Vulnerabilities > Oracle > Critical

DATE CVE VULNERABILITY TITLE RISK
2021-01-19 CVE-2021-3177 Classic Buffer Overflow vulnerability in multiple products
Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param.
network
low complexity
python fedoraproject netapp debian oracle CWE-120
critical
 9.8
9.8
2021-01-14 CVE-2021-23926 XML Entity Expansion vulnerability in multiple products
The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user from malicious XML input.
network
low complexity
apache netapp debian oracle CWE-776
critical
 9.1
9.1
2020-11-17 CVE-2020-7774 The package y18n before 3.2.2, 4.0.1 and 5.0.5, is vulnerable to Prototype Pollution.
network
low complexity
y18n-project oracle siemens
critical
 9.8
9.8
2020-10-22 CVE-2020-27619 In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP.
network
low complexity
python fedoraproject oracle
critical
 9.8
9.8
2020-10-21 CVE-2020-14883 Unspecified vulnerability in Oracle Weblogic Server
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console).
network
low complexity
oracle
critical
 9.0
9.0
2020-10-21 CVE-2020-14882 Unspecified vulnerability in Oracle Weblogic Server
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console).
network
low complexity
oracle
critical
 10.0
10
2020-10-21 CVE-2020-14875 Unspecified vulnerability in Oracle Marketing
Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration).
network
low complexity
oracle
critical
 9.4
9.4
2020-10-21 CVE-2020-14871 Out-of-bounds Write vulnerability in Oracle Solaris 10/11/9
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module).
network
low complexity
oracle CWE-787
critical
 10.0
10
2020-10-21 CVE-2020-14862 Unspecified vulnerability in Oracle Universal Work Queue
Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component: Internal Operations).
network
low complexity
oracle
critical
 9.0
9.0
2020-10-21 CVE-2020-14859 Unspecified vulnerability in Oracle Weblogic Server
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core).
network
low complexity
oracle
critical
 10.0
10