Vulnerabilities > Oracle > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-06-07 CVE-2016-4962 Permissions, Privileges, and Access Controls vulnerability in multiple products
The libxl device-handling in Xen 4.6.x and earlier allows local OS guest administrators to cause a denial of service (resource consumption or management facility confusion) or gain host OS privileges by manipulating information in guest controlled areas of xenstore.
local
low complexity
oracle xen CWE-264
6.7
2016-05-23 CVE-2016-4581 fs/pnode.c in the Linux kernel before 4.5.4 does not properly traverse a mount propagation tree in a certain case involving a slave mount, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted series of mount system calls.
local
low complexity
canonical linux oracle
5.5
2016-05-16 CVE-2015-3152 Improper Certificate Validation vulnerability in multiple products
Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3, and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, aka a "BACKRONYM" attack.
network
high complexity
oracle mariadb fedoraproject debian redhat php CWE-295
5.9
2016-05-11 CVE-2016-3712 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode.
5.5
2016-05-05 CVE-2016-3718 Server-Side Request Forgery (SSRF) vulnerability in multiple products
The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image.
5.5
2016-05-05 CVE-2016-3715 The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image. 5.5
2016-04-25 CVE-2016-4085 Improper Input Validation vulnerability in multiple products
Stack-based buffer overflow in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.12.x before 1.12.11 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long string in a packet.
network
high complexity
oracle debian wireshark CWE-20
5.9
2016-04-25 CVE-2016-4082 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
epan/dissectors/packet-gsm_cbch.c in the GSM CBCH dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 uses the wrong variable to index an array, which allows remote attackers to cause a denial of service (out-of-bounds access and application crash) via a crafted packet.
network
high complexity
wireshark debian oracle CWE-119
5.9
2016-04-25 CVE-2016-4079 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not verify BER identifiers, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) via a crafted packet.
network
high complexity
debian oracle wireshark CWE-119
5.9
2016-04-21 CVE-2016-3465 Unspecified vulnerability in Oracle Solaris 11.3
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect availability via vectors related to ZFS.
local
low complexity
oracle
5.5