Vulnerabilities (CVE)

Filtered by vendor Oracle Subscribe
Filtered by product Virtual Desktop Infrastructure
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-7940 3 Bouncycastle, Opensuse, Oracle 7 Bouncy Castle Crypto Package, Leap, Opensuse and 4 more 2024-11-21 5.0 MEDIUM N/A
The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman (ECDH) key exchanges, aka an "invalid curve attack."
CVE-2015-4852 1 Oracle 3 Storagetek Tape Analytics Sw Tool, Virtual Desktop Infrastructure, Weblogic Server 2024-11-21 7.5 HIGH 9.8 CRITICAL
The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to execute arbitrary commands via a crafted serialized Java object in T3 protocol traffic to TCP port 7001, related to oracle_common/modules/com.bea.core.apache.commons.collections.jar. NOTE: the scope of this CVE is limited to the WebLogic Server product.