Vulnerabilities > Oracle > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-03-11 | CVE-2017-5638 | Improper Handling of Exceptional Conditions vulnerability in multiple products The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string. | 9.8 |
2017-01-30 | CVE-2017-5611 | SQL Injection vulnerability in multiple products SQL injection vulnerability in wp-includes/class-wp-query.php in WP_Query in WordPress before 4.7.2 allows remote attackers to execute arbitrary SQL commands by leveraging the presence of an affected plugin or theme that mishandles a crafted post type name. | 9.8 |
2017-01-27 | CVE-2017-3324 | Unspecified vulnerability in Oracle Primavera P6 Enterprise Project Portfolio Management Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Web Access). | 10.0 |
2017-01-27 | CVE-2017-3310 | Unspecified vulnerability in Oracle Database 11.2.0.4/12.1.0.2 Vulnerability in the OJVM component of Oracle Database Server. | 9.0 |
2017-01-27 | CVE-2017-3289 | Unspecified vulnerability in Oracle JDK and JRE Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). | 9.6 |
2017-01-27 | CVE-2017-3272 | Unspecified vulnerability in Oracle JDK and JRE Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). | 9.6 |
2017-01-27 | CVE-2017-3266 | Unspecified vulnerability in Oracle Outside in Technology 8.5.2/8.5.3 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). | 9.8 |
2017-01-27 | CVE-2017-3248 | Unspecified vulnerability in Oracle Weblogic Server Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Core Components). | 9.8 |
2017-01-27 | CVE-2017-3241 | Improper Input Validation vulnerability in Oracle Jdk, JRE and Jrockit Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: RMI). | 9.0 |
2017-01-27 | CVE-2016-8325 | Improper Access Control vulnerability in Oracle One-To-One Fulfillment Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: Internal Operations). | 9.1 |