23 matches found
CVE-2020-2555
CVE-2020-2555 (WebLogic/Coherence) : A deserialization vulnerability in Oracle Coherence (Fusion Middleware) enables unauthenticated remote code execution via the T3 protocol. Affected versions include Coherence 3.7.1.x, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0. The flaw originates from ReflectionExtra...
CVE-2020-36518
CVE-2020-36518 affects jackson-databind prior to 2.13.0, enabling a Java StackOverflow and DoS via excessive nesting depth. In affected advisories, remediation is to upgrade jackson-databind to 2.13.0+ (examples show 2.13.x or newer such as 2.13.4.2 in Crowd/CWD references). Practical impact is d...
CVE-2020-25649
The CVE-2020-25649 entry concerns a flaw in FasterXML Jackson Databind where entity expansion was not properly secured, enabling XML External Entity (XXE) attacks. This is a data-integrity risk. Connected advisories consistently associate the issue with Jackson Databind and XXE, and several sourc...
CVE-2021-21409
The CVE concerns Netty’s HTTP/2 codec (io.netty:netty-codec-http2) where, before version 4.1.61.Final, a Content-Length check can be bypassed when a single Http2HeaderFrame with endStream set to true is used. This enables HTTP request smuggling if the request is proxied and translated to HTTP/1.1...
CVE-2021-37136
CVE-2021-37136 : The Bzip2 decompression decoder can set no limit on the decompressed output size, affecting all Bzip2Decoder users. This under- or over-allocates memory during decompression and can trigger an OutOfMemoryError, enabling DoS. Connected IBM/ASTRA entries reiterate the same descript...
CVE-2021-43797
CVE-2021-43797 : Netty prior to 4.1.71.Final fails to validate control chars at the start/end of header names, allowing HTTP request smuggling via crafted transfer-encoding/headers. This can enable the proxy to sanitize header names and forward malformed requests to remote systems that may not re...
CVE-2020-2915
CVE-2020-2915 affects Oracle Coherence within Oracle Fusion Middleware (Caching, CacheStore, Invocation). Affected versions are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0. The issue allows an unauthenticated attacker with network access via IIOP/T3 to compromise Oracle Coherence, potentially tak...
CVE-2022-21420
CVE-2022-21420 affects Oracle Coherence (Oracle Fusion Middleware, Core) with affected versions 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0. The vulnerability allows an unauthenticated remote attacker who can reach the service via T3 to compromise Coherence and may lead to takeover. The CVSS3.1 vector...
CVE-2020-14756
CVE-2020-14756 : An insecure deserialization vulnerability in Oracle Coherence (Fusion Middleware Core Components) allows unauthenticated remote code execution via IIOP/T3. Affected versions include 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0. Successful exploitation can lead to t...
CVE-2022-21570
CVE-2022-21570 affects Oracle Coherence (Oracle Fusion Middleware, Core) with vulnerable versions 3.7.1.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. The vulnerability allows unauthenticated network access via T3/IIOP to the Coherence service and can lead to a hang or frequent crash (complete DoS). T...
CVE-2021-2277
CVE-2021-2277 affects Oracle Coherence (Core) in Oracle Fusion Middleware. Affected versions are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. It allows an unauthenticated attacker with network access via HTTP to access data, per CVSS 3.1 Base Score 7.5 (Confidentiality). The vulner...
CVE-2021-2344
CVE-2021-2344 affects Oracle Coherence (Core) in Oracle Fusion Middleware. Affected versions: 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0. The vulnerability allows an unauthenticated attacker with network access via T3/IIOP to cause a hang or frequently repeatable crash (complete DOS)...
CVE-2020-14642
CVE-2020-14642 affects Oracle Coherence (Fusion Middleware) CacheStore. Affected versions: 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. The vulnerability permits an unauthenticated remote attacker over HTTP to cause a hang or complete DoS in Oracle Coherence. CVSS 3.1 base score 7....
CVE-2021-2371
CVE-2021-2371 affects Oracle Coherence (Core) within Oracle Fusion Middleware. Affected versions: 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0. An unauthenticated attacker with network access via T3/IIOP can cause the Coherence service to hang or crash (complete DoS). CVSS v3.1 base sc...
CVE-2021-2428
CVE-2021-2428 affects Oracle Coherence (Core) within Oracle Fusion Middleware. Affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. The vulnerability allows an unauthenticated attacker with network access via T3/IIOP to compromise Oracle Coherence, with potential takeover. CVSSv3.1 bas...
CVE-2020-2949
CVE-2020-2949 describes a vulnerability in Oracle Coherence (Oracle Fusion Middleware) affecting components Caching, CacheStore, Invocation. Affected versions are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. The issue allows an unauthenticated, network-reachable attacker (via HTTP) to read a s...
CVE-2026-35308
Technical details are not publicly available in the provided documents. Monitor for updates from Oracle security alerts and CVE records to learn affected products, impact, and remediation.
CVE-2026-35307
Technical details for CVE-2026-35307 are not publicly available in the provided documents. Monitor for updates from Oracle and CVE records to obtain affected products, impact, and remediation information.
CVE-2026-35304
Technical details about CVE-2026-35304 are not publicly available in the provided documents. Monitor for updates from Oracle security alerts and CVE records.
CVE-2026-35309
Technical details about CVE-2026-35309 are not publicly available in the provided documents. Monitor for official disclosures and updates.
CVE-2026-35305
Technical details are not publicly available in the provided documents. Monitor for updates.
CVE-2026-35310
Technical details for CVE-2026-35310 are not provided in the supplied documents. No affected products, components, root cause, impacts, or remediation information are available here. Monitor for official updates from CVE/CVE List sources.
CVE-2026-35306
Technical details for CVE-2026-35306 are not publicly available in the provided documents. Monitor for updates; no information on affected products, vulnerability scope, impact, or remediation is provided here.