Vulnerabilities > Oracle > Communications Billing AND Revenue Management > High

DATE CVE VULNERABILITY TITLE RISK
2020-12-03 CVE-2020-25649 XXE vulnerability in multiple products
A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly.
7.5
2020-07-15 CVE-2020-8203 Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.
network
high complexity
lodash oracle
7.4
2020-06-05 CVE-2020-12723 Classic Buffer Overflow vulnerability in multiple products
regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.
network
low complexity
perl netapp fedoraproject opensuse oracle CWE-120
7.5
2020-06-05 CVE-2020-10878 Integer Overflow or Wraparound vulnerability in multiple products
Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation.
network
low complexity
perl fedoraproject opensuse netapp oracle CWE-190
8.6
2020-06-05 CVE-2020-10543 Integer Overflow or Wraparound vulnerability in multiple products
Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.
network
low complexity
perl fedoraproject opensuse oracle CWE-190
8.2
2019-08-20 CVE-2019-10086 Deserialization of Untrusted Data vulnerability in multiple products
In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects.
7.3
2016-04-08 CVE-2016-2381 Improper Input Validation vulnerability in multiple products
Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.
network
low complexity
perl debian oracle opensuse canonical CWE-20
7.5