313 matches found
CVE-2012-3152
CVE-2012-3152/3153 affect Oracle Fusion Middleware’s Oracle Reports Developer component (11.1.1.4, 11.1.1.6, 11.1.2.0). An unspecified vulnerability in the Report Server/Servlet can allow remote attackers to affect confidentiality and integrity; one note indicates possible file read/upload of a ....
CVE-2012-1710
CVE-2012-1710 affects Oracle WebCenter Forms Recognition in Oracle Fusion Middleware 10.1.3.5. Multiple ActiveX components (CroProj.dll and Sssplt30.ocx) are vulnerable to directory-traversal flaws that can allow arbitrary file creation/overwrite when a user visits a crafted page. This enables re...
CVE-2012-0518
Oracle Fusion Middleware – Oracle Application Server Single Sign-On (SASO) 10.1.4.3.0 is listed as vulnerable in CVE-2012-0518, with the issue related to Redirects and affecting integrity. A connected PT-2012-4537 entry confirms the affected version (10.1.4.3.0) and notes there is no information ...
CVE-2019-10086
CVE-2019-10086 affects Apache Commons BeanUtils 1.9.2, where a BeanIntrospector addition could suppress access to the classloader via the class property on Java objects. The issue stems from not applying the suppression by default in PropertyUtilsBean, enabling potential risk across affected depl...
CVE-2014-4210
CVE-2014-4210 is an unspecified WebLogic SSRF vulnerability affecting Oracle WebLogic Server in Oracle Fusion Middleware 10.0.2.0 and 10.3.6.0. It allows remote attackers to affect confidentiality via Web Services/WebLogic SSRF vectors. Public details describe an SSRF that could bypass network re...
CVE-2020-10683
CVE-2020-10683 is described in IBM Bulletin sources as an XXE vulnerability in the dom4j library, allowing a remote authenticated attacker to obtain sensitive information through XML processing. The issue stems from dom4j handling External DTDs/Entities by default, and multiple IBM entries map th...
CVE-2018-1304
Apache Tomcat vulnerability CVE-2018-1304 arises from incorrect handling of the empty string URL pattern ("") in security constraint processing, allowing unauthorized access to protected resources. Affected versions: Tomcat 9.0.0.M1–9.0.4, 8.5.0–8.5.27, 8.0.0.RC1–8.0.49, and 7.0.0–7.0.84. This is...
CVE-2018-1305
Apache Tomcat contains CVE-2018-1305, where security constraints defined by Servlet annotations were only applied after a Servlet load, potentially allowing unauthorized access to resources depending on the order of loading. Affected releases span 7.0.0–7.0.84, 8.0.0.RC1–8.0.49, 8.5.0–8.5.27, and...
CVE-2019-10219
The CVE-2019-10219 entry affects Hibernate Validator: SafeHtml validator annotation fails to sanitize HTML comments/instructions, enabling XSS in affected code paths. Affected CP4S versions are 1.7.2.0, 1.8.0.0, and 1.8.1.0. Remediation is to upgrade to Cloud Pak for Security 1.9.0.0 per IBM guid...
CVE-2020-5421
CVE-2020-5421 affects Spring Framework releases across multiple lines (5.2.x to 5.0.x, 4.3.x and older). The issue arises from improper input handling of the jsessionid path parameter, which may bypass RFD Protection and weaken security controls. Affected products reference VMware Tanzu Spring Fr...
CVE-2012-3153
CVE-2012-3153 affects Oracle Fusion Middleware’s Oracle Reports Developer (11.1.1.4/11.1.1.6/11.1.2.0). It involves an unspecified vulnerability in the Reports Servlet that can compromise confidentiality and integrity via unknown vectors related to the Report Server component; the vulnerability m...
CVE-2010-1622
CVE-2010-1622 affects Spring Framework 2.5.x up to 2.5.6.SEC02 and 2.5.7 up to 2.5.7.SR01, and 3.0.x up to 3.0.3. The issue arises from binding request data to Java beans, which allows an attacker to overwrite nested properties of the ClassLoader (notably via class.classLoader.URLs[0]), enabling ...
