Vulnerabilities > Oracle > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-02-10 CVE-2020-7060 Out-of-bounds Read vulnerability in multiple products
When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause function mbfl_filt_conv_big5_wchar to read past the allocated buffer.
network
low complexity
php tenable oracle opensuse debian CWE-125
critical
9.1
2020-02-10 CVE-2020-7059 Out-of-bounds Read vulnerability in multiple products
When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer.
network
low complexity
php tenable oracle opensuse debian CWE-125
critical
9.1
2020-02-07 CVE-2019-15606 Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons
network
low complexity
nodejs oracle debian redhat opensuse
critical
9.8
2020-02-07 CVE-2019-15605 HTTP Request Smuggling vulnerability in multiple products
HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed
network
low complexity
nodejs debian fedoraproject opensuse redhat oracle CWE-444
critical
9.8
2020-01-15 CVE-2020-2587 Unspecified vulnerability in Oracle Human Resources
Vulnerability in the Oracle Human Resources product of Oracle E-Business Suite (component: Hierarchy Diagrammers).
network
low complexity
oracle
critical
9.9
2020-01-15 CVE-2020-2586 Unspecified vulnerability in Oracle Human Resources
Vulnerability in the Oracle Human Resources product of Oracle E-Business Suite (component: Hierarchy Diagrammers).
network
low complexity
oracle
critical
9.9
2020-01-15 CVE-2020-2555 Deserialization of Untrusted Data vulnerability in Oracle products
Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheStore,Invocation).
network
low complexity
oracle CWE-502
critical
9.8
2020-01-15 CVE-2020-2551 Unspecified vulnerability in Oracle Weblogic Server
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components).
network
low complexity
oracle
critical
9.8
2020-01-15 CVE-2020-2546 Unspecified vulnerability in Oracle Weblogic Server 10.3.6.0.0/12.1.3.0.0
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Application Container - JavaEE).
network
low complexity
oracle
critical
9.8
2020-01-14 CVE-2019-0219 A website running in the InAppBrowser webview on Android could execute arbitrary JavaScript in the main application's webview using a specially crafted gap-iab: URI.
network
low complexity
apache oracle
critical
9.8