Vulnerabilities > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2016-01-21 | CVE-2016-0499 | Remote Security vulnerability in Oracle Database Server 11.2.0.4/12.1.0.1/12.1.0.2 Unspecified vulnerability in the Java VM component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-4794. | 9.0 |
2016-01-21 | CVE-2016-0494 | Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. | 10.0 |
2016-01-21 | CVE-2016-0483 | Unspecified vulnerability in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. | 10.0 |
2016-01-21 | CVE-2016-0452 | Arbitrary File Upload vulnerability in Oracle Goldengate 11.2/12.1.2 Unspecified vulnerability in the Oracle GoldenGate component in Oracle GoldenGate 11.2 and 12.1.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2016-0451. | 10.0 |
2016-01-21 | CVE-2016-0451 | Arbitrary File Upload vulnerability in Oracle Goldengate 11.2/12.1.2 Unspecified vulnerability in the Oracle GoldenGate component in Oracle GoldenGate 11.2 and 12.1.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2016-0452. | 10.0 |
2016-01-19 | CVE-2015-8617 | Use of Externally-Controlled Format String vulnerability in PHP 7.0.1 Format string vulnerability in the zend_throw_or_error function in Zend/zend_execute_API.c in PHP 7.x before 7.0.1 allows remote attackers to execute arbitrary code via format string specifiers in a string that is misused as a class name, leading to incorrect error handling. | 10.0 |
2016-01-16 | CVE-2016-1142 | OS Command Injection vulnerability in Seeds Acmailer Seeds acmailer before 3.8.21 and 3.9.x before 3.9.15 Beta allows remote authenticated users to execute arbitrary OS commands via unspecified vectors. | 9.0 |
2016-01-15 | CVE-2016-1909 | Permissions, Privileges, and Access Controls vulnerability in Fortinet Fortios Fortinet FortiAnalyzer before 5.0.12 and 5.2.x before 5.2.5; FortiSwitch 3.3.x before 3.3.3; FortiCache 3.0.x before 3.0.8; and FortiOS 4.1.x before 4.1.11, 4.2.x before 4.2.16, 4.3.x before 4.3.17 and 5.0.x before 5.0.8 have a hardcoded passphrase for the Fortimanager_Access account, which allows remote attackers to obtain administrative access via an SSH session. | 10.0 |
2016-01-15 | CVE-2016-0860 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Advantech Webaccess Buffer overflow in the BwpAlarm subsystem in Advantech WebAccess before 8.1 allows remote attackers to cause a denial of service via a crafted RPC request. | 10.0 |
2016-01-15 | CVE-2016-0859 | Numeric Errors vulnerability in Advantech Webaccess Integer overflow in the Kernel service in Advantech WebAccess before 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted RPC request. | 10.0 |