Vulnerabilities > Oracle > High

DATE CVE VULNERABILITY TITLE RISK
2019-11-28 CVE-2019-18276 Improper Check for Dropped Privileges vulnerability in multiple products
An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11.
local
low complexity
gnu netapp oracle CWE-273
7.8
2019-11-26 CVE-2019-16255 Code Injection vulnerability in multiple products
Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument (aka the "command" argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data.
network
high complexity
ruby-lang debian opensuse oracle CWE-94
8.1
2019-11-25 CVE-2019-19244 sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage.
network
low complexity
sqlite canonical oracle siemens
7.5
2019-11-25 CVE-2019-14822 Missing Authorization vulnerability in multiple products
A flaw was discovered in ibus in versions before 1.5.22 that allows any unprivileged user to monitor and send method calls to the ibus bus of another user due to a misconfiguration in the DBus server setup.
local
low complexity
ibus-project redhat canonical oracle CWE-862
7.1
2019-11-18 CVE-2019-19052 Memory Leak vulnerability in multiple products
A memory leak in the gs_can_open() function in drivers/net/can/usb/gs_usb.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-fb5be6a7b486.
7.5
2019-10-29 CVE-2019-0210 Out-of-bounds Read vulnerability in multiple products
In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with invalid input data.
network
low complexity
apache redhat oracle CWE-125
7.5
2019-10-29 CVE-2019-0205 Infinite Loop vulnerability in multiple products
In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data.
network
low complexity
apache redhat oracle CWE-835
7.5
2019-10-16 CVE-2019-3028 Unspecified vulnerability in Oracle VM Virtualbox
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).
local
low complexity
oracle
8.8
2019-10-16 CVE-2019-3017 Unspecified vulnerability in Oracle VM Virtualbox
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).
local
low complexity
oracle
8.2
2019-10-16 CVE-2019-3010 Unspecified vulnerability in Oracle Solaris 11
Vulnerability in the Oracle Solaris product of Oracle Systems (component: XScreenSaver).
local
low complexity
oracle
8.8