The first concerns the SSL protocol used in Oracle's 8i and 9i Database Server, Oracle 9i Application Server, and versions 8 and 9 of the Oracle HTTP Server.
Oracle has rated the risk as "high" and warned that any client software that can access an affected Oracle server could exploit the hole. The firm urged users to install a patch from the Oracle Technology Network website.
The second security issue concerns website spoofing on Internet Explorer. According to information published on the Secunia website, by adding special ASCI codes to a URL, a hacker can control the web address displayed in a user's Internet Explorer URL address bar.
Secunia said, "This can be exploited to trick users into divulging sensitive information or download and execute malware on their systems, because they trust the faked web address."
The company provided an example of how this could be exploited by spoofing the Microsoft website.
Microsoft said it would be investigating the security hole.
Yuletide security warning >>