Vulnerabilities > Oracle

DATE CVE VULNERABILITY TITLE RISK
2014-03-18 CVE-2014-2532 Permissions, Privileges, and Access Controls vulnerability in multiple products
sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character.
network
high complexity
oracle openbsd CWE-264
4.9
2013-07-20 CVE-2013-2251 Injection vulnerability in multiple products
Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
network
low complexity
apache fujitsu oracle CWE-74
critical
9.8
2013-07-08 CVE-2013-4786 Credentials Management vulnerability in multiple products
The IPMI 2.0 specification supports RMCP+ Authenticated Key-Exchange Protocol (RAKP) authentication, which allows remote attackers to obtain password hashes and conduct offline password guessing attacks by obtaining the HMAC from a RAKP message 2 response from a BMC.
network
low complexity
oracle intel CWE-255
7.5
2013-03-15 CVE-2013-2566 Inadequate Encryption Strength vulnerability in multiple products
The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext.
network
high complexity
oracle fujitsu canonical mozilla CWE-326
5.9
2013-01-17 CVE-2013-0375 Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.1.28 and earlier, allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Server Replication.
network
low complexity
oracle mariadb canonical redhat
5.4
2012-10-16 CVE-2012-3152 Unspecified vulnerability in Oracle Fusion Middleware 11.1.1.4.0/11.1.1.6.0/11.1.2.0
Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Report Server Component.
network
low complexity
oracle
critical
9.1
2012-10-16 CVE-2012-0518 Open Redirect vulnerability in Oracle Fusion Middleware 10.1.4.3
Unspecified vulnerability in the Oracle Application Server Single Sign-On component in Oracle Fusion Middleware 10.1.4.3.0 allows remote attackers to affect integrity via unknown vectors related to Redirects, a different vulnerability than CVE-2012-3175.
network
low complexity
oracle CWE-601
4.7
2012-06-16 CVE-2012-1723 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
network
low complexity
oracle redhat
critical
9.8
2012-05-03 CVE-2012-1710 Unspecified vulnerability in Oracle Fusion Middleware 10.1.3.5
Unspecified vulnerability in the Oracle WebCenter Forms Recognition component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Designer, a different vulnerability than CVE-2012-1709.
network
low complexity
oracle
critical
9.8
2011-12-30 CVE-2011-4461 Cryptographic Issues vulnerability in multiple products
Jetty 8.1.0.RC2 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
network
low complexity
oracle mortbay CWE-310
5.3