Vulnerabilities > Oracle > Enterprise Manager Base Platform

DATE CVE VULNERABILITY TITLE RISK
2020-04-21 CVE-2020-1967 NULL Pointer Dereference vulnerability in multiple products
Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. 		7.5
7.5
2020-04-15 CVE-2020-2961 Unspecified vulnerability in Oracle Enterprise Manager Base Platform 13.2.0.0/13.3.0.0
Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Discovery Framework (Oracle OHS)).
network
low complexity
oracle
critical
 9.8
9.8
2020-04-07 CVE-2020-11620 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).
network
high complexity
fasterxml debian netapp oracle CWE-502
8.1
8.1
2020-04-07 CVE-2020-11619 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).
network
high complexity
fasterxml debian netapp oracle CWE-502
8.1
8.1
2020-04-01 CVE-2020-1954 Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus.
high complexity
apache oracle netapp
5.3
5.3
2020-03-31 CVE-2020-11113 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).
network
low complexity
fasterxml debian netapp oracle CWE-502
8.8
8.8
2020-03-31 CVE-2020-11112 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).
network
low complexity
fasterxml debian netapp oracle CWE-502
8.8
8.8
2020-03-31 CVE-2020-11111 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).
network
low complexity
fasterxml debian netapp oracle CWE-502
8.8
8.8
2020-03-26 CVE-2020-10969 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.
network
low complexity
fasterxml debian netapp oracle CWE-502
8.8
8.8
2020-03-26 CVE-2020-10968 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).
network
low complexity
fasterxml debian netapp oracle CWE-502
8.8
8.8