Vulnerabilities > Oracle > Critical

DATE CVE VULNERABILITY TITLE RISK
2017-01-27 CVE-2016-5528 Unspecified vulnerability in Oracle Glassfish Server 2.1.1/3.0.1/3.1.2
Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Security).
network
high complexity
oracle
critical
9.0
2016-12-13 CVE-2016-5841 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in MagickCore/profile.c in ImageMagick before 7.0.2-1 allows remote attackers to cause a denial of service (segmentation fault) or possibly execute arbitrary code via vectors involving the offset variable.
network
low complexity
imagemagick oracle CWE-190
critical
9.8
2016-12-13 CVE-2016-5691 Improper Input Validation vulnerability in multiple products
The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of validation of (1) pixel.red, (2) pixel.green, and (3) pixel.blue.
network
low complexity
oracle imagemagick CWE-20
critical
9.8
2016-12-13 CVE-2016-5690 NULL Pointer Dereference vulnerability in multiple products
The ReadDCMImage function in DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact via vectors involving the for statement in computing the pixel scaling table.
network
low complexity
oracle imagemagick CWE-476
critical
9.8
2016-12-13 CVE-2016-5689 NULL Pointer Dereference vulnerability in multiple products
The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of NULL pointer checks.
network
low complexity
oracle imagemagick CWE-476
critical
9.8
2016-12-13 CVE-2016-5687 Out-of-bounds Read vulnerability in multiple products
The VerticalFilter function in the DDS coder in ImageMagick before 6.9.4-3 and 7.x before 7.0.1-4 allows remote attackers to have unspecified impact via a crafted DDS file, which triggers an out-of-bounds read.
network
low complexity
imagemagick oracle CWE-125
critical
9.8
2016-10-25 CVE-2016-5605 Improper Access Control vulnerability in Oracle VM Virtualbox
Unspecified vulnerability in the Oracle VM VirtualBox component before 5.1.4 in Oracle Virtualization allows remote attackers to affect confidentiality and integrity via vectors related to VRDE.
network
low complexity
oracle CWE-284
critical
9.1
2016-10-25 CVE-2016-5599 Improper Access Control vulnerability in Oracle Advanced Supply Chain Planning 12.2.3/12.2.4/12.2.5
Unspecified vulnerability in the Oracle Advanced Supply Chain Planning component in Oracle Supply Chain Products Suite 12.2.3 through 12.2.5 allows remote attackers to affect confidentiality and integrity via vectors related to MscObieeSrvlt.
network
low complexity
oracle CWE-284
critical
9.1
2016-10-25 CVE-2016-5582 Improper Access Control vulnerability in Oracle JDK and JRE
Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot, a different vulnerability than CVE-2016-5573.
network
low complexity
oracle CWE-284
critical
9.6
2016-10-25 CVE-2016-5580 Improper Access Control vulnerability in Oracle Secure Global Desktop 4.7/5.2
Unspecified vulnerability in the Secure Global Desktop component in Oracle Virtualization 4.7 and 5.2 allows remote authenticated users to affect confidentiality and availability via vectors through Web Services.
network
low complexity
oracle CWE-284
critical
9.6