Vulnerabilities > Oracle > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-04-21 | CVE-2016-0479 | Remote Security vulnerability in Oracle Business Intelligence 11.1.1.7.0/11.1.1.9.0/12.2.1.0.0 Unspecified vulnerability in the Oracle Business Intelligence Enterprise Edition component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, and 12.2.1.0.0 allows remote attackers to affect confidentiality and integrity via vectors related to Analytics Scorecard. network oracle | 5.8 |
| 2016-04-21 | CVE-2016-0469 | Local Security vulnerability in Oracle Micros C2 9.89.0.0 Unspecified vulnerability in the Oracle Retail MICROS C2 component in Oracle Retail Applications 9.89.0.0 allows local users to affect confidentiality via vectors related to POS. | 4.6 |
| 2016-04-21 | CVE-2016-0408 | Remote Security vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.53/8.54/8.55 Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53 through 8.55 allows remote authenticated users to affect confidentiality and integrity via vectors related to the Activity Guide sub-component. network oracle | 4.3 |
| 2016-04-21 | CVE-2016-0407 | Remote Security vulnerability in Oracle Peoplesoft Enterprise Human Capital Management Human Resources 9.1/9.2 Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote authenticated users to affect confidentiality via vectors related to Fusion HR Talent Integration. | 4.0 |
| 2016-04-08 | CVE-2016-2381 | Improper Input Validation vulnerability in multiple products Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp. | 5.0 |
| 2016-04-07 | CVE-2015-2774 | Information Exposure vulnerability in multiple products Erlang/OTP before 18.0-rc1 does not properly check CBC padding bytes when terminating connections, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE). | 5.9 |
| 2016-03-22 | CVE-2016-3115 | Remote Command Injection vulnerability in OpenSSH Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions. | 5.5 |
| 2016-03-13 | CVE-2016-1973 | Race condition in the GetStaticInstance function in the WebRTC implementation in Mozilla Firefox before 45.0 might allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via unspecified vectors. | 6.8 |
| 2016-03-13 | CVE-2016-1965 | 7PK - Security Features vulnerability in multiple products Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 mishandle a navigation sequence that returns to the original page, which allows remote attackers to spoof the address bar via vectors involving the history.back method and the location.protocol property. | 4.3 |
| 2016-03-13 | CVE-2016-1958 | 7PK - Security Features vulnerability in multiple products browser/base/content/browser.js in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to spoof the address bar via a javascript: URL. | 4.3 |