Vulnerabilities > Oracle > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-07-17 | CVE-2017-1000030 | Improper Authentication vulnerability in Oracle Glassfish Server 3.0.1 Oracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to Java Key Store Password Disclosure vulnerability, that makes it possible to provide an unauthenticated attacker plain text password of administrative user and grant access to the web-based administration interface. | 5.0 |
| 2017-07-17 | CVE-2017-1000029 | Information Exposure vulnerability in Oracle Glassfish Server 3.0.1 Oracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to Local File Inclusion vulnerability, that makes it possible to include arbitrary files on the server, this vulnerability can be exploited without any prior authentication. | 5.0 |
| 2017-07-17 | CVE-2017-1000028 | Path Traversal vulnerability in Oracle Glassfish Server 4.1 Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated Directory Traversal vulnerability, that can be exploited by issuing a specially crafted HTTP GET request. | 5.0 |
| 2017-06-22 | CVE-2017-3631 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Oracle Solaris 11 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). | 4.6 |
| 2017-06-22 | CVE-2017-3630 | Out-of-bounds Write vulnerability in Oracle Solaris 10/11 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). | 4.6 |
| 2017-05-29 | CVE-2017-9287 | Double Free vulnerability in multiple products servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability. | 4.0 |
| 2017-05-04 | CVE-2017-3730 | NULL Pointer Dereference vulnerability in multiple products In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash. | 5.0 |
| 2017-04-25 | CVE-2017-3434 | Remote Security vulnerability in Oracle One-To-One Fulfillment 12.1.1/12.1.2/12.1.3 Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: Audience workbench). network oracle | 6.8 |
| 2017-04-25 | CVE-2017-3356 | Remote Security vulnerability in Oracle E-Business Suite Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). network oracle | 6.8 |
| 2017-04-25 | CVE-2017-3355 | Remote Security vulnerability in Oracle E-Business Suite Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). network oracle | 6.8 |