Vulnerabilities > Oracle > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-14 | CVE-2021-4104 | Deserialization of Untrusted Data vulnerability in multiple products JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. | 7.5 |
| 2021-12-13 | CVE-2021-43818 | Injection vulnerability in multiple products lxml is a library for processing XML and HTML in the Python language. | 7.1 |
| 2021-12-07 | CVE-2021-42717 | Uncontrolled Recursion vulnerability in multiple products ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objects. | 7.5 |
| 2021-11-08 | CVE-2021-41772 | Improper Input Validation vulnerability in multiple products Go before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip Reader.Open panic via a crafted ZIP archive containing an invalid name or an empty filename field. | 7.5 |
| 2021-11-04 | CVE-2021-43396 | In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, remote attackers can force iconv() to emit a spurious '\0' character via crafted ISO-2022-JP-3 data that is accompanied by an internal state reset. | 7.5 |
| 2021-10-25 | CVE-2021-21703 | Out-of-bounds Write vulnerability in multiple products In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower-privileged users, it is possible for the child processes to access memory shared with the main process and write to it, modifying it in a way that would cause the root process to conduct invalid memory reads and writes, which can be used to escalate privileges from local unprivileged user to the root user. | 7.0 |
| 2021-10-20 | CVE-2021-35599 | Unspecified vulnerability in Oracle Zero Downtime DB Migration to Cloud 21C Vulnerability in the Zero Downtime DB Migration to Cloud component of Oracle Database Server. | 8.2 |
| 2021-10-20 | CVE-2021-35610 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 7.1 |
| 2021-10-20 | CVE-2021-35619 | Unspecified vulnerability in Oracle Java Virtual Machine Vulnerability in the Java VM component of Oracle Database Server. | 7.1 |
| 2021-10-20 | CVE-2021-35620 | Unspecified vulnerability in Oracle Weblogic Server Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). | 7.5 |