Vulnerabilities > Oracle > Critical

DATE CVE VULNERABILITY TITLE RISK
2018-03-14 CVE-2018-1000120 Out-of-bounds Write vulnerability in multiple products
A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 in the FTP URL handling that allows an attacker to cause a denial of service or worse.
network
low complexity
debian canonical haxx redhat oracle CWE-787
critical
9.8
2018-02-26 CVE-2018-7489 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw.
network
low complexity
fasterxml debian oracle redhat CWE-502
critical
9.8
2018-02-22 CVE-2018-7318 SQL Injection vulnerability in multiple products
SQL Injection exists in the CheckList 1.1.1 component for Joomla! via the title_search, tag_search, name_search, description_search, or filter_order parameter.
network
low complexity
belitsoft oracle CWE-89
critical
9.8
2018-02-06 CVE-2017-7525 A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.
network
low complexity
fasterxml debian netapp redhat oracle
critical
9.8
2018-02-06 CVE-2017-15095 Deserialization of Untrusted Data vulnerability in multiple products
A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.
network
low complexity
fasterxml debian redhat netapp oracle CWE-502
critical
9.8
2018-02-01 CVE-2018-6485 Integer Overflow or Wraparound vulnerability in multiple products
An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption.
network
low complexity
gnu redhat oracle netapp CWE-190
critical
9.8
2018-01-29 CVE-2017-1000353 Deserialization of Untrusted Data vulnerability in multiple products
Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an unauthenticated remote code execution.
network
low complexity
jenkins oracle CWE-502
critical
9.8
2018-01-18 CVE-2018-2697 Unspecified vulnerability in Oracle Hospitality Cruise Fleet Management 9.0.4.0
Vulnerability in the Oracle Hospitality Cruise Fleet Management component of Oracle Hospitality Applications (subcomponent: Emergency Response System).
network
low complexity
oracle
critical
9.1
2018-01-18 CVE-2018-2664 Unspecified vulnerability in Oracle SUN ZFS Storage Appliance KIT 8.6/8.7.0
Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: User Interface).
network
high complexity
oracle
critical
9.0
2018-01-18 CVE-2018-2656 Unspecified vulnerability in Oracle E-Business Suite
Vulnerability in the Oracle General Ledger component of Oracle E-Business Suite (subcomponent: Data Manager Server).
network
low complexity
oracle
critical
9.1