Vulnerabilities > Oracle > Critical

DATE CVE VULNERABILITY TITLE RISK
2021-09-23 CVE-2021-22945 Double Free vulnerability in multiple products
When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it *again*.
network
low complexity
haxx fedoraproject netapp oracle apple siemens debian CWE-415
critical
9.1
2021-09-16 CVE-2021-40438 Server-Side Request Forgery (SSRF) vulnerability in multiple products
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user.
network
high complexity
apache fedoraproject debian netapp f5 oracle siemens CWE-918
critical
9.0
2021-09-16 CVE-2021-39275 Out-of-bounds Write vulnerability in multiple products
ap_escape_quotes() may write beyond the end of a buffer when given malicious input.
network
low complexity
apache fedoraproject debian netapp oracle siemens CWE-787
critical
9.8
2021-08-24 CVE-2021-3711 Classic Buffer Overflow vulnerability in multiple products
In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt().
network
low complexity
openssl debian netapp oracle tenable CWE-120
critical
9.8
2021-07-21 CVE-2021-2396 Unspecified vulnerability in Oracle BI Publisher
Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: E-Business Suite - XDO).
network
low complexity
oracle
critical
9.0
2021-07-21 CVE-2021-2394 Unspecified vulnerability in Oracle Weblogic Server
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core).
network
low complexity
oracle
critical
10.0
2021-07-21 CVE-2021-2392 Unspecified vulnerability in Oracle BI Publisher
Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: BI Publisher Security).
network
low complexity
oracle
critical
9.0
2021-07-21 CVE-2021-2391 Unspecified vulnerability in Oracle BI Publisher
Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Scheduler).
network
low complexity
oracle
critical
9.0
2021-03-23 CVE-2021-21345 OS Command Injection vulnerability in multiple products
XStream is a Java library to serialize objects to XML and back again.
network
low complexity
xstream-project debian fedoraproject oracle CWE-78
critical
9.9
2021-03-10 CVE-2020-13936 An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container.
network
low complexity
apache debian oracle
critical
9.0