Vulnerabilities > Oracle > Weblogic Server > High

DATE CVE VULNERABILITY TITLE RISK
2024-10-15 CVE-2024-21234 Unspecified vulnerability in Oracle Weblogic Server 12.2.1.4.0/14.1.1.0.0
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core).
network
low complexity
oracle
7.5
7.5
2024-10-15 CVE-2024-21260 Unspecified vulnerability in Oracle Weblogic Server 12.2.1.4.0/14.1.1.0.0
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core).
network
low complexity
oracle
7.5
7.5
2024-10-15 CVE-2024-21274 Unspecified vulnerability in Oracle Weblogic Server 12.2.1.4.0/14.1.1.0.0
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console).
network
low complexity
oracle
7.5
7.5
2022-04-11 CVE-2022-24839 org.cyberneko.html is an html parser written in Java.
network
low complexity
nekohtml-project oracle
7.5
7.5
2022-03-11 CVE-2020-36518 Out-of-bounds Write vulnerability in multiple products
jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.
network
low complexity
fasterxml oracle debian netapp CWE-787
7.5
7.5
2022-01-18 CVE-2022-23302 Deserialization of Untrusted Data vulnerability in multiple products
JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to.
network
low complexity
apache netapp broadcom qos oracle CWE-502
8.8
8.8
2022-01-18 CVE-2022-23307 Deserialization of Untrusted Data vulnerability in multiple products
CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw.
network
low complexity
apache qos oracle CWE-502
8.8
8.8
2021-12-14 CVE-2021-4104 Deserialization of Untrusted Data vulnerability in multiple products
JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration.
network
high complexity
apache fedoraproject redhat oracle CWE-502
7.5
7.5
2021-09-19 CVE-2021-40690 All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element.
network
low complexity
apache debian oracle
7.5
7.5
2021-03-25 CVE-2021-3450 Improper Certificate Validation vulnerability in multiple products
The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. 		7.4
7.4