Vulnerabilities > Oracle > Enterprise Repository > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-09-10 CVE-2020-11998 A regression has been introduced in the commit preventing JMX re-bind.
network
low complexity
apache oracle
critical
9.8
2019-10-16 CVE-2019-2904 Unspecified vulnerability in Oracle products
Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware (component: ADF Faces).
network
low complexity
oracle
critical
9.8
2018-07-09 CVE-2018-1000613 Unsafe Reflection vulnerability in multiple products
Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code.
network
low complexity
bouncycastle netapp opensuse oracle CWE-470
critical
9.8
2018-05-24 CVE-2018-8013 Deserialization of Untrusted Data vulnerability in multiple products
In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class.
network
low complexity
apache debian canonical oracle CWE-502
critical
9.8