthoriz...

CVE-2022-22719 is a memory corruption vulnerability in Apache HTTP Server where a specially crafted request body can cause the server to read from ran...

CVE-2020-36518 is a denial-of-service vulnerability in Jackson Databind where processing deeply nested JSON objects causes a Java StackOverflowError, ...

This vulnerability in Apache Spark allows attackers to recover full encryption keys from RPC connections using a flawed mutual authentication protocol...

CVE-2022-21716 is a memory exhaustion vulnerability in Twisted's SSH client and server implementations. Attackers can send unlimited data during SSH v...

CVE-2022-23308 is a use-after-free vulnerability in libxml2's validation component that allows attackers to potentially execute arbitrary code or caus...

This CVE describes a prototype pollution vulnerability in Node.js's console.table() function when user-controlled input is passed to the 'properties' ...

This vulnerability in Node.js allows attackers to bypass certificate name constraints by using arbitrary Subject Alternative Name (SAN) types, particu...

CVE-2022-25636 is a heap out-of-bounds write vulnerability in the Linux kernel's netfilter component that allows local users to escalate privileges to...

CVE-2022-24407 is a SQL injection vulnerability in Cyrus SASL authentication library. It allows attackers to inject arbitrary SQL commands via unescap...

This Linux kernel vulnerability allows remote attackers to bypass UDP source port randomization by exploiting flaws in ICMP error processing. Attacker...

CVE-2022-25314 is an integer overflow vulnerability in Expat's copyString function that can lead to heap buffer overflow. This allows attackers to pot...

Traefik versions before 2.6.1 incorrectly handle TLS configuration when requests use fully qualified domain names (FQDNs) in the Host header, potentia...