CVE-2014-0191
CVE-2014-0191 affects libxml2 up to version 2.9.1, where xmlParserHandlePEReference can load external parameter entities even when entity substitution or validation is disabled. This vulnerability can be exploited by processing crafted XML to cause resource consumption and denial of service in af...
CVE-2013-3827
CVE-2013-3827 affects Oracle GlassFish Server components in Fusion Middleware 2.1.1, 3.0.1, 3.1.2; Oracle JDeveloper in 11.1.2.3.0, 11.1.2.4.0, 12.1.2.0.0; and Oracle WebLogic Server in Fusion Middleware 10.3.6.0 and 12.1.1. The vulnerability, related to JavaServer Faces/Web Container handling, a...
CVE-2021-2351
CVE-2021-2351 affects Oracle Database Server’s Advanced Networking Option, with affected versions 12.1.0.2, 12.2.0.1, and 19c. The vulnerability allows unauthenticated network access via Oracle Net to compromise the Advanced Networking Option, with access requiring user interaction (UI_R) and ris...
CVE-2012-3175
Technical details for CVE-2012-3175 are not publicly provided in the connected documents. The available sources mention Oracle SSO 10.1.4.3.0 and redirects generally, but no concrete exploit, affected components/versions, root cause, or fixes are described here. Monitor for updates.
CVE-2012-1709
CVE-2012-1709 targets Oracle WebCenter Forms Recognition via the CroProj.dll ActiveX control. The vulnerability stems from insufficient input validation, enabling a remote attacker to trigger a directory traversal that could yield arbitrary code execution in the context of the target browser when...
CVE-2012-1744
CVE-2012-1744 affects Oracle Fusion Middleware 8.3.5 and 8.3.7 via the Oracle Outside In Technology component, specifically the Outside In Filters, allowing context-dependent users to impact availability. The underlying vectors and exploit details are not disclosed in the provided documents; the ...
CVE-2013-5763
CVE-2013-5763 corresponds to a stack-based buffer overflow in the Oracle Outside In Technology OS/2 Metafile Parser. The vulnerability can be triggered by processing a crafted file, potentially allowing a remote attacker to execute arbitrary code with the privileges of the vulnerable application....
CVE-2013-0393
CVE-2013-0393 affects Oracle Outside In Technology (SDK) used by Oracle Fusion Middleware 8.3.7 and 8.4 via the Paradox database stream filter (vspdx.dll). The vulnerability arises when processing Paradox field descriptions, enabling a context-dependent attacker to impact availability. Related ad...
CVE-2014-3576
CVE-2014-3576 affects Apache ActiveMQ before 5.11.0, where the processControlCommand function in broker/TransportConnection.java allows a remote attacker to shut down the broker via a shutdown command, causing a denial of service. The vulnerability is confirmed in multiple connected sources, incl...
CVE-2010-3598
Affected product: Oracle Document Capture component in Oracle Fusion Middleware 10.1.3.4 and 10.1.3.5. The issue is described as an unspecified vulnerability relating to the Import Export Utility that allows remote attackers to affect integrity. The Connected documents corroborate multiple CVEs (...
CVE-2012-0110
CVE-2012-0110 maps to a vulnerability in the Oracle Outside In Library used by Oracle Fusion Middleware (Outside In Technology) and in related SDKs. The issue arises in the OOXML/Lotus 1-2-3 handling within the Outside In libraries (notably in versions 8.3.5–8.3.7), where improper parsing/validat...
CVE-2012-1769
CVE-2012-1769 relates to Oracle Outside In Technology in Oracle Fusion Middleware 8.3.5/8.3.7, with an unspecified vulnerability that could affect availability via Outside In Filters (context-dependent attackers). Connected advisory material confirms a separate Oracle Outside In issue described a...
