Vulnerabilities > Oracle > Communications Diameter Signaling Router > 8.5.0

DATE	CVE	VULNERABILITY TITLE	RISK
2020-05-14	CVE-2020-11973	Deserialization of Untrusted Data vulnerability in multiple products Apache Camel Netty enables Java deserialization by default. network low complexity apache oracle CWE-502 critical	9.8
2017-08-10	CVE-2016-0762	Information Exposure Through Discrepancy vulnerability in multiple products The Realm implementations in Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not process the supplied password if the supplied user name did not exist. network high complexity apache canonical debian redhat netapp oracle CWE-203	5.9
2017-06-27	CVE-2017-9841	Code Injection vulnerability in multiple products Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "<?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php URI. network low complexity phpunit-project oracle CWE-94 critical	9.8

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.