Lucene search
K
OracleCoherence

23 matches found

CVE
CVE
added 2020/01/15 4:34 p.m.1340 views

CVE-2020-2555

CVE-2020-2555 (WebLogic/Coherence) : A deserialization vulnerability in Oracle Coherence (Fusion Middleware) enables unauthenticated remote code execution via the T3 protocol. Affected versions include Coherence 3.7.1.x, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0. The flaw originates from ReflectionExtra...

9.8CVSS9.1AI score0.97116EPSS
In wild
CVE
CVE
added 2022/03/11 12:0 a.m.874 views

CVE-2020-36518

CVE-2020-36518 affects jackson-databind prior to 2.13.0, enabling a Java StackOverflow and DoS via excessive nesting depth. In affected advisories, remediation is to upgrade jackson-databind to 2.13.0+ (examples show 2.13.x or newer such as 2.13.4.2 in Crowd/CWD references). Practical impact is d...

7.5CVSS7.4AI score0.0486EPSS
CVE
CVE
added 2020/12/03 4:16 p.m.614 views

CVE-2020-25649

The CVE-2020-25649 entry concerns a flaw in FasterXML Jackson Databind where entity expansion was not properly secured, enabling XML External Entity (XXE) attacks. This is a data-integrity risk. Connected advisories consistently associate the issue with Jackson Databind and XXE, and several sourc...

7.5CVSS7.3AI score0.17611EPSS
CVE
CVE
added 2021/03/30 3:5 p.m.504 views

CVE-2021-21409

The CVE concerns Netty’s HTTP/2 codec (io.netty:netty-codec-http2) where, before version 4.1.61.Final, a Content-Length check can be bypassed when a single Http2HeaderFrame with endStream set to true is used. This enables HTTP request smuggling if the request is proxied and translated to HTTP/1.1...

5.9CVSS6.5AI score0.04935EPSS
CVE
CVE
added 2021/10/19 12:0 a.m.477 views

CVE-2021-37136

CVE-2021-37136 : The Bzip2 decompression decoder can set no limit on the decompressed output size, affecting all Bzip2Decoder users. This under- or over-allocates memory during decompression and can trigger an OutOfMemoryError, enabling DoS. Connected IBM/ASTRA entries reiterate the same descript...

7.5CVSS7.4AI score0.05651EPSS
CVE
CVE
added 2021/12/09 12:0 a.m.350 views

CVE-2021-43797

CVE-2021-43797 : Netty prior to 4.1.71.Final fails to validate control chars at the start/end of header names, allowing HTTP request smuggling via crafted transfer-encoding/headers. This can enable the proxy to sanitize header names and forward malformed requests to remote systems that may not re...

6.5CVSS7.8AI score0.02682EPSS
CVE
CVE
added 2020/04/15 1:29 p.m.167 views

CVE-2020-2915

CVE-2020-2915 affects Oracle Coherence within Oracle Fusion Middleware (Caching, CacheStore, Invocation). Affected versions are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0. The issue allows an unauthenticated attacker with network access via IIOP/T3 to compromise Oracle Coherence, potentially tak...

9.8CVSS9AI score0.01961EPSS
CVE
CVE
added 2022/04/19 8:37 p.m.162 views

CVE-2022-21420

CVE-2022-21420 affects Oracle Coherence (Oracle Fusion Middleware, Core) with affected versions 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0. The vulnerability allows an unauthenticated remote attacker who can reach the service via T3 to compromise Coherence and may lead to takeover. The CVSS3.1 vector...

9.8CVSS9.2AI score0.01445EPSS
CVE
CVE
added 2021/01/20 2:49 p.m.149 views

CVE-2020-14756

CVE-2020-14756 : An insecure deserialization vulnerability in Oracle Coherence (Fusion Middleware Core Components) allows unauthenticated remote code execution via IIOP/T3. Affected versions include 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0. Successful exploitation can lead to t...

9.8CVSS9.3AI score0.74753EPSS
CVE
CVE
added 2022/07/19 9:8 p.m.141 views

CVE-2022-21570

CVE-2022-21570 affects Oracle Coherence (Oracle Fusion Middleware, Core) with vulnerable versions 3.7.1.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. The vulnerability allows unauthenticated network access via T3/IIOP to the Coherence service and can lead to a hang or frequent crash (complete DoS). T...

