Vulnerabilities > Oracle > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-24 | CVE-2020-28928 | Out-of-bounds Write vulnerability in multiple products In musl libc through 1.2.1, wcsnrtombs mishandles particular combinations of destination buffer size and source character limit, as demonstrated by an invalid write access (buffer overflow). | 5.5 |
| 2020-11-20 | CVE-2020-4788 | IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. | 4.7 |
| 2020-11-12 | CVE-2020-27193 | Cross-site Scripting vulnerability in multiple products A cross-site scripting (XSS) vulnerability in the Color Dialog plugin for CKEditor 4.15.0 allows remote attackers to run arbitrary web script after persuading a user to copy and paste crafted HTML code into one of editor inputs. | 4.3 |
| 2020-11-12 | CVE-2020-13954 | Cross-site Scripting vulnerability in multiple products By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. | 6.1 |
| 2020-10-30 | CVE-2020-7760 | Resource Exhaustion vulnerability in multiple products This affects the package codemirror before 5.58.2; the package org.apache.marmotta.webjars:codemirror before 5.58.2. | 5.0 |
| 2020-10-21 | CVE-2020-14901 | Unspecified vulnerability in Oracle Database 19C Vulnerability in the RDBMS Security component of Oracle Database Server. | 6.8 |
| 2020-10-21 | CVE-2020-14900 | Unspecified vulnerability in Oracle Application Express Vulnerability in the Oracle Application Express Group Calendar component of Oracle Database Server. network oracle | 4.9 |
| 2020-10-21 | CVE-2020-14899 | Unspecified vulnerability in Oracle Application Express Vulnerability in the Oracle Application Express Data Reporter component of Oracle Database Server. network oracle | 4.9 |
| 2020-10-21 | CVE-2020-14898 | Unspecified vulnerability in Oracle Application Express Vulnerability in the Oracle Application Express Packaged Apps component of Oracle Database Server. network oracle | 4.9 |
| 2020-10-21 | CVE-2020-14896 | Unspecified vulnerability in Oracle Banking Payments 14.1.0/14.3.0/14.4.0 Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Core). | 6.8 |