Vulnerabilities > Oracle > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-07-15 CVE-2020-14598 Unspecified vulnerability in Oracle Customer Relationship Management Gateway for Mobile Devices 12.1.1/12.1.3
Vulnerability in the Oracle CRM Gateway for Mobile Devices product of Oracle E-Business Suite (component: Setup of Mobile Applications).
network
low complexity
oracle
critical
9.1
2020-06-23 CVE-2020-9480 Missing Authentication for Critical Function vulnerability in multiple products
In Apache Spark 2.4.5 and earlier, a standalone resource manager's master may be configured to require authentication (spark.authenticate) via a shared secret.
network
low complexity
apache oracle CWE-306
critical
9.8
2020-05-20 CVE-2020-9409 Incorrect Default Permissions vulnerability in multiple products
The administrative UI component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server for AWS Marketplace, and TIBCO JasperReports Server for ActiveMatrix BPM contains a vulnerability that theoretically allows an unauthenticated attacker to obtain the permissions of a JasperReports Server "superuser" for the affected systems.
network
low complexity
tibco oracle CWE-276
critical
9.8
2020-05-14 CVE-2020-11973 Deserialization of Untrusted Data vulnerability in multiple products
Apache Camel Netty enables Java deserialization by default.
network
low complexity
apache oracle CWE-502
critical
9.8
2020-05-14 CVE-2020-11972 Deserialization of Untrusted Data vulnerability in multiple products
Apache Camel RabbitMQ enables Java deserialization by default.
network
low complexity
apache oracle CWE-502
critical
9.8
2020-05-11 CVE-2018-1285 XXE vulnerability in multiple products
Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files.
network
low complexity
apache fedoraproject oracle netapp CWE-611
critical
9.8
2020-05-01 CVE-2020-10683 XXE vulnerability in multiple products
dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks.
network
low complexity
dom4j-project oracle opensuse netapp canonical CWE-611
critical
9.8
2020-04-15 CVE-2020-2961 Unspecified vulnerability in Oracle Enterprise Manager Base Platform 13.2.0.0/13.3.0.0
Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Discovery Framework (Oracle OHS)).
network
low complexity
oracle
critical
9.8
2020-04-15 CVE-2020-2953 Unspecified vulnerability in Oracle Retail Customer Management and Segmentation Foundation 18.0
Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Promotions).
network
low complexity
oracle
critical
9.8
2020-04-15 CVE-2020-2950 Unspecified vulnerability in Oracle Business Intelligence
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web General).
network
low complexity
oracle
critical
9.8