Vulnerabilities > Oracle > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-01-18 CVE-2022-23307 Deserialization of Untrusted Data vulnerability in multiple products
CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw.
network
low complexity
apache qos oracle CWE-502
critical
9.0
2021-10-04 CVE-2021-32762 Integer Overflow to Buffer Overflow vulnerability in multiple products
Redis is an open source, in-memory database that persists on disk.
network
low complexity
redis debian fedoraproject netapp oracle CWE-680
critical
9.0
2021-07-21 CVE-2021-2396 Unspecified vulnerability in Oracle BI Publisher
Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: E-Business Suite - XDO).
network
low complexity
oracle
critical
9.0
2021-07-21 CVE-2021-2394 Unspecified vulnerability in Oracle Weblogic Server
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core).
network
low complexity
oracle
critical
10.0
2021-07-21 CVE-2021-2392 Unspecified vulnerability in Oracle BI Publisher
Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: BI Publisher Security).
network
low complexity
oracle
critical
9.0
2021-07-21 CVE-2021-2391 Unspecified vulnerability in Oracle BI Publisher
Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Scheduler).
network
low complexity
oracle
critical
9.0
2021-03-10 CVE-2020-13936 An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container.
network
low complexity
apache debian oracle
critical
9.0
2021-02-23 CVE-2021-22112 Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in a single request.A malicious user cannot cause the bug to happen (it must be programmed in).
network
low complexity
pivotal-software vmware oracle
critical
9.0
2021-02-09 CVE-2020-14343 Improper Input Validation vulnerability in multiple products
A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader.
network
low complexity
pyyaml oracle CWE-20
critical
10.0
2020-11-16 CVE-2020-26217 OS Command Injection vulnerability in multiple products
XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream.
9.3