Vulnerabilities > Oracle > Critical

DATE CVE VULNERABILITY TITLE RISK
2019-08-23 CVE-2019-10746 Argument Injection or Modification vulnerability in multiple products
mixin-deep is vulnerable to Prototype Pollution in versions before 1.3.2 and version 2.0.0.
network
low complexity
mixin-deep-project fedoraproject oracle CWE-88
critical
9.8
2019-08-09 CVE-2019-12261 Classic Buffer Overflow vulnerability in multiple products
Wind River VxWorks 6.7 though 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 3 of 4).
network
low complexity
windriver sonicwall siemens netapp oracle belden CWE-120
critical
9.8
2019-08-09 CVE-2019-12260 Classic Buffer Overflow vulnerability in multiple products
Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 2 of 4).
network
low complexity
windriver sonicwall siemens netapp oracle belden CWE-120
critical
9.8
2019-07-29 CVE-2019-14379 SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution.
network
low complexity
fasterxml debian netapp fedoraproject redhat oracle apple
critical
9.8
2019-07-26 CVE-2019-13990 XXE vulnerability in multiple products
initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description.
network
low complexity
softwareag oracle apache netapp atlassian CWE-611
critical
9.8
2019-07-26 CVE-2019-10744 Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution.
network
low complexity
lodash netapp redhat oracle f5
critical
9.1
2019-07-23 CVE-2019-2856 Unspecified vulnerability in Oracle Weblogic Server 12.2.1.3.0
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Application Container - JavaEE).
network
low complexity
oracle
critical
9.8
2019-07-23 CVE-2019-2828 Unspecified vulnerability in Oracle Field Service
Vulnerability in the Oracle Field Service component of Oracle E-Business Suite (subcomponent: Wireless).
network
low complexity
oracle
critical
9.6
2019-07-23 CVE-2019-2775 Unspecified vulnerability in Oracle Payments
Vulnerability in the Oracle Payments component of Oracle E-Business Suite (subcomponent: File Transmission).
network
low complexity
oracle
critical
9.1
2019-07-23 CVE-2019-10173 It was found that xstream API version 1.4.10 before 1.4.11 introduced a regression for a previous deserialization flaw.
network
low complexity
xstream-project oracle
critical
9.8