Vulnerabilities > Oracle
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-11 | CVE-2017-5638 | Improper Handling of Exceptional Conditions vulnerability in multiple products The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string. | 9.8 |
| 2017-02-12 | CVE-2017-3302 | Use After Free vulnerability in multiple products Crash in libmysqlclient.so in Oracle MySQL before 5.6.21 and 5.7.x before 5.7.5 and MariaDB through 5.5.54, 10.0.x through 10.0.29, 10.1.x through 10.1.21, and 10.2.x through 10.2.3. | 7.5 |
| 2017-01-30 | CVE-2016-2518 | Out-of-bounds Read vulnerability in multiple products The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value. | 5.3 |
| 2017-01-30 | CVE-2015-7977 | NULL Pointer Dereference vulnerability in multiple products ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference) via a ntpdc reslist command. | 5.9 |
| 2017-01-30 | CVE-2017-5611 | SQL Injection vulnerability in multiple products SQL injection vulnerability in wp-includes/class-wp-query.php in WP_Query in WordPress before 4.7.2 allows remote attackers to execute arbitrary SQL commands by leveraging the presence of an affected plugin or theme that mishandles a crafted post type name. | 9.8 |
| 2017-01-27 | CVE-2017-3443 | Unspecified vulnerability in Oracle Common Applications Vulnerability in the Oracle Common Applications component of Oracle E-Business Suite (subcomponent: User Interface). | 8.2 |
| 2017-01-27 | CVE-2017-3442 | Unspecified vulnerability in Oracle Customer Interaction History 12.1.1/12.1.2/12.1.3 Vulnerability in the Oracle Customer Interaction History component of Oracle E-Business Suite (subcomponent: User Interface). | 8.2 |
| 2017-01-27 | CVE-2017-3441 | Unspecified vulnerability in Oracle Customer Interaction History 12.1.1/12.1.2/12.1.3 Vulnerability in the Oracle Customer Interaction History component of Oracle E-Business Suite (subcomponent: User Interface). | 8.2 |
| 2017-01-27 | CVE-2017-3440 | Unspecified vulnerability in Oracle Customer Interaction History 12.1.1/12.1.2/12.1.3 Vulnerability in the Oracle Customer Interaction History component of Oracle E-Business Suite (subcomponent: User Interface). | 8.2 |
| 2017-01-27 | CVE-2017-3439 | Unspecified vulnerability in Oracle One-To-One Fulfillment Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: User Interface). | 8.2 |