Vulnerabilities > Oracle > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-07-24 | CVE-2020-8174 | Integer Underflow (Wrap or Wraparound) vulnerability in multiple products napi_get_value_string_*() allows various kinds of memory corruption in node < 10.21.0, 12.18.0, and < 14.4.0. | 9.3 |
2020-07-15 | CVE-2020-14606 | Unspecified vulnerability in Oracle Sd-Wan Edge 8.2/9.0 Vulnerability in the Oracle SD-WAN Edge product of Oracle Communications Applications (component: User Interface). | 10.0 |
2020-06-23 | CVE-2020-9480 | Missing Authentication for Critical Function vulnerability in multiple products In Apache Spark 2.4.5 and earlier, a standalone resource manager's master may be configured to require authentication (spark.authenticate) via a shared secret. | 9.8 |
2020-05-20 | CVE-2020-9409 | Incorrect Default Permissions vulnerability in multiple products The administrative UI component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server for AWS Marketplace, and TIBCO JasperReports Server for ActiveMatrix BPM contains a vulnerability that theoretically allows an unauthenticated attacker to obtain the permissions of a JasperReports Server "superuser" for the affected systems. | 9.8 |
2020-05-14 | CVE-2020-11973 | Deserialization of Untrusted Data vulnerability in multiple products Apache Camel Netty enables Java deserialization by default. | 9.8 |
2020-05-11 | CVE-2018-1285 | XXE vulnerability in multiple products Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files. | 9.8 |
2020-05-01 | CVE-2020-10683 | XXE vulnerability in multiple products dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. | 9.8 |
2020-04-15 | CVE-2020-2801 | Unspecified vulnerability in Oracle Weblogic Server Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). | 9.8 |
2020-04-15 | CVE-2020-2883 | Unspecified vulnerability in Oracle Weblogic Server Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). | 9.8 |
2020-04-15 | CVE-2020-2884 | Unspecified vulnerability in Oracle Weblogic Server Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). | 9.8 |