Vulnerabilities > Oracle > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-07-24 CVE-2020-8174 Integer Underflow (Wrap or Wraparound) vulnerability in multiple products
napi_get_value_string_*() allows various kinds of memory corruption in node < 10.21.0, 12.18.0, and < 14.4.0.
network
nodejs oracle netapp CWE-191
critical
 9.3
9.3
2020-07-15 CVE-2020-14606 Unspecified vulnerability in Oracle Sd-Wan Edge 8.2/9.0
Vulnerability in the Oracle SD-WAN Edge product of Oracle Communications Applications (component: User Interface).
network
low complexity
oracle
critical
 10.0
10
2020-06-23 CVE-2020-9480 Missing Authentication for Critical Function vulnerability in multiple products
In Apache Spark 2.4.5 and earlier, a standalone resource manager's master may be configured to require authentication (spark.authenticate) via a shared secret.
network
low complexity
apache oracle CWE-306
critical
 9.8
9.8
2020-05-20 CVE-2020-9409 Incorrect Default Permissions vulnerability in multiple products
The administrative UI component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server for AWS Marketplace, and TIBCO JasperReports Server for ActiveMatrix BPM contains a vulnerability that theoretically allows an unauthenticated attacker to obtain the permissions of a JasperReports Server "superuser" for the affected systems.
network
low complexity
tibco oracle CWE-276
critical
 9.8
9.8
2020-05-14 CVE-2020-11973 Deserialization of Untrusted Data vulnerability in multiple products
Apache Camel Netty enables Java deserialization by default.
network
low complexity
apache oracle CWE-502
critical
 9.8
9.8
2020-05-11 CVE-2018-1285 XXE vulnerability in multiple products
Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files.
network
low complexity
apache fedoraproject oracle netapp CWE-611
critical
 9.8
9.8
2020-05-01 CVE-2020-10683 XXE vulnerability in multiple products
dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks.
network
low complexity
dom4j-project oracle opensuse netapp canonical CWE-611
critical
 9.8
9.8
2020-04-15 CVE-2020-2801 Unspecified vulnerability in Oracle Weblogic Server
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core).
network
low complexity
oracle
critical
 9.8
9.8
2020-04-15 CVE-2020-2883 Unspecified vulnerability in Oracle Weblogic Server
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core).
network
low complexity
oracle
critical
 9.8
9.8
2020-04-15 CVE-2020-2884 Unspecified vulnerability in Oracle Weblogic Server
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core).
network
low complexity
oracle
critical
 9.8
9.8