Filtered by vendor Oracle
Subscriptions
Filtered by product Fusion Middleware
Subscriptions
Total
311 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2010-0853 | 1 Oracle | 2 Database Server, Fusion Middleware | 2025-04-11 | N/A |
| Unspecified vulnerability in the Oracle Internet Directory component in Oracle Database 9.2.0.8, 9.2.0.8, and DV; and Oracle Fusion Middleware 10.1.2.3 and 10.1.4.0.1; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | ||||
| CVE-2010-0855 | 1 Oracle | 1 Fusion Middleware | 2025-04-11 | N/A |
| Unspecified vulnerability in the Portal component in Oracle Fusion Middleware 10.1.2.3 allows remote attackers to affect integrity via unknown vectors, a different vulnerability than CVE-2010-0086. | ||||
| CVE-2010-0081 | 1 Oracle | 1 Fusion Middleware | 2025-04-11 | N/A |
| Unspecified vulnerability in the Application Server Control component in Oracle Fusion Middleware 10.1.2.3 and 10.1.4.0.1 allows remote authenticated users to affect integrity via unknown vectors, a different vulnerability than CVE-2010-2381. | ||||
| CVE-2010-0086 | 1 Oracle | 1 Fusion Middleware | 2025-04-11 | N/A |
| Unspecified vulnerability in the Portal component in Oracle Fusion Middleware 10.1.2.3 allows remote attackers to affect integrity via unknown vectors, a different vulnerability than CVE-2010-0855. | ||||
| CVE-2010-0835 | 1 Oracle | 1 Fusion Middleware | 2025-04-11 | N/A |
| Unspecified vulnerability in the Wireless component in Oracle Fusion Middleware 10.1.2.3 allows remote attackers to affect integrity via unknown vectors. | ||||
| CVE-2013-5900 | 1 Oracle | 1 Fusion Middleware | 2025-04-11 | N/A |
| Unspecified vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.0, and 11.1.2.1 allows remote attackers to affect integrity via unknown vectors related to End User Self Service. | ||||
| CVE-2013-5901 | 1 Oracle | 1 Fusion Middleware | 2025-04-11 | N/A |
| Unspecified vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.2.0 and 11.1.2.1 allows remote attackers to affect confidentiality via unknown vectors related to Identity Console. | ||||
| CVE-2010-2395 | 1 Oracle | 1 Fusion Middleware | 2025-04-11 | N/A |
| Unspecified vulnerability in the Cabo/UIX component in Oracle Fusion Middleware 10.1.2.3 and 10.1.3.5 allows remote attackers to affect integrity via unknown vectors, a different vulnerability than CVE-2010-2409 and CVE-2010-2410. | ||||
| CVE-2010-1622 | 3 Oracle, Redhat, Springsource | 3 Fusion Middleware, Jboss Web Framework Kit, Spring Framework | 2025-04-11 | N/A |
| SpringSource Spring Framework 2.5.x before 2.5.6.SEC02, 2.5.7 before 2.5.7.SR01, and 3.0.x before 3.0.3 allows remote attackers to execute arbitrary code via an HTTP request containing class.classLoader.URLs[0]=jar: followed by a URL of a crafted .jar file. | ||||
| CVE-2010-2390 | 1 Oracle | 3 Database Server, Enterprise Manager Grid Control, Fusion Middleware | 2025-04-11 | N/A |
| Unspecified vulnerability in the Database Control component in EM Console in Oracle Database Server 10.1.0.5 and 10.2.0.3, Oracle Fusion Middleware 10.1.2.3 and 10.1.4.3, and Enterprise Manager Grid Control allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | ||||
| CVE-2012-3175 | 1 Oracle | 1 Fusion Middleware | 2025-04-11 | N/A |
| Unspecified vulnerability in the Oracle Application Server Single Sign-On component in Oracle Fusion Middleware 10.1.4.3.0 allows remote attackers to affect integrity via unknown vectors related to Redirects, a different vulnerability than CVE-2012-0518. | ||||
| CVE-2010-3591 | 1 Oracle | 1 Fusion Middleware | 2025-04-11 | N/A |
| Unspecified vulnerability in the Oracle Document Capture component in Oracle Fusion Middleware 10.1.3.4 and 10.1.3.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Internal Operations. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from the original researcher that remote attackers can overwrite or delete arbitrary files via a full pathname in the second argument to the DownloadSingleMessageToFile method in the EMPOP3Lib ActiveX component (empop3.dll). | ||||
