← Back

Virtual Desktop Infrastructure

virtual_desktop_infrastructure

Vendor: Oracle • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2015-4852
1Oracle
3Storagetek Tape Analytics Sw Tool
Virtual Desktop InfrastructureWeblogic Server
Apr 21, 2026
Nov 18, 2015
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to execute arbitrary commands via a crafted serialized Java object in T3 protocol traffic to TCP por...Show more
The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to execute arbitrary commands via a crafted serialized Java object in T3 protocol traffic to TCP port 7001, related to oracle_common/modules/com.bea.core.apache.commons.collections.jar. NOTE: the scope of this CVE is limited to the WebLogic Server product.Show less
CVE-2015-7940
3Bouncycastle
OpensuseOracle
7Application Testing Suite
Bouncy Castle Crypto PackageEnterprise Manager Ops Center+4 more
May 6, 2026
Nov 9, 2015
N/A· v4
N/A· v3
5.0 MEDIUM· v2
The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman...Show more
The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman (ECDH) key exchanges, aka an "invalid curve attack."Show less