Vulnerabilities > Oracle > Critical

DATE CVE VULNERABILITY TITLE RISK
2021-03-23 CVE-2021-21346 Unrestricted Upload of File with Dangerous Type vulnerability in multiple products
XStream is a Java library to serialize objects to XML and back again.
network
low complexity
xstream-project debian fedoraproject oracle CWE-434
critical
 9.8
9.8
2021-03-23 CVE-2021-21345 OS Command Injection vulnerability in multiple products
XStream is a Java library to serialize objects to XML and back again.
network
low complexity
xstream-project debian fedoraproject oracle CWE-78
critical
 9.9
9.9
2021-03-23 CVE-2021-21344 Unrestricted Upload of File with Dangerous Type vulnerability in multiple products
XStream is a Java library to serialize objects to XML and back again.
network
low complexity
xstream-project debian fedoraproject oracle CWE-434
critical
 9.8
9.8
2021-03-23 CVE-2021-21342 Deserialization of Untrusted Data vulnerability in multiple products
XStream is a Java library to serialize objects to XML and back again.
network
low complexity
xstream-project debian fedoraproject oracle CWE-502
critical
 9.1
9.1
2021-02-09 CVE-2020-14343 Improper Input Validation vulnerability in multiple products
A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader.
network
low complexity
pyyaml oracle CWE-20
critical
 9.8
9.8
2021-02-07 CVE-2020-36242 Integer Overflow or Wraparound vulnerability in multiple products
In the cryptography package before 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow, as demonstrated by the Fernet class.
network
low complexity
cryptography-io fedoraproject oracle CWE-190
critical
 9.1
9.1
2021-01-20 CVE-2021-2108 Unspecified vulnerability in Oracle Weblogic Server 12.1.3.0.0
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core Components).
network
low complexity
oracle
critical
 9.8
9.8
2021-01-20 CVE-2021-2101 Unspecified vulnerability in Oracle One-To-One Fulfillment
Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Print Server).
network
low complexity
oracle
critical
 9.1
9.1
2021-01-20 CVE-2021-2100 Unspecified vulnerability in Oracle One-To-One Fulfillment
Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Print Server).
network
low complexity
oracle
critical
 9.1
9.1
2021-01-20 CVE-2021-2075 Unspecified vulnerability in Oracle Weblogic Server
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Samples).
network
low complexity
oracle
critical
 9.8
9.8