Vulnerabilities > Oracle > Critical

DATE CVE VULNERABILITY TITLE RISK
2017-04-24 CVE-2017-3549 SQL Injection vulnerability in Oracle Scripting
Vulnerability in the Oracle Scripting component of Oracle E-Business Suite (subcomponent: Scripting Administration).
network
low complexity
oracle CWE-89
critical
9.1
2017-04-24 CVE-2017-3510 Unspecified vulnerability in Oracle Solaris 11.3
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel Zones virtualized NIC driver).
network
low complexity
oracle
critical
9.6
2017-04-24 CVE-2017-3508 Unspecified vulnerability in Oracle Primavera Gateway
Vulnerability in the Primavera Gateway component of Oracle Primavera Products Suite (subcomponent: Primavera Desktop Integration).
network
low complexity
oracle
critical
9.1
2017-04-24 CVE-2017-3503 Unspecified vulnerability in Oracle Primavera P6 Enterprise Project Portfolio Management
Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Web Access (Apache Commons BeanUtils)).
network
low complexity
oracle
critical
9.9
2017-04-24 CVE-2017-3234 Unspecified vulnerability in Oracle Automatic Service Request
Vulnerability in the Automatic Service Request (ASR) component of Oracle Support Tools (subcomponent: ASR Manager).
network
low complexity
oracle
critical
9.8
2017-04-17 CVE-2017-5645 Deserialization of Untrusted Data vulnerability in multiple products
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.
network
low complexity
apache netapp redhat oracle CWE-502
critical
9.8
2017-04-14 CVE-2016-10328 Out-of-bounds Write vulnerability in multiple products
FreeType 2 before 2016-12-16 has an out-of-bounds write caused by a heap-based buffer overflow related to the cff_parser_run function in cff/cffparse.c.
network
low complexity
freetype oracle CWE-787
critical
9.8
2017-04-11 CVE-2016-1908 Improper Authentication vulnerability in multiple products
The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding privileges by leveraging configuration issues on this X11 server, as demonstrated by lack of the SECURITY extension on this X11 server.
network
low complexity
openbsd debian oracle redhat CWE-287
critical
9.8
2017-04-06 CVE-2016-8735 Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports.
network
low complexity
apache canonical netapp debian redhat oracle
critical
9.8
2017-04-06 CVE-2015-8965 Permissions, Privileges, and Access Controls vulnerability in multiple products
Rogue Wave JViews before 8.8 patch 21 and 8.9 before patch 1 allows remote attackers to execute arbitrary Java code that exists in the classpath, such as test code or administration code.
network
low complexity
perforce oracle CWE-264
critical
9.8