Latest oracle enterprise manager base platform Vulnerabilities

CVE-2022-21623
Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Application Config Console). Supported versions that are affected are 13.4.0.0 and 13.5.0.0. Easi...
Oracle Enterprise Manager Base Platform=13.4.0.0
Oracle Enterprise Manager Base Platform=13.5.0.0
CVE-2022-21536
Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Policy Framework). Supported versions that are affected are 13.4.0.0 and 13.5.0.0. Difficult to e...
Oracle Enterprise Manager Base Platform=13.4.0.0
Oracle Enterprise Manager Base Platform=13.5.0.0
CVE-2022-21516
Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Manager Install). Supported versions that are affected are 13.4.0.0 and 13.5.0.0. Easi...
Oracle Enterprise Manager Base Platform=13.4.0.0
Oracle Enterprise Manager Base Platform=13.5.0.0
CVE-2022-29577
OWASP AntiSamy before 1.6.7 allows XSS via HTML tag smuggling on STYLE content with crafted input. The output serializer does not properly encode the supposed Cascading Style Sheets (CSS) content. NOT...
Antisamy Project Antisamy<1.6.7
Oracle Enterprise Manager Base Platform=13.4.0.0
Oracle Enterprise Manager Base Platform=13.5.0.0
Oracle WebLogic Server=12.2.1.3.0
Oracle WebLogic Server=12.2.1.4.0
Oracle WebLogic Server=14.1.1.0.0
CVE-2022-21469
Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: UI Framework). Supported versions that are affected are 13.4.0.0 and 13.5.0.0. Easily exploitable...
Oracle Enterprise Manager Base Platform=13.4.0.0
Oracle Enterprise Manager Base Platform=13.5.0.0
CVE-2022-21392
Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Policy Framework). Supported versions that are affected are 13.4.0.0 and 13.5.0.0. Easily exploit...
Oracle Enterprise Manager Base Platform=13.4.0.0
Oracle Enterprise Manager Base Platform=13.5.0.0
CVE-2022-23302
JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service...
redhat/log4j<0:1.2.14-6.6.el6_10
redhat/log4j<0:1.2.17-18.el7_4
redhat/log4j<0:1.2.17-17.el7_3
redhat/log4j-eap6<0:1.2.17-3.redhat_00008.1.ep6.el6
redhat/log4j-jboss-logmanager<0:1.1.4-3.Final_redhat_00002.1.ep6.el6
redhat/jboss-as-appclient<0:7.5.24-2.Final_redhat_00001.1.ep6.el6
and 194 more
CVE-2022-23305
By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely...
redhat/log4j<0:1.2.14-6.6.el6_10
redhat/log4j<0:1.2.17-18.el7_4
redhat/log4j<0:1.2.17-17.el7_3
redhat/log4j-eap6<0:1.2.17-3.redhat_00008.1.ep6.el6
redhat/log4j-jboss-logmanager<0:1.1.4-3.Final_redhat_00002.1.ep6.el6
redhat/jboss-as-appclient<0:7.5.24-2.Final_redhat_00001.1.ep6.el6
and 196 more
CVE-2022-23307
A deserialization flaw was found in Apache log4j 1.2.x. While reading serialized log events, they are improperly deserialized. Note this is the same as <a href="https://access.redhat.com/security/cve...
redhat/log4j<0:1.2.14-6.6.el6_10
redhat/log4j<0:1.2.17-18.el7_4
redhat/log4j<0:1.2.17-17.el7_3
redhat/log4j-eap6<0:1.2.17-3.redhat_00008.1.ep6.el6
redhat/log4j-jboss-logmanager<0:1.1.4-3.Final_redhat_00002.1.ep6.el6
redhat/jboss-as-appclient<0:7.5.24-2.Final_redhat_00001.1.ep6.el6
and 193 more
CVE-2021-45105
Apache Log4j StrSubstitutor Uncontrolled Recursion Denial-of-Service Vulnerability
redhat/eap7-log4j<0:2.17.1-1.redhat_00001.1.el8ea
redhat/eap7-log4j<0:2.17.1-1.redhat_00001.1.el7ea
redhat/rh-sso7-keycloak<0:15.0.6-1.redhat_00001.1.el7
redhat/rh-sso7-keycloak<0:15.0.6-1.redhat_00001.1.el8
debian/apache-log4j2
debian/apache-log4j2<=2.16.0-1~deb10u1<=2.16.0-1<=2.16.0-1~deb11u1
and 217 more
CVE-2021-4104
Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2
redhat/log4j<0:1.2.14-6.5.el6_10
redhat/log4j<0:1.2.17-17.el7_4
redhat/log4j<0:1.2.17-16.el7_3
redhat/log4j-eap6<0:1.2.17-3.redhat_00008.1.ep6.el6
redhat/log4j-jboss-logmanager<0:1.1.4-3.Final_redhat_00002.1.ep6.el6
redhat/jboss-as-appclient<0:7.5.24-2.Final_redhat_00001.1.ep6.el6
and 219 more
CVE-2021-2137
Oracle Enterprise Manager Base Platform=13.4.0.0
Oracle Enterprise Manager Base Platform=13.5.0.0
CVE-2021-36160
A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive).
