Vulnerabilities > Oracle > OSS Support Tools > High

DATE CVE VULNERABILITY TITLE RISK
2019-07-02 CVE-2019-5443 Uncontrolled Search Path Element vulnerability in multiple products
A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl <= 7.65.1 automatically run the code (as an openssl "engine") on invocation.
local
low complexity
haxx oracle netapp CWE-427
7.8
2019-05-28 CVE-2019-5436 Out-of-bounds Write vulnerability in multiple products
A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.
7.8
2018-01-18 CVE-2018-2617 Unspecified vulnerability in Oracle OSS Support Tools
Vulnerability in the OSS Support Tools component of Oracle Support Tools (subcomponent: Diagnostic Assistant).
network
low complexity
oracle
7.5
2018-01-18 CVE-2018-2616 Unspecified vulnerability in Oracle OSS Support Tools
Vulnerability in the OSS Support Tools component of Oracle Support Tools (subcomponent: Diagnostic Assistant).
network
low complexity
oracle
8.8
2018-01-18 CVE-2018-2615 Unspecified vulnerability in Oracle OSS Support Tools
Vulnerability in the OSS Support Tools component of Oracle Support Tools (subcomponent: Diagnostic Assistant).
network
low complexity
oracle
8.8