Vulnerabilities > Oracle > Critical

DATE CVE VULNERABILITY TITLE RISK
2016-06-20 CVE-2016-2177 Integer Overflow or Wraparound vulnerability in multiple products
OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3_srvr.c, ssl_sess.c, and t1_lib.c.
network
low complexity
hp openssl oracle CWE-190
critical
9.8
2016-06-10 CVE-2016-5118 The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename.
network
low complexity
graphicsmagick suse oracle opensuse canonical debian imagemagick
critical
9.8
2016-06-09 CVE-2016-4448 Use of Externally-Controlled Format String vulnerability in multiple products
Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors.
network
low complexity
hp apple xmlsoft redhat slackware oracle tenable mcafee CWE-134
critical
9.8
2016-05-16 CVE-2015-4643 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow.
network
low complexity
php debian redhat oracle CWE-119
critical
9.8
2016-04-21 CVE-2016-3466 Unspecified vulnerability in Oracle Field Service 12.1.1/12.1.2/12.1.3
Unspecified vulnerability in the Oracle Field Service component in Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Wireless.
network
low complexity
oracle
critical
9.1
2016-04-21 CVE-2016-3454 Unspecified vulnerability in Oracle Database 11.2.0.4/12.1.0.1/12.1.0.2
Unspecified vulnerability in the Java VM component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
network
high complexity
oracle
critical
9.0
2016-04-21 CVE-2016-3443 Unspecified vulnerability in Oracle JDK and JRE
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to 2D.
network
low complexity
oracle
critical
9.6
2016-04-21 CVE-2016-3427 Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.
network
low complexity
oracle canonical debian netapp apache redhat suse opensuse
critical
9.8
2016-04-21 CVE-2016-0699 Unspecified vulnerability in Oracle Flexcube Direct Banking 12.0.2/12.0.3
Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 12.0.2 and 12.0.3 allows remote attackers to affect confidentiality and integrity via vectors related to the Login sub-component.
network
low complexity
oracle
critical
9.1
2016-04-21 CVE-2016-0693 Unspecified vulnerability in Oracle Solaris 10/11.3
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to the PAM LDAP module.
network
low complexity
oracle
critical
9.8