redhat/httpd<2.4.49
redhat/jbcs-httpd24-httpd<0:2.4.51-28.el8
redhat/jbcs-httpd24-httpd<0:2.4.51-28.el7
redhat/httpd24-httpd<0:2.4.34-23.el7.5
debian/apache2
debian/uwsgi<=2.0.18-1<=2.0.19.1-7.1<=2.0.21-5.1<=2.0.22-4
and 20 more
CVE-2021-34798
Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.
redhat/jbcs-httpd24-apr<0:1.6.3-107.el8
redhat/jbcs-httpd24-apr-util<0:1.6.1-84.el8
redhat/jbcs-httpd24-curl<0:7.78.0-2.el8
redhat/jbcs-httpd24-httpd<0:2.4.37-78.el8
redhat/jbcs-httpd24-nghttp2<0:1.39.2-39.el8
redhat/jbcs-httpd24-openssl<1:1.1.1g-8.el8
and 38 more
CVE-2021-2351
Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unau...
Oracle Advanced Networking Option=12.1.0.2
Oracle Advanced Networking Option=12.2.0.1
Oracle Advanced Networking Option=19c
Oracle Agile Engineering Data Management=6.2.1.0
Oracle Agile PLM=9.3.6
Oracle Agile Product Lifecycle Management for Process=6.2.2.0
and 242 more
CVE-2021-3537
A NULL pointer dereference flaw was found in libxml2, where it did not propagate errors while parsing XML mixed content. This flaw causes the application to crash if an untrusted XML document is parse...
redhat/jbcs-httpd24-apr-util<0:1.6.1-91.el8
redhat/jbcs-httpd24-curl<0:7.78.0-3.el8
redhat/jbcs-httpd24-httpd<0:2.4.37-80.el8
redhat/jbcs-httpd24-nghttp2<0:1.39.2-41.el8
redhat/jbcs-httpd24-openssl<1:1.1.1g-11.el8
redhat/jbcs-httpd24-openssl-chil<0:1.0.0-11.el8
and 36 more
CVE-2021-2053
Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: UI Framework). The supported version that is affected is 13.4.0.0. Easily exploitable vulnerabili...
Oracle Enterprise Manager Base Platform=13.4.0.0
CVE-2021-3517
A heap-based buffer overflow was found in libxml2 when processing truncated UTF-8 input. Reference: <a href="https://gitlab.gnome.org/GNOME/libxml2/-/issues/235">https://gitlab.gnome.org/GNOME/libxml...
rubygems/nokogiri<1.11.4
redhat/jbcs-httpd24-apr-util<0:1.6.1-91.el8
redhat/jbcs-httpd24-curl<0:7.78.0-3.el8
redhat/jbcs-httpd24-httpd<0:2.4.37-80.el8
redhat/jbcs-httpd24-nghttp2<0:1.39.2-41.el8
redhat/jbcs-httpd24-openssl<1:1.1.1g-11.el8
and 46 more
CVE-2021-3518
libxml2. This issue was addressed with improved checks.
rubygems/nokogiri<1.11.4
redhat/jbcs-httpd24-apr-util<0:1.6.1-91.el8
redhat/jbcs-httpd24-curl<0:7.78.0-3.el8
redhat/jbcs-httpd24-httpd<0:2.4.37-80.el8
redhat/jbcs-httpd24-nghttp2<0:1.39.2-41.el8
redhat/jbcs-httpd24-openssl<1:1.1.1g-11.el8
and 37 more
CVE-2020-1971
A null pointer dereference flaw was found in openssl. A remote attacker, able to control the arguments of the GENERAL_NAME_cmp function, could cause the application, compiled with openssl to crash res...
redhat/jbcs-httpd24-brotli<0:1.0.6-40.jbcs.el7
redhat/jbcs-httpd24-httpd<0:2.4.37-66.jbcs.el7
redhat/jbcs-httpd24-nghttp2<0:1.39.2-35.jbcs.el7
redhat/jbcs-httpd24-openssl<1:1.1.1g-3.jbcs.el7
redhat/jbcs-httpd24-openssl-chil<0:1.0.0-3.jbcs.el7
redhat/jbcs-httpd24-openssl-pkcs11<0:0.4.10-18.jbcs.el7
and 95 more
CVE-2020-24977
GNOME libxml2 is vulnerable to a buffer overflow, caused by improper bounds checking by the xmlEncodeEntitiesInternal function in libxml2/entities.c. By persuading a victim to open a specially-crafted...
