Vulnerabilities > Oracle

DATE CVE VULNERABILITY TITLE RISK
2012-06-16 CVE-2012-1723 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
network
low complexity
oracle redhat
critical
9.8
2012-05-03 CVE-2012-1710 Unspecified vulnerability in Oracle Fusion Middleware 10.1.3.5
Unspecified vulnerability in the Oracle WebCenter Forms Recognition component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Designer, a different vulnerability than CVE-2012-1709.
network
low complexity
oracle
critical
9.8
2011-12-30 CVE-2011-4461 Cryptographic Issues vulnerability in multiple products
Jetty 8.1.0.RC2 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
network
low complexity
oracle mortbay CWE-310
5.3
2011-10-19 CVE-2011-3544 Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Scripting.
network
low complexity
oracle canonical redhat suse
critical
9.8
2010-04-01 CVE-2010-0840 Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
network
low complexity
oracle opensuse canonical
critical
9.8
2009-08-19 CVE-2009-2857 Improper Locking vulnerability in Oracle Opensolaris and Solaris
The kernel in Sun Solaris 8, 9, and 10, and OpenSolaris before snv_103, does not properly handle interaction between the filesystem and virtual-memory implementations, which allows local users to cause a denial of service (deadlock and system halt) via vectors involving mmap and write operations on the same file.
local
low complexity
oracle CWE-667
5.5
2009-06-08 CVE-2009-1955 XML Entity Expansion vulnerability in multiple products
The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
7.5
2008-11-04 CVE-2008-2992 Out-of-bounds Write vulnerability in multiple products
Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a PDF file that calls the util.printf JavaScript function with a crafted format string argument, a related issue to CVE-2008-1104.
local
low complexity
adobe oracle CWE-787
7.8
2008-08-05 CVE-2008-3431 Unspecified vulnerability in Oracle Virtualbox 1.6.0/1.6.2
The VBoxDrvNtDeviceControl function in VBoxDrv.sys in Sun xVM VirtualBox before 1.6.4 uses the METHOD_NEITHER communication method for IOCTLs and does not properly validate a buffer associated with the Irp object, which allows local users to gain privileges by opening the \\.\VBoxDrv device and calling DeviceIoControl to send a crafted kernel address.
local
low complexity
oracle
8.8
2005-07-18 CVE-2005-2293 Incomplete Cleanup vulnerability in Oracle Forms Builder 9.0.4
Oracle Formsbuilder 9.0.4 stores database usernames and passwords in a temporary file, which is not deleted after it is used, which allows local users to obtain sensitive information.
local
low complexity
oracle CWE-459
5.5