Vulnerabilities > Oracle > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-15 | CVE-2020-2791 | Unspecified vulnerability in Oracle Knowledge 8.6.0/8.6.1/8.6.2 Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: Information Manager Console). | 9.8 |
| 2020-04-15 | CVE-2020-2733 | Unspecified vulnerability in Oracle JD Edwards Enterpriseone Tools 9.2 Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Monitoring and Diagnostics). | 9.8 |
| 2020-04-09 | CVE-2020-11656 | Use After Free vulnerability in multiple products In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement. | 9.8 |
| 2020-04-01 | CVE-2020-3909 | Classic Buffer Overflow vulnerability in multiple products A buffer overflow was addressed with improved bounds checking. | 9.8 |
| 2020-03-30 | CVE-2019-17560 | Improper Certificate Validation vulnerability in multiple products The "Apache NetBeans" autoupdate system does not validate SSL certificates and hostnames for https based downloads. | 9.1 |
| 2020-03-24 | CVE-2020-1747 | Improper Input Validation vulnerability in multiple products A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. | 9.8 |
| 2020-03-13 | CVE-2020-1953 | Apache Commons Configuration uses a third-party library to parse YAML files which by default allows the instantiation of classes if the YAML includes special statements. | 10.0 |
| 2020-03-12 | CVE-2020-10108 | HTTP Request Smuggling vulnerability in multiple products In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. | 9.8 |
| 2020-03-06 | CVE-2020-10188 | Classic Buffer Overflow vulnerability in multiple products utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem functions. network low complexity netkit-telnet-project fedoraproject debian arista oracle juniper CWE-120 critical | 9.8 |
| 2020-03-02 | CVE-2019-14893 | Deserialization of Untrusted Data vulnerability in multiple products A flaw was discovered in FasterXML jackson-databind in all versions before 2.9.10 and 2.10.0, where it would permit polymorphic deserialization of malicious objects using the xalan JNDI gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. | 9.8 |