Vulnerabilities > Oracle > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-15 | CVE-2020-2586 | Unspecified vulnerability in Oracle Human Resources Vulnerability in the Oracle Human Resources product of Oracle E-Business Suite (component: Hierarchy Diagrammers). | 9.9 |
| 2020-01-15 | CVE-2020-2555 | Deserialization of Untrusted Data vulnerability in Oracle products Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheStore,Invocation). | 9.8 |
| 2020-01-15 | CVE-2020-2551 | Unspecified vulnerability in Oracle Weblogic Server Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components). | 9.8 |
| 2020-01-15 | CVE-2020-2546 | Unspecified vulnerability in Oracle Weblogic Server 10.3.6.0.0/12.1.3.0.0 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Application Container - JavaEE). | 9.8 |
| 2020-01-14 | CVE-2019-0219 | A website running in the InAppBrowser webview on Android could execute arbitrary JavaScript in the main application's webview using a specially crafted gap-iab: URI. | 9.8 |
| 2020-01-03 | CVE-2019-20330 | Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking. | 9.8 |
| 2019-12-20 | CVE-2019-17571 | Deserialization of Untrusted Data vulnerability in multiple products Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. | 9.8 |
| 2019-12-09 | CVE-2019-19646 | Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns. | 9.8 |
| 2019-12-05 | CVE-2019-19317 | Incorrect Conversion between Numeric Types vulnerability in multiple products lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service or possibly have unspecified other impact. | 9.8 |
| 2019-11-06 | CVE-2019-12419 | Incorrect Authorization vulnerability in multiple products Apache CXF before 3.3.4 and 3.2.11 provides all of the components that are required to build a fully fledged OpenId Connect service. | 9.8 |