Vulnerabilities > Oracle

DATE	CVE	VULNERABILITY TITLE	RISK
2020-01-24	CVE-2020-7226	Allocation of Resources Without Limits or Throttling vulnerability in multiple products CiphertextHeader.java in Cryptacular 1.2.3, as used in Apereo CAS and other products, allows attackers to trigger excessive memory allocation during a decode operation, because the nonce array length associated with "new byte" may depend on untrusted input within the header of encoded data. network low complexity vt oracle CWE-770	7.5
2020-01-22	CVE-2019-16792	HTTP Request Smuggling vulnerability in multiple products Waitress through version 1.3.1 allows request smuggling by sending the Content-Length header twice. network low complexity agendaless oracle debian CWE-444	7.5
2020-01-21	CVE-2020-7595	Infinite Loop vulnerability in multiple products xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation. network low complexity xmlsoft fedoraproject canonical debian siemens netapp oracle CWE-835	7.5
2020-01-21	CVE-2019-20388	Memory Leak vulnerability in multiple products xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak. network low complexity xmlsoft debian netapp oracle opensuse fedoraproject CWE-401	7.5
2020-01-17	CVE-2020-5397	Cross-Site Request Forgery (CSRF) vulnerability in multiple products Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC (spring-webmvc module) or Spring WebFlux (spring-webflux module) endpoints. network low complexity vmware oracle CWE-352	5.3
2020-01-17	CVE-2020-5398	Download of Code Without Integrity Check vulnerability in multiple products In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a "Content-Disposition" header in the response where the filename attribute is derived from user supplied input. network high complexity vmware oracle netapp CWE-494	7.5
2020-01-16	CVE-2019-17573	Cross-site Scripting vulnerability in multiple products By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. network low complexity apache oracle CWE-79	6.1
2020-01-16	CVE-2019-12423	Insufficiently Protected Credentials vulnerability in multiple products Apache CXF ships with a OpenId Connect JWK Keys service, which allows a client to obtain the public keys in JWK format, which can then be used to verify the signature of tokens issued by the service. network low complexity apache oracle CWE-522	7.5
2020-01-16	CVE-2020-7044	Off-by-one Error vulnerability in multiple products In Wireshark 3.2.x before 3.2.1, the WASSP dissector could crash. network low complexity wireshark fedoraproject opensuse oracle CWE-193	7.5
2020-01-15	CVE-2020-2731	Unspecified vulnerability in Oracle Database Server Vulnerability in the Core RDBMS component of Oracle Database Server. local low complexity oracle	3.9

Vulnerabilities > Oracle {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Oracle"}]}

Vulnerabilities > Oracle