| CVE-2010-3599 | 1 Oracle | 1 Fusion Middleware | 2025-04-11 | N/A |
| Unspecified vulnerability in the Oracle Document Capture component in Oracle Fusion Middleware 10.1.3.4 and 10.1.3.5 allows remote attackers to affect integrity and availability via unknown vectors related to Import Server. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from the original researcher that remote attackers can overwrite arbitrary files and execute arbitrary code via a full pathname in the first argument to the WriteJPG method in the NCSECWLib ActiveX control. | ||||
| CVE-2013-0418 | 2 Microsoft, Oracle | 2 Exchange Server, Fusion Middleware | 2025-04-11 | N/A |
| Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7 and 8.4 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2013-0393. NOTE: the previous information was obtained from the January 2013 CPU. Oracle has not commented on claims from an independent researcher that this is a heap-based buffer overflow in the Paradox database stream filter (vspdx.dll) that can be triggered using a table header with a crafted "number of fields" value. | ||||
| CVE-2012-3153 | 1 Oracle | 1 Fusion Middleware | 2025-04-11 | N/A |
| Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Servlet. NOTE: the previous information is from the October 2012 CPU. Oracle has not commented on claims from the original researcher that the PARSEQUERY function allows remote attackers to obtain database credentials via reports/rwservlet/parsequery, and that this issue occurs in earlier versions. NOTE: this can be leveraged with CVE-2012-3152 to execute arbitrary code by uploading a .jsp file. | ||||
| CVE-2012-3214 | 1 Oracle | 1 Fusion Middleware | 2025-04-11 | N/A |
| Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7.0 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters. | ||||
| CVE-2013-1516 | 1 Oracle | 1 Fusion Middleware | 2025-04-11 | N/A |
| Unspecified vulnerability in the Oracle WebCenter Capture component in Oracle Fusion Middleware 10.1.3.5.1 allows remote authenticated users to affect availability via unknown vectors related to Import Server. | ||||
| CVE-2024-21205 | 1 Oracle | 2 Fusion Middleware, Service Bus | 2025-03-13 | 6.5 Medium |
| Vulnerability in the Oracle Service Bus product of Oracle Fusion Middleware (component: OSB Core Functionality). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Service Bus. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Service Bus accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). | ||||
| CVE-2023-21994 | 1 Oracle | 1 Fusion Middleware | 2024-11-21 | 6.5 Medium |
| Vulnerability in the Oracle Mobile Security Suite product of Oracle Fusion Middleware (component: Android Mobile Authenticator App). Supported versions that are affected are Prior to 11.1.2.3.1. Easily exploitable vulnerability allows unauthenticated attacker with access to the physical communication segment attached to the hardware where the Oracle Mobile Security Suite executes to compromise Oracle Mobile Security Suite. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Mobile Security Suite accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). | ||||
| CVE-2021-2351 | 1 Oracle | 111 Advanced Networking Option, Agile Engineering Data Management, Agile Plm and 108 more | 2024-11-21 | 8.3 High |
| Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Advanced Networking Option, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Advanced Networking Option. Note: The July 2021 Critical Patch Update introduces a number of Native Network Encryption changes to deal with vulnerability CVE-2021-2351 and prevent the use of weaker ciphers. Customers should review: "Changes in Native Network Encryption with the July 2021 Critical Patch Update" (Doc ID 2791571.1). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). | ||||