Vulnerabilities > Oracle > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-04-24 | CVE-2017-3549 | SQL Injection vulnerability in Oracle Scripting Vulnerability in the Oracle Scripting component of Oracle E-Business Suite (subcomponent: Scripting Administration). | 9.1 |
2017-04-24 | CVE-2017-3510 | Unspecified vulnerability in Oracle Solaris 11.3 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel Zones virtualized NIC driver). | 9.6 |
2017-04-24 | CVE-2017-3508 | Unspecified vulnerability in Oracle Primavera Gateway Vulnerability in the Primavera Gateway component of Oracle Primavera Products Suite (subcomponent: Primavera Desktop Integration). | 9.1 |
2017-04-24 | CVE-2017-3503 | Unspecified vulnerability in Oracle Primavera P6 Enterprise Project Portfolio Management Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Web Access (Apache Commons BeanUtils)). | 9.9 |
2017-04-24 | CVE-2017-3234 | Unspecified vulnerability in Oracle Automatic Service Request Vulnerability in the Automatic Service Request (ASR) component of Oracle Support Tools (subcomponent: ASR Manager). | 9.8 |
2017-04-17 | CVE-2017-5645 | Deserialization of Untrusted Data vulnerability in multiple products In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code. | 9.8 |
2017-04-14 | CVE-2016-10328 | Out-of-bounds Write vulnerability in multiple products FreeType 2 before 2016-12-16 has an out-of-bounds write caused by a heap-based buffer overflow related to the cff_parser_run function in cff/cffparse.c. | 9.8 |
2017-04-11 | CVE-2016-1908 | Improper Authentication vulnerability in multiple products The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding privileges by leveraging configuration issues on this X11 server, as demonstrated by lack of the SECURITY extension on this X11 server. | 9.8 |
2017-04-06 | CVE-2016-8735 | Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. | 9.8 |
2017-04-06 | CVE-2015-8965 | Permissions, Privileges, and Access Controls vulnerability in multiple products Rogue Wave JViews before 8.8 patch 21 and 8.9 before patch 1 allows remote attackers to execute arbitrary Java code that exists in the classpath, such as test code or administration code. | 9.8 |