Vulnerabilities > Critical

DATE CVE VULNERABILITY TITLE RISK
2016-01-21 CVE-2016-0499 Remote Security vulnerability in Oracle Database Server 11.2.0.4/12.1.0.1/12.1.0.2
Unspecified vulnerability in the Java VM component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-4794.
network
low complexity
oracle
critical
9.0
2016-01-21 CVE-2016-0494 Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
network
low complexity
canonical oracle
critical
10.0
2016-01-21 CVE-2016-0483 Unspecified vulnerability in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT.
network
low complexity
oracle canonical
critical
10.0
2016-01-21 CVE-2016-0452 Arbitrary File Upload vulnerability in Oracle Goldengate 11.2/12.1.2
Unspecified vulnerability in the Oracle GoldenGate component in Oracle GoldenGate 11.2 and 12.1.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2016-0451.
network
low complexity
oracle
critical
10.0
2016-01-21 CVE-2016-0451 Arbitrary File Upload vulnerability in Oracle Goldengate 11.2/12.1.2
Unspecified vulnerability in the Oracle GoldenGate component in Oracle GoldenGate 11.2 and 12.1.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2016-0452.
network
low complexity
oracle
critical
10.0
2016-01-19 CVE-2015-8617 Use of Externally-Controlled Format String vulnerability in PHP 7.0.1
Format string vulnerability in the zend_throw_or_error function in Zend/zend_execute_API.c in PHP 7.x before 7.0.1 allows remote attackers to execute arbitrary code via format string specifiers in a string that is misused as a class name, leading to incorrect error handling.
network
low complexity
php CWE-134
critical
10.0
2016-01-16 CVE-2016-1142 OS Command Injection vulnerability in Seeds Acmailer
Seeds acmailer before 3.8.21 and 3.9.x before 3.9.15 Beta allows remote authenticated users to execute arbitrary OS commands via unspecified vectors.
network
low complexity
seeds CWE-78
critical
9.0
2016-01-15 CVE-2016-1909 Permissions, Privileges, and Access Controls vulnerability in Fortinet Fortios
Fortinet FortiAnalyzer before 5.0.12 and 5.2.x before 5.2.5; FortiSwitch 3.3.x before 3.3.3; FortiCache 3.0.x before 3.0.8; and FortiOS 4.1.x before 4.1.11, 4.2.x before 4.2.16, 4.3.x before 4.3.17 and 5.0.x before 5.0.8 have a hardcoded passphrase for the Fortimanager_Access account, which allows remote attackers to obtain administrative access via an SSH session.
network
low complexity
fortinet CWE-264
critical
10.0
2016-01-15 CVE-2016-0860 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Advantech Webaccess
Buffer overflow in the BwpAlarm subsystem in Advantech WebAccess before 8.1 allows remote attackers to cause a denial of service via a crafted RPC request.
network
low complexity
advantech CWE-119
critical
10.0
2016-01-15 CVE-2016-0859 Numeric Errors vulnerability in Advantech Webaccess
Integer overflow in the Kernel service in Advantech WebAccess before 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted RPC request.
network
low complexity
advantech CWE-189
critical
10.0