Vulnerabilities > Oracle > Low

DATE CVE VULNERABILITY TITLE RISK
2016-04-21 CVE-2016-0671 Unspecified vulnerability in Oracle Http Server 12.1.2.0
Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 12.1.2.0 allows remote attackers to affect confidentiality via vectors related to OSSL Module.
network
high complexity
oracle
3.7
2016-04-21 CVE-2016-0688 Unspecified vulnerability in Oracle Weblogic Server 10.3.6.0.0/12.1.2.0.0/12.1.3.0.0
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via vectors related to Core Components.
network
high complexity
oracle
3.7
2016-04-21 CVE-2016-0690 Unspecified vulnerability in Oracle Database 11.2.0.4/12.1.0.1/12.1.0.2
Unspecified vulnerability in the RDBMS Security component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows local users to affect integrity via unknown vectors, a different vulnerability than CVE-2016-0691.
local
low complexity
oracle
3.3
2016-04-21 CVE-2016-0691 Unspecified vulnerability in Oracle Database 11.2.0.4/12.1.0.1/12.1.0.2
Unspecified vulnerability in the RDBMS Security component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows local users to affect integrity via unknown vectors, a different vulnerability than CVE-2016-0690.
local
low complexity
oracle
3.3
2016-04-13 CVE-2016-3158 Improper Access Control vulnerability in multiple products
The xrstor function in arch/x86/xstate.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits.
local
low complexity
xen fedoraproject oracle CWE-284
3.8
2016-04-13 CVE-2016-3159 Improper Access Control vulnerability in multiple products
The fpu_fxrstor function in arch/x86/i387.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits.
local
low complexity
oracle xen fedoraproject debian CWE-284
3.8
2015-05-21 CVE-2015-4000 Cryptographic Issues vulnerability in multiple products
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.
3.7
2014-12-12 CVE-2014-8134 The paravirt_ops_setup function in arch/x86/kernel/kvm.c in the Linux kernel through 3.18 uses an improper paravirt_enabled setting for KVM guest kernels, which makes it easier for guest OS users to bypass the ASLR protection mechanism via a crafted application that reads a 16-bit value.
local
low complexity
linux canonical opensuse suse oracle
3.3
2014-10-15 CVE-2014-3566 Cryptographic Issues vulnerability in multiple products
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.
3.4