Vulnerabilities > Oracle > High

DATE CVE VULNERABILITY TITLE RISK
2016-04-21 CVE-2016-0681 Unspecified vulnerability in Oracle Olap 11.2.0.4/12.1.0.1/12.1.0.2
Unspecified vulnerability in the Oracle OLAP component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows local users to affect confidentiality, integrity, and availability via unspecified vectors.
local
low complexity
oracle
7.8
2016-04-21 CVE-2016-0679 Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote authenticated users to affect integrity and availability via vectors related to PIA Grids.
network
low complexity
oracle
8.7
2016-04-19 CVE-2016-3960 Integer overflow in the x86 shadow pagetable code in Xen allows local guest OS users to cause a denial of service (host crash) or possibly gain privileges by shadowing a superpage mapping.
local
low complexity
xen fedoraproject oracle
8.8
2016-04-08 CVE-2016-2381 Improper Input Validation vulnerability in multiple products
Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.
network
low complexity
perl debian oracle opensuse canonical CWE-20
7.5
2016-04-07 CVE-2016-1714 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The (1) fw_cfg_write and (2) fw_cfg_read functions in hw/nvram/fw_cfg.c in QEMU before 2.4, when built with the Firmware Configuration device emulation support, allow guest OS users with the CAP_SYS_RAWIO privilege to cause a denial of service (out-of-bounds read or write access and process crash) or possibly execute arbitrary code via an invalid current entry value in a firmware configuration.
local
high complexity
redhat oracle qemu CWE-119
8.1
2016-03-24 CVE-2016-0636 Unspecified vulnerability in Oracle Java SE 7u97, 8u73, and 8u74 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to the Hotspot sub-component.
network
high complexity
redhat oracle
8.1
2016-03-13 CVE-2016-2802 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The graphite2::TtfUtil::CmapSubtable4NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.
network
low complexity
mozilla suse opensuse sil oracle CWE-119
8.8
2016-03-13 CVE-2016-2801 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The graphite2::TtfUtil::CmapSubtable12Lookup function in TtfUtil.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2797.
network
low complexity
suse opensuse sil oracle mozilla CWE-119
8.8
2016-03-13 CVE-2016-2800 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2792.
network
low complexity
mozilla suse opensuse oracle sil CWE-119
8.8
2016-03-13 CVE-2016-2799 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Heap-based buffer overflow in the graphite2::Slot::setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite smart font.
network
low complexity
oracle suse opensuse mozilla sil CWE-119
8.8