Vulnerabilities > Oracle > High

DATE CVE VULNERABILITY TITLE RISK
2017-10-04 CVE-2017-12617 Unrestricted Upload of File with Dangerous Type vulnerability in multiple products
When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g.
network
high complexity
apache canonical oracle debian netapp redhat CWE-434
8.1
8.1
2017-08-11 CVE-2016-6796 A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 was able to bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet.
network
low complexity
apache debian netapp canonical oracle redhat
7.5
7.5
2017-08-10 CVE-2016-6797 Incorrect Authorization vulnerability in multiple products
The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked to the web application.
network
low complexity
apache oracle debian netapp canonical redhat CWE-863
7.5
7.5
2017-08-08 CVE-2017-10246 Unspecified vulnerability in Oracle Application Object Library
Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: iHelp).
network
low complexity
oracle
8.2
8.2
2017-08-08 CVE-2017-10245 Unspecified vulnerability in Oracle General Ledger
Vulnerability in the Oracle General Ledger component of Oracle E-Business Suite (subcomponent: Account Hierarchy Manager).
network
low complexity
oracle
7.5
7.5
2017-08-08 CVE-2017-10242 Unspecified vulnerability in Oracle VM Virtualbox
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core).
local
low complexity
oracle
7.3
7.3
2017-08-08 CVE-2017-10241 Unspecified vulnerability in Oracle VM Virtualbox
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core).
local
low complexity
oracle
7.3
7.3
2017-08-08 CVE-2017-10240 Unspecified vulnerability in Oracle VM Virtualbox
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core).
local
low complexity
oracle
7.3
7.3
2017-08-08 CVE-2017-10239 Unspecified vulnerability in Oracle VM Virtualbox
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core).
local
low complexity
oracle
7.3
7.3
2017-08-08 CVE-2017-10238 Unspecified vulnerability in Oracle VM Virtualbox
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core).
local
low complexity
oracle
7.3
7.3