Known Vulnerabilities for products from Oracle

Listed below are 20 of the newest known vulnerabilities associated with the vendor "Oracle".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2021-32553 It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is us... 5.5 - MEDIUM 2021-06-12 2021-06-16
CVE-2021-30640 A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name a... 6.5 - MEDIUM 2021-07-12 2021-08-27
CVE-2021-29777 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5, under specific circumstanc... 6.5 - MEDIUM 2021-06-24 2021-07-20
CVE-2021-29754 IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a privilege escalation vulnerability when using the ... 8.8 - HIGH 2021-06-11 2021-06-21
CVE-2021-29736 IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote user to gain elevated privileges on the system. ... 8.8 - HIGH 2021-07-30 2021-08-05
CVE-2021-29728 IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 contains hard-coded credentials, such as a password or cryptogra... 4.9 - MEDIUM 2021-08-30 2021-09-02
CVE-2021-29725 IBM Secure External Authentication Server 2.4.3.2, 6.0.1, 6.0.2 and IBM Secure Proxy 3.4.3.2, 6.0.1, 6.0.2 could allow a remo... 7.5 - HIGH 2021-07-15 2021-07-31
CVE-2021-29723 IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weaker than expected cryptographic algorithms that could al... 7.5 - HIGH 2021-08-30 2021-09-02
CVE-2021-29722 IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weaker than expected cryptographic algorithms that could al... 7.5 - HIGH 2021-08-30 2021-09-02
CVE-2021-29703 Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server terminates a... 7.5 - HIGH 2021-06-24 2021-07-20
CVE-2021-29692 IBM Security Identity Manager 7.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to p... 5.9 - MEDIUM 2021-05-20 2021-05-24
CVE-2021-29691 IBM Security Identity Manager 7.0.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses f... 7.5 - HIGH 2021-05-20 2021-05-24
CVE-2021-29688 IBM Security Identity Manager 7.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical e... 7.5 - HIGH 2021-05-20 2021-05-24
CVE-2021-29687 IBM Security Identity Manager 7.0.2 could allow a remote user to enumerate usernames due to a difference of responses from va... 5.3 - MEDIUM 2021-05-20 2021-05-24
CVE-2021-29686 IBM Security Identity Manager 7.0.2 could allow an authenticated user to bypass security and perform actions that they should... 8.8 - HIGH 2021-05-20 2021-05-24
CVE-2021-29683 IBM Security Identity Manager 7.0.2 stores user credentials in plain clear text which can be read by an authenticated user. I... 6.5 - MEDIUM 2021-05-20 2021-05-24
CVE-2021-29682 IBM Security Identity Manager 7.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical e... 5.3 - MEDIUM 2021-05-20 2021-05-24
CVE-2021-23841 The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and ... 5.9 - MEDIUM 2021-02-16 2021-07-20
CVE-2021-23840 Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases wher... 7.5 - HIGH 2021-02-16 2021-09-13
CVE-2021-23839 OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to support both SSLv2 ... 3.7 - LOW 2021-02-16 2021-07-20

Known software with vulnerabilities from Oracle

Type Vendor Product Version
ApplicationOracle10g Enterprise Manager Database Control-
ApplicationOracle10g Enterprise Manager Grid Control-
ApplicationOracle10g Reports Server-
ApplicationOracleAccess Manager10.1.4.3.0
ApplicationOracleAdaptive Access Manager11.1.2.3.0
ApplicationOracleAdvanced Collections11.5.10.2
ApplicationOracleAdvanced Inbound Telephony12.1.1
ApplicationOracleAdvanced Networking Option18c
ApplicationOracleAdvanced Outbound Telephony12.1.1
ApplicationOracleAdvanced Pricing12.1.1
ApplicationOracleAdvanced Supply Chain Planning12.2.3
ApplicationOracleAgile Engineering Data Management6.1.2.2
ApplicationOracleAgile Plm9.3.3
ApplicationOracleAgile Plm Framework9.3.6
ApplicationOracleAgile Product Lifecycle Management9.3.1.1
ApplicationOracleAgile Product Lifecycle Management For Process6.1
ApplicationOracleAgile Product Lifecycle Management Framework9.3.1.1
ApplicationOracleApex-
ApplicationOracleApi Gateway11.1.2.3.0
ApplicationOracleApplication Development Framework11.1.1.9.0

Popular searches for "Oracle"

Oracle Corporation

Oracle Corporation Oracle Corporation is an American multinational computer technology corporation headquartered in Austin, Texas. The company was formerly headquartered in Redwood Shores, California until December 2020 when it moved its headquarters to Texas. The company sells database software and technology, cloud engineered systems, and enterprise software productsparticularly its own brands of database management systems. Wikipedia

Oracle

Oracle An oracle is a person or agency considered to provide wise and insightful counsel or prophetic predictions, most notably including precognition of the future, inspired by deities. As such, it is a form of divination. Wikipedia

© CVE.report 2021 Twitter Nitter Twitter Viewer |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report