9461 matches found
CVE-2019-2548
CVE-2019-2548 affects Oracle VM VirtualBox Core with vulnerable paths in the OpenGL/HGCM pipeline. The Oracle VirtualBox components for hosts prior to 5.2.24 and 6.0.2 are exploitable when a low-privileged user with logon can trigger an attacker-controlled call chain. Public material in connected...
CVE-2019-2410
Vulnerability in the Oracle Hospitality Cruise Shipboard Property Management System component of Oracle Hospitality Applications subcomponent: DGS RES Online, FMS Sender, FMS Receiver, OHC WPF Security. The supported version that is affected is 8.0.8. Easily exploitable vulnerability allows...
CVE-2019-2414
Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware subcomponent: Web Listener. The supported version that is affected is 12.2.1.3. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle HTTP Server executes to...
CVE-2019-2409
CVE-2019-2409 affects Oracle Hospitality Cruise Shipboard Property Management System, SPMS Suite (component of Oracle Hospitality Applications), specifically version 8.0.8. The vulnerability allows a low-privilege attacker with logon to the infrastructure where SPMS executes to compromise the sys...
CVE-2019-2509
CVE-2019-2509 affects Oracle VM VirtualBox (Core). Affected: Oracle VM VirtualBox versions prior to 5.2.24 and prior to 6.0.2. Root cause: vulnerability in VirtualBox core that enables a low-privileged attacker with logon to the infrastructure running VirtualBox to crash or hang the VM platform (...
CVE-2019-2442
CVE-2019-2442 concerns Oracle PeopleSoft: a vulnerability in the Fluid Core subcomponent of the PeopleSoft Enterprise PeopleTools. Affected versions are 8.55, 8.56 and 8.57. The issue allows an unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools, ...
CVE-2019-2406
Affected: Oracle Database Server Core RDBMS (versions 12.1.0.2, 12.2.0.1, 18c). Vulnerability: CVE-2019-2406 allows a high-privilege attacker with Create Session and Execute Catalog Role, over Oracle Net, to take over the Core RDBMS. Documents indicate this is referenced in the Jan 2019 CPU (Orac...
CVE-2019-2529
CVE-2019-2529 affects Oracle MySQL Server (Server: Optimizer). Affected: 5.6.42 and prior, 5.7.24 and prior, 8.0.13 and prior. Low-privilege, network-access attacker can cause a hang or complete DOS. Remediation: advisories/applicable updates exist (e.g., ALAS/CentOS/RHSA); update mariadb/mysql p...
CVE-2019-2444
CVE-2019-2444 affects Oracle Database Server Core RDBMS. Affected versions are 12.2.0.1 and 18c. The vulnerability allows a low-privileged, local attacker with logon to the infrastructure where Core RDBMS runs to take over the Core RDBMS, with exploitation requiring user interaction. CVSSv3 base ...
CVE-2019-2505
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Core. Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox...
CVE-2019-2482
CVE-2019-2482 affects Oracle MySQL Server (Server: PS) with vulnerable versions 5.6.42 and earlier, 5.7.24 and earlier, and 8.0.13 and earlier. The flaw allows an authenticated, network-accessing attacker via multiple protocols to cause a hang or crash (DoS) in MySQL Server. Several connected sou...
CVE-2019-2434
Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Parser. Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL...
CVE-2019-2420
Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Optimizer. Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise...
CVE-2019-2420
CVE-2019-2420 is a vulnerability in the Oracle MySQL Server: Optimizer subcomponent. Affected products/versions include MySQL Server 5.7.24 and prior and 8.0.13 and prior; exploitation requires network access and high privileges, via multiple protocols, to cause a hang or frequent crash (DoS). Co...
CVE-2019-2507
CVE-2019-2507 affects Oracle MySQL Server, subcomponent Server: Optimizer. Affected versions: 5.6.42 and prior, 5.7.24 and prior, 8.0.13 and prior. Exploitation requires network access with high privileges; successful attacks may cause a hang or frequent crash (DoS) of MySQL Server. Remediation i...
CVE-2018-3304
CVE-2018-3304 affects the Oracle Application Testing Suite Load Testing for Web Apps in Oracle Enterprise Manager Products Suite (affected versions include 12.5.0.3, 13.1.0.1, 13.2.0.1, 13.3.0.1). The vulnerability allows an unauthenticated attacker, over HTTP, to perform unauthorized updates/ins...
CVE-2019-2502
Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: InnoDB. Supported versions that are affected are 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks o...
CVE-2019-2406
Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 18c. Easily exploitable vulnerability allows high privileged attacker having Create Session, Execute Catalog Role privilege with network access via Oracle Net to...
CVE-2019-2404
CVE-2019-2404 affects Oracle PeopleSoft Enterprise PeopleTools, specifically the Portal subcomponent. Supported vulnerable versions are 8.55, 8.56, and 8.57. The issue is exploitable by an unauthenticated attacker over HTTP with network access, potentially leading to unauthorized read access to a...
CVE-2019-2474
CVE-2019-2474 concerns the Oracle Outside In Technology component (Outside In Filters) in Oracle Fusion Middleware, with affected versions 8.5.3 and 8.5.4. The vulnerability enables an unauthenticated attacker with network access over HTTP to cause a hang or crash of Oracle Outside In Technology ...