IBM Security Verify Access<=10.0.0
Xmlsoft Libxml2=2.9.10
Debian Debian Linux=9.0
Fedoraproject Fedora=31
Fedoraproject Fedora=32
Fedoraproject Fedora=33
and 22 more
CVE-2020-2982
Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). Supported versions that are affected are 13.3.0.0 and 13.4.0.0. Ea...
Oracle Enterprise Manager Base Platform=13.3.0.0
Oracle Enterprise Manager Base Platform=13.4.0.0
CVE-2020-11994
Server-Side Template Injection and arbitrary file disclosure on Camel templating components
Apache Camel>=2.22.0<=2.22.5
Apache Camel>=2.23.0<=2.23.4
Apache Camel>=2.24.0<=2.24.3
Apache Camel>=3.0.0<=3.3.0
Apache Camel=2.25.0
Apache Camel=2.25.1
and 3 more
CVE-2020-12723
Perl. This issue was addressed with improved checks.
IBM BM Security Guardium<=11.3
IBM Security Guardium<=11.4
IBM Security Guardium<=11.5
Apple macOS Catalina<10.15.6
Apple Mojave
Apple High Sierra
and 21 more
CVE-2020-10878
Perl. This issue was addressed with improved checks.
IBM BM Security Guardium<=11.3
IBM Security Guardium<=11.4
IBM Security Guardium<=11.5
Apple macOS Catalina<10.15.6
Apple Mojave
Apple High Sierra
and 25 more
CVE-2020-10543
Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.
IBM BM Security Guardium<=11.3
IBM Security Guardium<=11.4
IBM Security Guardium<=11.5
Perl Perl<5.30.3
Fedoraproject Fedora=31
openSUSE Leap=15.1
and 20 more
CVE-2020-11973
Apache Camel Netty enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to...
redhat/camel<3.2.0
redhat/camel<2.25.1
Apache Camel>=2.22.0<=2.25.0
Apache Camel>=3.0.0<=3.1.0
Oracle Communications Diameter Signaling Router>=8.0.0<=8.5.0
Oracle Enterprise Manager Base Platform=13.3.0.0
and 3 more
CVE-2020-11972
Apache Camel RabbitMQ enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade...
Apache Camel>=2.22.0<=2.25.0
Apache Camel>=3.0.0<=3.1.0
Oracle Communications Diameter Signaling Router>=8.0.0<=8.2.2
Oracle Enterprise Manager Base Platform=13.3.0.0
Oracle Enterprise Manager Base Platform=13.4.0.0
Oracle FLEXCUBE Private Banking=12.0.0
and 1 more
CVE-2020-11971
Apache Camel's JMX is vulnerable to Rebind Flaw. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.x, 3.0.0 up to 3.1.0 is affected. Users should upgrade to 3.2.0.
Apache Camel>=2.22.0<=3.1.0
Oracle Communications Diameter Intelligence Hub>=8.0.0<=8.1.0
Oracle Communications Diameter Intelligence Hub>=8.2.0<=8.2.3
Oracle Communications Diameter Signaling Router>=8.0.0<=8.2.2
Oracle Enterprise Manager Base Platform=13.3.0.0
Oracle Enterprise Manager Base Platform=13.4.0.0
and 2 more
CVE-2020-1967
Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signatu...
debian/openssl
OpenSSL OpenSSL>=1.1.1d<=1.1.1f
Debian Debian Linux=9.0
Debian Debian Linux=10.0
FreeBSD FreeBSD=12.1
Fedoraproject Fedora=30
and 33 more
CVE-2020-2961
Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Discovery Framework (Oracle OHS)). Supported versions that are affected are 13.2.0.0 and 13.3.0.0...