7.5CVSS7.3AI score0.0081EPSS
CVE
CVE
added 2021/04/22 9:53 p.m.77 views

CVE-2021-2277

CVE-2021-2277 affects Oracle Coherence (Core) in Oracle Fusion Middleware. Affected versions are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. It allows an unauthenticated attacker with network access via HTTP to access data, per CVSS 3.1 Base Score 7.5 (Confidentiality). The vulner...

7.5CVSS7.5AI score0.01123EPSS
CVE
CVE
added 2021/07/20 10:43 p.m.75 views

CVE-2021-2344

CVE-2021-2344 affects Oracle Coherence (Core) in Oracle Fusion Middleware. Affected versions: 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0. The vulnerability allows an unauthenticated attacker with network access via T3/IIOP to cause a hang or frequently repeatable crash (complete DOS)...

7.5CVSS7.1AI score0.01395EPSS
CVE
CVE
added 2020/07/15 5:34 p.m.69 views

CVE-2020-14642

CVE-2020-14642 affects Oracle Coherence (Fusion Middleware) CacheStore. Affected versions: 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. The vulnerability permits an unauthenticated remote attacker over HTTP to cause a hang or complete DoS in Oracle Coherence. CVSS 3.1 base score 7....

7.8CVSS7.6AI score0.01577EPSS
CVE
CVE
added 2021/07/20 10:43 p.m.69 views

CVE-2021-2371

CVE-2021-2371 affects Oracle Coherence (Core) within Oracle Fusion Middleware. Affected versions: 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0. An unauthenticated attacker with network access via T3/IIOP can cause the Coherence service to hang or crash (complete DoS). CVSS v3.1 base sc...

7.5CVSS7.1AI score0.01174EPSS
CVE
CVE
added 2021/07/20 10:44 p.m.66 views

CVE-2021-2428

CVE-2021-2428 affects Oracle Coherence (Core) within Oracle Fusion Middleware. Affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. The vulnerability allows an unauthenticated attacker with network access via T3/IIOP to compromise Oracle Coherence, with potential takeover. CVSSv3.1 bas...

8.1CVSS7.8AI score0.01561EPSS
CVE
CVE
added 2020/04/15 1:29 p.m.52 views

CVE-2020-2949

CVE-2020-2949 describes a vulnerability in Oracle Coherence (Oracle Fusion Middleware) affecting components Caching, CacheStore, Invocation. Affected versions are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. The issue allows an unauthenticated, network-reachable attacker (via HTTP) to read a s...

5.3CVSS4.5AI score0.01197EPSS
CVE
CVE
added 2026/06/16 7:27 p.m.36 views

CVE-2026-35308

Technical details are not publicly available in the provided documents. Monitor for updates from Oracle security alerts and CVE records to learn affected products, impact, and remediation.

10CVSS5.3AI score0.00474EPSS
CVE
CVE
added 2026/06/16 7:27 p.m.30 views

CVE-2026-35307

Technical details for CVE-2026-35307 are not publicly available in the provided documents. Monitor for updates from Oracle and CVE records to obtain affected products, impact, and remediation information.

10CVSS5.3AI score0.00474EPSS
CVE
CVE
added 2026/06/16 7:27 p.m.23 views

CVE-2026-35304

Technical details about CVE-2026-35304 are not publicly available in the provided documents. Monitor for updates from Oracle security alerts and CVE records.

9.8CVSS5.2AI score0.00474EPSS
CVE
CVE
added 2026/06/16 7:27 p.m.21 views

CVE-2026-35309

Technical details about CVE-2026-35309 are not publicly available in the provided documents. Monitor for official disclosures and updates.

9.8CVSS5.2AI score0.00473EPSS
CVE
CVE
added 2026/06/16 7:27 p.m.19 views

CVE-2026-35305

Technical details are not publicly available in the provided documents. Monitor for updates.

9.3CVSS5.2AI score0.00338EPSS
CVE
CVE
added 2026/06/16 7:27 p.m.18 views

CVE-2026-35310

Technical details for CVE-2026-35310 are not provided in the supplied documents. No affected products, components, root cause, impacts, or remediation information are available here. Monitor for official updates from CVE/CVE List sources.

9.8CVSS5.2AI score0.00483EPSS
CVE
CVE
added 2026/06/16 7:27 p.m.13 views

CVE-2026-35306

Technical details for CVE-2026-35306 are not publicly available in the provided documents. Monitor for updates; no information on affected products, vulnerability scope, impact, or remediation is provided here.

9.3CVSS5.2AI score0.00353EPSS