Vulnerabilities > Oracle > Critical

DATE CVE VULNERABILITY TITLE RISK
2017-03-11 CVE-2017-5638 Improper Handling of Exceptional Conditions vulnerability in multiple products
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string.
network
low complexity
apache ibm lenovo hp oracle arubanetworks netapp CWE-755
critical
9.8
2017-01-30 CVE-2017-5611 SQL Injection vulnerability in multiple products
SQL injection vulnerability in wp-includes/class-wp-query.php in WP_Query in WordPress before 4.7.2 allows remote attackers to execute arbitrary SQL commands by leveraging the presence of an affected plugin or theme that mishandles a crafted post type name.
network
low complexity
wordpress debian oracle CWE-89
critical
9.8
2017-01-27 CVE-2017-3324 Unspecified vulnerability in Oracle Primavera P6 Enterprise Project Portfolio Management
Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Web Access).
network
low complexity
oracle
critical
10.0
2017-01-27 CVE-2017-3310 Unspecified vulnerability in Oracle Database 11.2.0.4/12.1.0.2
Vulnerability in the OJVM component of Oracle Database Server.
network
low complexity
oracle
critical
9.0
2017-01-27 CVE-2017-3289 Unspecified vulnerability in Oracle JDK and JRE
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot).
network
low complexity
oracle
critical
9.6
2017-01-27 CVE-2017-3272 Unspecified vulnerability in Oracle JDK and JRE
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries).
network
low complexity
oracle
critical
9.6
2017-01-27 CVE-2017-3266 Unspecified vulnerability in Oracle Outside in Technology 8.5.2/8.5.3
Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters).
network
low complexity
oracle
critical
9.8
2017-01-27 CVE-2017-3248 Unspecified vulnerability in Oracle Weblogic Server
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Core Components).
network
low complexity
oracle
critical
9.8
2017-01-27 CVE-2017-3241 Improper Input Validation vulnerability in Oracle Jdk, JRE and Jrockit
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: RMI).
network
high complexity
oracle CWE-20
critical
9.0
2017-01-27 CVE-2016-8325 Improper Access Control vulnerability in Oracle One-To-One Fulfillment
Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: Internal Operations).
network
low complexity
oracle CWE-284
critical
9.1