Vulnerabilities > Oracle > Enterprise Manager Base Platform > 13.4.0.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-07-08 | CVE-2020-11994 | Injection vulnerability in multiple products Server-Side Template Injection and arbitrary file disclosure on Camel templating components | 7.5 |
2020-06-05 | CVE-2020-12723 | Classic Buffer Overflow vulnerability in multiple products regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls. | 7.5 |
2020-06-05 | CVE-2020-10878 | Integer Overflow or Wraparound vulnerability in multiple products Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. | 8.6 |
2020-06-05 | CVE-2020-10543 | Integer Overflow or Wraparound vulnerability in multiple products Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow. | 8.2 |
2020-05-14 | CVE-2020-11973 | Deserialization of Untrusted Data vulnerability in multiple products Apache Camel Netty enables Java deserialization by default. | 9.8 |
2020-05-14 | CVE-2020-11972 | Deserialization of Untrusted Data vulnerability in multiple products Apache Camel RabbitMQ enables Java deserialization by default. | 7.5 |
2020-05-14 | CVE-2020-11971 | Apache Camel's JMX is vulnerable to Rebind Flaw. | 7.5 |
2020-05-01 | CVE-2020-10683 | XXE vulnerability in multiple products dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. | 9.8 |
2020-04-21 | CVE-2020-1967 | NULL Pointer Dereference vulnerability in multiple products Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. | 7.5 |
2020-04-07 | CVE-2020-11620 | Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly). | 8.1 |