Vulnerabilities > Oracle
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-04-24 | CVE-2017-3234 | Remote Security vulnerability in Oracle Automatic Service Request Vulnerability in the Automatic Service Request (ASR) component of Oracle Support Tools (subcomponent: ASR Manager). | 7.5 |
2017-04-24 | CVE-2017-3233 | Remote Security vulnerability in Oracle Automatic Service Request Vulnerability in the Automatic Service Request (ASR) component of Oracle Support Tools (subcomponent: ASR Manager). | 7.8 |
2017-04-24 | CVE-2017-3232 | Local Security vulnerability in Oracle Automatic Service Request Vulnerability in the Automatic Service Request (ASR) component of Oracle Support Tools (subcomponent: ASR Manager). | 4.9 |
2017-04-24 | CVE-2017-3230 | Remote Security vulnerability in Oracle Fusion Middleware Mapviewer 11.1.1.9/12.2.1.1/12.2.1.2 Vulnerability in the Oracle Fusion Middleware MapViewer component of Oracle Fusion Middleware (subcomponent: Map Builder). | 9.0 |
2017-04-24 | CVE-2016-5551 | Improper Access Control vulnerability in Oracle Solaris Cluster 4.3 Vulnerability in the Solaris Cluster component of Oracle Sun Systems Products Suite (subcomponent: NAS device addition). | 1.9 |
2017-04-17 | CVE-2017-5645 | Deserialization of Untrusted Data vulnerability in multiple products In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code. | 9.8 |
2017-04-14 | CVE-2016-10328 | Out-of-bounds Write vulnerability in multiple products FreeType 2 before 2016-12-16 has an out-of-bounds write caused by a heap-based buffer overflow related to the cff_parser_run function in cff/cffparse.c. | 7.5 |
2017-04-11 | CVE-2016-1908 | Improper Authentication vulnerability in multiple products The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding privileges by leveraging configuration issues on this X11 server, as demonstrated by lack of the SECURITY extension on this X11 server. | 9.8 |
2017-04-11 | CVE-2016-4483 | Deserialization of Untrusted Data vulnerability in multiple products The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute value, related to serialization. | 7.5 |
2017-04-06 | CVE-2016-8735 | Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. | 9.8 |