Vulnerabilities > Oracle > Weblogic Server

DATE CVE VULNERABILITY TITLE RISK
2021-12-18 CVE-2021-45105 Uncontrolled Recursion vulnerability in multiple products
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups.
network
high complexity
apache netapp debian sonicwall oracle CWE-674
5.9
2021-12-17 CVE-2021-23450 All versions of package dojo are vulnerable to Prototype Pollution via the setObject function.
network
low complexity
linuxfoundation oracle debian
critical
9.8
2021-12-14 CVE-2021-4104 Deserialization of Untrusted Data vulnerability in multiple products
JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration.
network
high complexity
apache fedoraproject redhat oracle CWE-502
7.5
2021-10-26 CVE-2021-41182 Cross-site Scripting vulnerability in multiple products
jQuery-UI is the official jQuery user interface library.
6.1
2021-10-26 CVE-2021-41183 Cross-site Scripting vulnerability in multiple products
jQuery-UI is the official jQuery user interface library.
6.1
2021-10-26 CVE-2021-41184 Cross-site Scripting vulnerability in multiple products
jQuery-UI is the official jQuery user interface library.
6.1
2021-10-20 CVE-2021-35617 Unspecified vulnerability in Oracle Weblogic Server
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Coherence Container).
network
low complexity
oracle
critical
9.8
2021-10-20 CVE-2021-35620 Unspecified vulnerability in Oracle Weblogic Server
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core).
network
low complexity
oracle
7.5
2021-10-20 CVE-2021-35552 Unspecified vulnerability in Oracle Weblogic Server 12.2.1.3.0/12.2.1.4.0/14.1.1.0.0
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Diagnostics).
network
low complexity
oracle
5.3
2021-09-19 CVE-2021-40690 Information Exposure vulnerability in multiple products
All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element.
network
low complexity
apache debian oracle CWE-200
7.5