Vulnerabilities > Oracle > Database Server > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-03-13 CVE-2020-1953 Apache Commons Configuration uses a third-party library to parse YAML files which by default allows the instantiation of classes if the YAML includes special statements.
network
low complexity
apache oracle
critical
 10.0
10
2019-10-01 CVE-2019-16942 Deserialization of Untrusted Data vulnerability in multiple products
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10.
network
low complexity
fasterxml debian fedoraproject redhat netapp oracle CWE-502
critical
 9.8
9.8
2019-04-23 CVE-2019-2517 Unspecified vulnerability in Oracle Database Server 12.2.0.1/18C
Vulnerability in the Core RDBMS component of Oracle Database Server.
network
low complexity
oracle
critical
 9.1
9.1
2019-01-02 CVE-2018-14719 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization.
network
low complexity
fasterxml debian oracle redhat netapp CWE-502
critical
 9.8
9.8
2018-10-17 CVE-2018-3259 Unspecified vulnerability in Oracle Database Server
Vulnerability in the Java VM component of Oracle Database Server.
network
low complexity
oracle
critical
 9.8
9.8
2018-08-10 CVE-2018-3110 Unspecified vulnerability in Oracle Database Server
A vulnerability was discovered in the Java VM component of Oracle Database Server.
network
low complexity
oracle
critical
 9.9
9.9
2018-02-06 CVE-2017-15095 Deserialization of Untrusted Data vulnerability in multiple products
A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.
network
low complexity
fasterxml debian redhat netapp oracle CWE-502
critical
 9.8
9.8
2018-01-18 CVE-2017-10282 Unspecified vulnerability in Oracle Database Server 12.1.0.2/12.2.0.1
Vulnerability in the Core RDBMS component of Oracle Database Server.
network
low complexity
oracle
critical
 9.1
9.1
2017-05-23 CVE-2016-9841 inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
network
low complexity
zlib opensuse debian canonical oracle redhat apple netapp nodejs
critical
 9.8
9.8
2017-05-23 CVE-2016-9843 The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.
network
low complexity
zlib opensuse debian canonical oracle redhat apple netapp mariadb nodejs
critical
 9.8
9.8