Vulnerabilities > Oracle > Communications Session Route Manager > 8.2.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-02 | CVE-2020-9548 | Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core). | 9.8 |
| 2020-03-02 | CVE-2020-9546 | Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config). | 9.8 |
| 2019-10-08 | CVE-2019-17359 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigger a large attempted memory allocation, and resultant OutOfMemoryError error, via crafted ASN.1 data. | 7.5 |
| 2019-08-30 | CVE-2019-12402 | Infinite Loop vulnerability in multiple products The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. | 7.5 |
| 2019-07-26 | CVE-2019-13990 | XXE vulnerability in multiple products initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description. | 9.8 |
| 2019-04-22 | CVE-2019-5427 | XML Entity Expansion vulnerability in multiple products c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration. | 7.5 |