A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.

Oracle Databases running on Windows XP with Simple File Sharing enabled, allows remote attackers to bypass authentication by supplying a valid username.

Stack-based buffer overflow in Oracle Net Services for Oracle Database Server 9i release 2 and earlier allows attackers to execute arbitrary code via a "CREATE DATABASE LINK" query containing a connect string with a long USING parameter.

Denial of service in Oracle TNSLSNR SQL*Net Listener via a malformed string to the listener port, aka NERP.

dbsnmp in Oracle Intelligent Agent allows local users to gain privileges by setting the ORACLE_HOME environmental variable, which dbsnmp uses to find the nmiconf.tcl script.