Vulnerabilities > Oracle > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-23 | CVE-2019-2645 | Unspecified vulnerability in Oracle Weblogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). | 9.8 |
| 2019-04-23 | CVE-2019-2638 | Unspecified vulnerability in Oracle General Ledger Vulnerability in the Oracle General Ledger component of Oracle E-Business Suite (subcomponent: Consolidation Hierarchy Viewer). | 9.9 |
| 2019-04-23 | CVE-2019-2633 | Unspecified vulnerability in Oracle Work in Process Vulnerability in the Oracle Work in Process component of Oracle E-Business Suite (subcomponent: Messages). | 9.9 |
| 2019-04-23 | CVE-2019-2517 | Unspecified vulnerability in Oracle Database Server 12.2.0.1/18C Vulnerability in the Core RDBMS component of Oracle Database Server. | 9.1 |
| 2019-04-17 | CVE-2019-0228 | XXE vulnerability in multiple products Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XFDF. | 9.8 |
| 2019-04-10 | CVE-2019-11068 | libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. | 9.8 |
| 2019-03-08 | CVE-2019-9636 | Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. | 9.8 |
| 2019-02-25 | CVE-2018-20033 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products A Remote Code Execution vulnerability in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier could allow a remote attacker to corrupt the memory by allocating / deallocating memory, loading lmgrd or the vendor daemon and causing the heartbeat between lmgrd and the vendor daemon to stop. | 9.8 |
| 2019-02-20 | CVE-2019-7164 | SQL Injection vulnerability in multiple products SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter. | 9.8 |
| 2019-02-06 | CVE-2019-3822 | Out-of-bounds Write vulnerability in multiple products libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. | 9.8 |