Vulnerabilities > Oracle > Enterprise Manager Base Platform > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-04-21 CVE-2022-29577 Cross-site Scripting vulnerability in multiple products
OWASP AntiSamy before 1.6.7 allows XSS via HTML tag smuggling on STYLE content with crafted input.
network
low complexity
antisamy-project oracle CWE-79
6.1
2021-12-18 CVE-2021-45105 Uncontrolled Recursion vulnerability in multiple products
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups.
network
high complexity
apache netapp debian sonicwall oracle CWE-674
5.9
2021-05-14 CVE-2021-3537 NULL Pointer Dereference vulnerability in multiple products
A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference.
5.9
2020-12-08 CVE-2020-1971 NULL Pointer Dereference vulnerability in multiple products
The X.509 GeneralName type is a generic type for representing different types of names.
5.9
2020-09-04 CVE-2020-24977 Out-of-bounds Read vulnerability in multiple products
GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c.
6.5
2020-04-01 CVE-2020-1954 Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus.
high complexity
apache oracle netapp
5.3
2020-01-17 CVE-2020-5397 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC (spring-webmvc module) or Spring WebFlux (spring-webflux module) endpoints.
network
low complexity
vmware oracle CWE-352
5.3
2020-01-15 CVE-2020-2646 Unspecified vulnerability in Oracle Enterprise Manager Base Platform 12.1.0.5/13.2.0.0/13.3.0.0
Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Command Line Interface).
network
low complexity
oracle
5.4
2020-01-15 CVE-2020-2645 Unspecified vulnerability in Oracle Enterprise Manager Base Platform 12.1.0.5/13.2.0.0/13.3.0.0
Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Connector Framework).
network
low complexity
oracle
6.0
2020-01-15 CVE-2020-2644 Unspecified vulnerability in Oracle Enterprise Manager Base Platform 12.1.0.5/13.2.0.0/13.3.0.0
Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Oracle Management Service).
network
low complexity
oracle
6.0