CVE-2010-3591
CVE-2010-3591 affects Oracle Document Capture (ActiveX: Actbar2.ocx and EMPOP3Lib empop3.dll) within Oracle Fusion Middleware 10.1.3.4/10.1.3.5. DSecRG advisories describe insecure methods in Actbar2.ocx and empop3.dll that can overwrite or delete arbitrary files, with exploits publicly discussed...
CVE-2013-1559
CVE-2013-1559 affects Oracle WebCenter Content Content Server. Public records show a remote authenticated vulnerability in the CheckOutAndOpen.dll ActiveX control that can lead to remote code execution, with confirmed testing/exploitation against Oracle WebCenter Content 11.1.1.6.0 (and earlier 1...
CVE-2012-1686
CVE-2012-1686 affects Oracle BI Enterprise Edition/BI Publisher help page components. The connected ERPScan advisory documents an XSS vulnerability in Oracle BI Help Page (example path includes vt_chrome.js) affecting Oracle BI Enterprise Edition 10.1.3.4.0. The root cause is an XSS flaw in the O...
CVE-2010-3599
The CVE-2010-3599 issue affects Oracle Document Capture (NCSECWLib ActiveX), where the WriteJPG method in NCSECWLib can be exploited via a crafted page to overwrite files or trigger a buffer overflow, potentially enabling arbitrary code execution. The vulnerability is reported in Oracle Document ...
CVE-2013-5791
CVE-2013-5791 is a stack-based buffer overflow in Oracle Outside In Technology’s Microsoft Access 1.x database file parser used by IBM Content Manager/Content Foundation and related IBM products. The vulnerability allows code execution or denial of service when processing crafted MDB files; IBM d...
CVE-2015-2623
The CVE-2015-2623 entry affects Oracle Fusion Middleware components: Oracle GlassFish Server (3.0.1, 3.1.2) and Oracle WebLogic Server (Fusion Middleware 10.3.6.0, 12.1.1.0, 12.1.2.0, 12.1.3.0). The underlying issue is related to JavaServer Faces, with remote attackers able to impact integrity vi...
CVE-2010-3595
CVE-2010-3595 affects Oracle Document Capture’s EasyMail ActiveX control (emsmtp.dll). The connected advisories and exploit references describe an information-disclosure vulnerability caused by improper validation in the ImportBodyText/related methods, enabling a remote attacker to read arbitrary...
CVE-2010-3592
Technical details for CVE-2010-3592 are not publicly available in the provided documents; the entries describe an unspecified vulnerability in Oracle Document Capture. Monitor for updates.
CVE-2013-2380
Technical details for CVE-2013-2380 are not provided in the supplied connected documents. No product/version specifics or remediation are included here; monitor official advisories for updates and confirmation of applicability.
CVE-2011-0785
CVE-2011-0785 affects Oracle Help component exposed by Oracle Database Server (versions 11.1.0.7, 11.2.0.1, 11.2.0.2, 10.1.0.5, 10.2.0.3–10.2.0.5, 10.1.0.5) and Oracle Fusion Middleware (11.1.1.2.0–11.1.1.4.0). Root cause: unspecified vulnerability in the Oracle Help component allowing remote int...
CVE-2010-2390
CVE-2010-2390 describes a buffer overflow in the Oracle Enterprise Manager Grid Control EM Console component when processing overly long HTTP requests. The vulnerability affects Oracle Database Server 10.1.0.5/10.2.0.3, Oracle Fusion Middleware 10.1.2.3/10.1.4.3, and Enterprise Manager Grid Contr...
CVE-2010-2389
CVE-2010-2389 affects Oracle Database Server components and Fusion Middleware. The Perl component in Oracle Database Server versions 11.2.0.1, 11.1.0.7, 10.2.0.3, 10.2.0.4, and 10.1.0.5, and in Fusion Middleware 11.1.1.1.0 and 11.1.1.2.0, allows a local user to affect integrity via unknown vector...
