Vulnerabilities > Oracle > High

DATE CVE VULNERABILITY TITLE RISK
2016-05-02 CVE-2016-2117 Information Exposure vulnerability in multiple products
The atl2_probe function in drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel through 4.5.2 incorrectly enables scatter/gather I/O, which allows remote attackers to obtain sensitive information from kernel memory by reading packet data.
network
low complexity
oracle canonical linux CWE-200
7.5
2016-04-27 CVE-2016-2143 Improper Input Validation vulnerability in multiple products
The fork implementation in the Linux kernel before 4.5 on s390 platforms mishandles the case of four page-table levels, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted application, related to arch/s390/include/asm/mmu_context.h and arch/s390/include/asm/pgalloc.h.
local
low complexity
linux debian redhat oracle CWE-20
7.8
2016-04-26 CVE-2016-3081 Command Injection vulnerability in multiple products
Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via method: prefix, related to chained expressions.
network
high complexity
apache oracle CWE-77
8.1
2016-04-25 CVE-2016-4054 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Buffer overflow in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allows remote attackers to execute arbitrary code via crafted Edge Side Includes (ESI) responses.
network
high complexity
canonical squid-cache oracle CWE-119
8.1
2016-04-25 CVE-2016-4051 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Buffer overflow in cachemgr.cgi in Squid 2.x, 3.x before 3.5.17, and 4.x before 4.0.9 might allow remote attackers to cause a denial of service or execute arbitrary code by seeding manager reports with crafted data.
network
low complexity
canonical oracle squid-cache CWE-119
8.8
2016-04-21 CVE-2016-3461 Unspecified vulnerability in Oracle Mysql Enterprise Monitor 3.0.25/3.1.2
Unspecified vulnerability in the MySQL Enterprise Monitor component in Oracle MySQL 3.0.25 and earlier and 3.1.2 and earlier allows remote administrators to affect confidentiality, integrity, and availability via vectors related to Monitoring: Server.
network
low complexity
oracle
7.2
2016-04-21 CVE-2016-3456 Unspecified vulnerability in Oracle Complex Maintenance Repair and Overhaul 12.1.1/12.1.2/12.1.3
Unspecified vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul component in Oracle Supply Chain Products Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Dialog Box.
network
low complexity
oracle
8.2
2016-04-21 CVE-2016-3455 Unspecified vulnerability in Oracle Outside in Technology 8.5.0/8.5.1/8.5.2
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters.
network
low complexity
oracle
8.6
2016-04-21 CVE-2016-3449 Unspecified vulnerability in Oracle JDK and JRE
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Deployment.
network
high complexity
oracle
8.3
2016-04-21 CVE-2016-3441 Unspecified vulnerability in Oracle Solaris 10/11.3
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect confidentiality, integrity, and availability via vectors related to Filesystem.
local
low complexity
oracle
7.8