Vulnerabilities > Oracle > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-04-21 CVE-2016-0641 Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect confidentiality and availability via vectors related to MyISAM.
local
low complexity
opensuse debian oracle ibm redhat mariadb
5.1
2016-04-21 CVE-2016-0640 Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect integrity and availability via vectors related to DML.
local
low complexity
oracle opensuse mariadb debian redhat ibm
6.1
2016-04-21 CVE-2016-0623 Unspecified vulnerability in Oracle Solaris 11.3
Unspecified vulnerability in Oracle Sun Solaris 11.3 allows remote attackers to affect integrity via vectors related to the Automated Installer sub-component.
network
low complexity
oracle
4.7
2016-04-21 CVE-2016-0479 Unspecified vulnerability in Oracle Business Intelligence 11.1.1.7.0/11.1.1.9.0/12.2.1.0.0
Unspecified vulnerability in the Oracle Business Intelligence Enterprise Edition component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, and 12.2.1.0.0 allows remote attackers to affect confidentiality and integrity via vectors related to Analytics Scorecard.
network
low complexity
oracle
6.1
2016-04-21 CVE-2016-0469 Unspecified vulnerability in Oracle Micros C2 9.89.0.0
Unspecified vulnerability in the Oracle Retail MICROS C2 component in Oracle Retail Applications 9.89.0.0 allows local users to affect confidentiality via vectors related to POS.
local
low complexity
oracle
5.5
2016-04-21 CVE-2016-0468 Unspecified vulnerability in Oracle Business Intelligence 11.1.1.7.0/11.1.1.9.0/12.2.1.0.0
Unspecified vulnerability in the Oracle Business Intelligence Enterprise Edition component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, and 12.2.1.0.0 allows remote authenticated users to affect confidentiality and integrity via vectors related to Analytics Web General.
network
low complexity
oracle
5.4
2016-04-21 CVE-2016-0408 Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.53/8.54/8.55
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53 through 8.55 allows remote authenticated users to affect confidentiality and integrity via vectors related to the Activity Guide sub-component.
network
low complexity
oracle
5.4
2016-04-21 CVE-2016-0407 Unspecified vulnerability in Oracle Peoplesoft Enterprise Human Capital Management Human Resources 9.1/9.2
Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote authenticated users to affect confidentiality via vectors related to Fusion HR Talent Integration.
network
low complexity
oracle
6.5
2016-04-07 CVE-2015-2774 Information Exposure vulnerability in multiple products
Erlang/OTP before 18.0-rc1 does not properly check CBC padding bytes when terminating connections, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE).
network
high complexity
erlang oracle opensuse CWE-200
5.9
2016-03-22 CVE-2016-3115 Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions.
network
low complexity
openbsd oracle
6.4