Vulnerabilities > Oracle > Enterprise Repository

DATE CVE VULNERABILITY TITLE RISK
2019-10-16 CVE-2019-2904 Unspecified vulnerability in Oracle products
Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware (component: ADF Faces).
network
low complexity
oracle
critical
9.8
2019-05-28 CVE-2019-0188 XXE vulnerability in multiple products
Apache Camel prior to 2.24.0 contains an XML external entity injection (XXE) vulnerability (CWE-611) due to using an outdated vulnerable JSON-lib library.
network
low complexity
oracle apache CWE-611
7.5
2019-03-28 CVE-2019-0222 In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive.
network
low complexity
apache netapp oracle debian
7.5
2018-10-17 CVE-2018-3246 Unspecified vulnerability in Oracle products
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services).
network
low complexity
oracle
7.5
2018-09-10 CVE-2018-11775 Improper Certificate Validation vulnerability in multiple products
TLS hostname verification when using the Apache ActiveMQ Client before 5.15.6 was missing which could make the client vulnerable to a MITM attack between a Java application using the ActiveMQ client and the ActiveMQ server.
network
high complexity
apache oracle CWE-295
7.4
2018-07-09 CVE-2018-1000613 Unsafe Reflection vulnerability in multiple products
Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code.
network
low complexity
bouncycastle netapp opensuse oracle CWE-470
critical
9.8
2018-06-05 CVE-2018-1000180 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected.
network
low complexity
bouncycastle debian oracle netapp redhat CWE-327
7.5
2018-05-24 CVE-2018-8013 Deserialization of Untrusted Data vulnerability in multiple products
In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class.
network
low complexity
apache debian canonical oracle CWE-502
critical
9.8
2018-05-11 CVE-2018-1258 Incorrect Authorization vulnerability in multiple products
Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security.
8.8
2017-08-08 CVE-2017-10048 Unspecified vulnerability in Oracle Enterprise Repository 11.1.1.7.0/12.1.3.0.0
Vulnerability in the Oracle Enterprise Repository component of Oracle Fusion Middleware (subcomponent: Web Interface).
network
low complexity
oracle
8.2