CVE-2011-2232
CVE-2011-2232 affects Oracle Database Server XML Developer Kit. The vulnerable products include Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 11.1.0.7, 11.2.0.1 and Oracle Fusion Middleware 10.1.3.5. The issue is described as an unspecified vulnerability in the XML Developer Kit component ...
CVE-2014-2480
IBM OpenPages with Application Server 6.2 through 7.0 is listed as potentially impacted by CVE-2014-2480 via Oracle WebLogic Server components. The IBM Security Bulletin notes an unspecified vulnerability with partial confidentiality, integrity, and availability impacts and provides a remediation...
CVE-2015-4744
Technical details about CVE-2015-4744 are not provided in the supplied documents; no explicit affected products/versions or impact are disclosed. Monitor for updates.
CVE-2024-21215
CVE-2024-21215 affects Oracle WebLogic Server (Fusion Middleware), specifically Core component, in versions 12.2.1.4.0 and 14.1.1.0.0. The vulnerability allows unauthenticated, network-accessible exploitation (via HTTP) that can cause the server to hang or crash (complete DoS). Other sources also...
CVE-2011-2231
CVE-2011-2231 affects Oracle Database Server components (versions 10.1.0.5, 10.2.0.3/4/5, 11.1.0.7, 11.2.0.1) and Oracle Fusion Middleware 10.1.3.5. The XML Developer Kit component harbors an unspecified vulnerability that could allow remote attackers to impact availability via unknown vectors. T...
CVE-2010-4427
Technical details for CVE-2010-4427 are not publicly provided in the connected documents you supplied. No concrete affected products, versions, or fixes are listed here. Monitor for updates from official advisories.
CVE-2014-4241
CVE-2014-4241 affects Oracle WebLogic Server within Oracle Fusion Middleware 10.0.2.0 and 10.3.6.0. The initial entry describes an unspecified vulnerability that allows remote attackers to affect integrity via vectors related to WLS - Web Services. Connected documents provide context for WebLogic...
CVE-2015-0449
CVE-2015-0449 is an unspecified vulnerability in Oracle WebLogic Server Console of Oracle Fusion Middleware. Affected products/versions: Oracle WebLogic Server Console in Oracle Fusion Middleware 10.3.6.0, 12.1.1.0, and 12.1.2.0. The CNVD entry describes the vulnerability as affecting the Console...
CVE-2016-0464
CVE-2016-0464 is an unspecified vulnerability affecting Oracle WebLogic Server (Oracle Fusion Middleware) with impact limited to integrity via the WLS-Console component. Affected versions include 10.3.6, 12.1.2, and 12.1.3. The NVD entry notes an unauthenticated network access path that could aff...
CVE-2015-0482
Oracle Fusion Middleware WebLogic Server (Oracle WebLogic Server component) 12.1.2.0 and 12.1.3.0 contains a vulnerability in the WLS-WebServices subcomponent. The issue could allow remote authenticated users to affect confidentiality, integrity, and availability via WLS-WebServices-related vecto...
CVE-2012-1771
Technical details are not publicly available in the provided documents for CVE-2012-1771; no affected products, versions, root cause, or remediation are disclosed here. Monitor for updates.
CVE-2012-3217
CVE-2012-3217 affects Oracle Outside In Technology in Oracle Fusion Middleware 8.3.7.0, specifically the Outside In HTML Export SDK. The vulnerability is described as an unspecified issue that could allow context-dependent attackers to affect availability. Within the provided documents, there is ...
CVE-2013-1529
Public details for CVE-2013-1529 are not provided in the supplied documents. They reference Oracle WebCenter Interaction components but give no concrete exploit, impact, or remediation. Monitor for updates.
CVE-2012-0532
Technical details for CVE-2012-0532 are not publicly available in the provided documents. The connected sources reference an unspecified vulnerability in Oracle Identity Manager related to User Config Management. Monitor for updates.