Oracle Enterprise Manager Base Platform=13.2.0.0
Oracle Enterprise Manager Base Platform=13.3.0.0
CVE-2020-11620
A flaw was found in jackson-databind 2.x. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as...
redhat/rh-maven35-jackson-databind<0:2.7.6-2.10.el7
IBM Data Risk Manager<=2.0.6
redhat/jackson-databind<2.9.10.4
maven/com.fasterxml.jackson.core:jackson-databind>=2.9.0<=2.9.10.3
FasterXML jackson-databind>=2.9.0<2.9.10.4
Debian Debian Linux=8.0
and 29 more
CVE-2020-11619
A flaw was found in jackson-databind 2.x. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as...
redhat/candlepin<0:2.6.16-1.el7
redhat/foreman<0:1.22.0.39-2.el7
redhat/satellite<0:6.6.3-1.el7
redhat/tfm-rubygem-fog-ovirt<0:1.2.3-1.el7
redhat/tfm-rubygem-katello<0:3.12.0.41-1.el7
redhat/tfm-rubygem-runcible<0:2.13.0-1.el7
and 325 more
CVE-2020-1954
Apache CXF has the ability to integrate with JMX by registering an `InstrumentationManager` extension with the CXF bus. If the `createMBServerConnectorFactory` property of the default `Instrumentation...
maven/org.apache.cxf:cxf-rt-management>=3.3.0<3.3.6
maven/org.apache.cxf:cxf-rt-management<3.2.13
redhat/eap7-activemq-artemis<0:2.9.0-5.redhat_00011.1.el6ea
redhat/eap7-activemq-artemis-native<1:1.0.2-1.redhat_00001.1.el6ea
redhat/eap7-apache-commons-codec<0:1.14.0-1.redhat_00001.1.el6ea
redhat/eap7-apache-commons-lang<0:3.10.0-1.redhat_00001.1.el6ea
and 98 more
CVE-2020-11113
A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data co...
redhat/qpid-cpp<0:1.36.0-31.el6_10a
redhat/qpid-proton<0:0.32.0-1.el6_10
redhat/qpid-cpp<0:1.36.0-31.el7a
redhat/qpid-proton<0:0.32.0-2.el7
redhat/nodejs-rhea<0:1.0.24-1.el8
redhat/qpid-proton<0:0.32.0-2.el8
and 59 more
CVE-2020-11112
FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization in org.apache.commons.proxy.provider.remoting.RmiProvider (aka apa...
redhat/Jackson-databind<2.9.10.4
redhat/rh-maven35-jackson-databind<0:2.7.6-2.9.el7
IBM Data Risk Manager<=2.0.6
FasterXML jackson-databind>=2.9.0<2.9.10.4
Debian Debian Linux=8.0
Netapp Steelstore Cloud Integrated Storage
and 51 more
CVE-2020-11111
FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization in org.apache.activemq.* (aka activemq-jms, activemq-core, activem...
redhat/Jackson-databind<2.9.10.4
redhat/rh-maven35-jackson-databind<0:2.7.6-2.9.el7
IBM Data Risk Manager<=2.0.6
FasterXML jackson-databind>=2.9.0<2.9.10.4
Debian Debian Linux=8.0
Netapp Steelstore Cloud Integrated Storage
and 39 more
CVE-2020-10968
A flaw was found in jackson-databind 2.x prior to version 2.9.10.4. The interaction between serialization gadgets and typing is mishandled in the bus-proxy. The highest threat from this vulnerability...
redhat/candlepin<0:2.6.16-1.el7
redhat/foreman<0:1.22.0.39-2.el7
redhat/satellite<0:6.6.3-1.el7
redhat/tfm-rubygem-fog-ovirt<0:1.2.3-1.el7
redhat/tfm-rubygem-katello<0:3.12.0.41-1.el7
redhat/tfm-rubygem-runcible<0:2.13.0-1.el7
and 345 more
CVE-2020-10673
FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).
maven/com.fasterxml.jackson.core:jackson-databind>=2.0.0<2.6.7.4
maven/com.fasterxml.jackson.core:jackson-databind>=2.7.0<2.9.10.4
redhat/Jackson-databind<2.9.10.4
redhat/eap7-dom4j<0:2.1.3-1.redhat_00001.1.el6ea
redhat/eap7-elytron-web<0:1.2.5-1.Final_redhat_00001.1.el6ea
redhat/eap7-glassfish-jsf<0:2.3.5-13.SP3_redhat_00011.1.el6ea
and 161 more
CVE-2020-10672
A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this...
redhat/eap7-dom4j<0:2.1.3-1.redhat_00001.1.el6ea
redhat/eap7-elytron-web<0:1.2.5-1.Final_redhat_00001.1.el6ea
redhat/eap7-glassfish-jsf<0:2.3.5-13.SP3_redhat_00011.1.el6ea
redhat/eap7-hal-console<0:3.0.23-1.Final_redhat_00001.1.el6ea
redhat/eap7-hibernate<0:5.3.17-1.Final_redhat_00001.1.el6ea
redhat/eap7-hibernate-validator<0:6.0.20-1.Final_redhat_00001.1.el6ea
and 159 more
CVE-2020-10969
FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization in javax.swing.JEditorPane. By sending specially-crafted input, an...
