Oracle Utilities_framework
38 CVEs affecting Oracle Utilities_framework. Latest disclosed: 2026-01-20. Critical: 6, High: 21.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2020-14756 | Critical | 9.8 | 2021-01-20 | Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Core Components). Supported versions that are affected are 3.7.1.0, 12.1… |
CVE-2020-10683 | Critical | 9.8 | 2020-05-01 | dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular exte… |
CVE-2020-2555 | Critical | 9.8 | 2020-01-15 | Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheStore,Invocation). Supported versions that are affected are… |
CVE-2019-17495 | Critical | 9.8 | 2019-10-10 | A Cascading Style Sheets (CSS) injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite (RPO) technique to perf… |
CVE-2019-10173 | Critical | 9.8 | 2019-07-23 | It was found that xstream API version 1.4.10 before 1.4.11 introduced a regression for a previous deserialization flaw. If the security framework has not been… |
CVE-2018-8088 | Critical | 9.8 | 2018-03-20 | org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted d… |
CVE-2021-39152 | High | 8.5 | 2021-08-23 | XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data fro… |
CVE-2021-39150 | High | 8.5 | 2021-08-23 | XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data fro… |
CVE-2021-39154 | High | 8.5 | 2021-08-23 | XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute… |
CVE-2021-39153 | High | 8.5 | 2021-08-23 | XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute… |
CVE-2021-39151 | High | 8.5 | 2021-08-23 | XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute… |
CVE-2021-39149 | High | 8.5 | 2021-08-23 | XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute… |
CVE-2021-39148 | High | 8.5 | 2021-08-23 | XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute… |
CVE-2021-39147 | High | 8.5 | 2021-08-23 | XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute… |
CVE-2021-39146 | High | 8.5 | 2021-08-23 | XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute… |
CVE-2021-39145 | High | 8.5 | 2021-08-23 | XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute… |
CVE-2021-39144 | High | 8.5 | 2021-08-23 | XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker has sufficient righ… |
CVE-2021-39141 | High | 8.5 | 2021-08-23 | XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute… |
CVE-2021-39139 | High | 8.5 | 2021-08-23 | XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute… |
CVE-2021-2351 | High | 8.3 | 2021-07-21 | Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Diffi… |