| 2021-07-21 | CVE-2021-2396 | Unspecified vulnerability in Oracle BI Publisher
Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: E-Business Suite - XDO). network low complexity oracle critical | 9.0 |
| 2021-07-21 | CVE-2021-2394 | Unspecified vulnerability in Oracle Weblogic Server
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). network low complexity oracle critical | 10.0 |
| 2021-07-21 | CVE-2021-2392 | Unspecified vulnerability in Oracle BI Publisher
Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: BI Publisher Security). network low complexity oracle critical | 9.0 |
| 2021-07-21 | CVE-2021-2391 | Unspecified vulnerability in Oracle BI Publisher
Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Scheduler). network low complexity oracle critical | 9.0 |
| 2021-06-02 | CVE-2021-3520 | Integer Overflow or Wraparound vulnerability in multiple products
There's a flaw in lz4. | 9.8 |
| 2021-03-23 | CVE-2021-21342 | Deserialization of Untrusted Data vulnerability in multiple products
XStream is a Java library to serialize objects to XML and back again. | 9.1 |
| 2021-03-23 | CVE-2021-21345 | OS Command Injection vulnerability in multiple products
XStream is a Java library to serialize objects to XML and back again. | 9.9 |
| 2021-03-10 | CVE-2020-13936 | An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. | 9.0 |
| 2021-02-23 | CVE-2021-22112 | Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in a single request.A malicious user cannot cause the bug to happen (it must be programmed in). | 9.0 |
| 2021-02-09 | CVE-2020-14343 | Improper Input Validation vulnerability in multiple products
A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. | 9.8 |