Vulnerabilities > Oracle > Critical

DATE CVE VULNERABILITY TITLE RISK
2021-01-20 CVE-2021-2064 Unspecified vulnerability in Oracle Weblogic Server 12.1.3.0.0
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core Components).
network
low complexity
oracle
critical
 9.8
9.8
2021-01-20 CVE-2021-2047 Unspecified vulnerability in Oracle Weblogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core Components).
network
low complexity
oracle
critical
 9.8
9.8
2021-01-20 CVE-2021-2029 Unspecified vulnerability in Oracle Scripting
Vulnerability in the Oracle Scripting product of Oracle E-Business Suite (component: Miscellaneous).
network
low complexity
oracle
critical
 9.8
9.8
2021-01-20 CVE-2021-1994 Unspecified vulnerability in Oracle Enterprise Repository and Weblogic Server
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services).
network
low complexity
oracle
critical
 9.8
9.8
2021-01-20 CVE-2020-14756 Unspecified vulnerability in Oracle Coherence and Utilities Framework
Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Core Components).
network
low complexity
oracle
critical
 9.8
9.8
2021-01-19 CVE-2021-3177 Classic Buffer Overflow vulnerability in multiple products
Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param.
network
low complexity
python fedoraproject netapp debian oracle CWE-120
critical
 9.8
9.8
2021-01-14 CVE-2021-23926 XML Entity Expansion vulnerability in multiple products
The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user from malicious XML input.
network
low complexity
apache netapp debian oracle CWE-776
critical
 9.1
9.1
2020-12-11 CVE-2020-17530 Expression Language Injection vulnerability in multiple products
Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.
network
low complexity
apache oracle CWE-917
critical
 9.8
9.8
2020-11-17 CVE-2020-7774 The package y18n before 3.2.2, 4.0.1 and 5.0.5, is vulnerable to Prototype Pollution.
network
low complexity
y18n-project oracle siemens
critical
 9.8
9.8
2020-11-02 CVE-2020-14750 Unspecified vulnerability in Oracle Fusion Middleware
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console).
network
low complexity
oracle
critical
 9.8
9.8