redhat/candlepin<0:2.6.16-1.el7
redhat/foreman<0:1.22.0.39-2.el7
redhat/satellite<0:6.6.3-1.el7
redhat/tfm-rubygem-fog-ovirt<0:1.2.3-1.el7
redhat/tfm-rubygem-katello<0:3.12.0.41-1.el7
redhat/tfm-rubygem-runcible<0:2.13.0-1.el7
and 345 more
CVE-2020-9546
A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this...
redhat/eap7-dom4j<0:2.1.3-1.redhat_00001.1.el6ea
redhat/eap7-elytron-web<0:1.2.5-1.Final_redhat_00001.1.el6ea
redhat/eap7-glassfish-jsf<0:2.3.5-13.SP3_redhat_00011.1.el6ea
redhat/eap7-hal-console<0:3.0.23-1.Final_redhat_00001.1.el6ea
redhat/eap7-hibernate<0:5.3.17-1.Final_redhat_00001.1.el6ea
redhat/eap7-hibernate-validator<0:6.0.20-1.Final_redhat_00001.1.el6ea
and 576 more
CVE-2020-9547
A flaw was found in jackson-databind 2.x. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data conf...
maven/com.fasterxml.jackson.core:jackson-databind>=2.0.0<2.7.9.7
maven/com.fasterxml.jackson.core:jackson-databind>=2.8.0<2.8.11.6
maven/com.fasterxml.jackson.core:jackson-databind>=2.9.0<2.9.10.4
redhat/eap7-dom4j<0:2.1.3-1.redhat_00001.1.el6ea
redhat/eap7-elytron-web<0:1.2.5-1.Final_redhat_00001.1.el6ea
redhat/eap7-glassfish-jsf<0:2.3.5-13.SP3_redhat_00011.1.el6ea
and 551 more
CVE-2020-9548
A flaw was found in jackson-databind 2.x. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data conf...
redhat/eap7-dom4j<0:2.1.3-1.redhat_00001.1.el6ea
redhat/eap7-elytron-web<0:1.2.5-1.Final_redhat_00001.1.el6ea
redhat/eap7-glassfish-jsf<0:2.3.5-13.SP3_redhat_00011.1.el6ea
redhat/eap7-hal-console<0:3.0.23-1.Final_redhat_00001.1.el6ea
redhat/eap7-hibernate<0:5.3.17-1.Final_redhat_00001.1.el6ea
redhat/eap7-hibernate-validator<0:6.0.20-1.Final_redhat_00001.1.el6ea
and 566 more
CVE-2019-20388
GNOME libxml2 could allow a remote attacker to obtain sensitive information, caused by a xmlSchemaValidateStream memory leak in xmlSchemaPreRun in xmlschemas.c. By persuading a victim to open a specia...
redhat/jbcs-httpd24-curl<0:7.64.1-36.jbcs.el6
redhat/jbcs-httpd24-httpd<0:2.4.37-57.jbcs.el6
redhat/jbcs-httpd24-nghttp2<0:1.39.2-25.jbcs.el6
redhat/jbcs-httpd24-curl<0:7.64.1-36.jbcs.el7
redhat/jbcs-httpd24-httpd<0:2.4.37-57.jbcs.el7
redhat/jbcs-httpd24-nghttp2<0:1.39.2-25.jbcs.el7
and 59 more
CVE-2020-7595
GNOME libxml2 is vulnerable to a denial of service, caused by an error in xmlStringLenDecodeEntities in parser.c. An attacker could exploit this vulnerability to cause the application to enter into an...
redhat/jbcs-httpd24-curl<0:7.64.1-36.jbcs.el6
redhat/jbcs-httpd24-httpd<0:2.4.37-57.jbcs.el6
redhat/jbcs-httpd24-nghttp2<0:1.39.2-25.jbcs.el6
redhat/jbcs-httpd24-curl<0:7.64.1-36.jbcs.el7
redhat/jbcs-httpd24-httpd<0:2.4.37-57.jbcs.el7
redhat/jbcs-httpd24-nghttp2<0:1.39.2-25.jbcs.el7
and 72 more
CVE-2020-5397
Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC (spring-webmvc module) or Spring WebFlux (spring-webflux module) e...
maven/org.springframework:spring-webflux>=5.2.0<5.2.3
maven/org.springframework:spring-webmvc>=5.2.0<5.2.3
VMware Spring Framework>=5.2.0<5.2.3
Oracle Application Testing Suite=13.3.0.1
Oracle Communications Brm - Elastic Charging Engine=11.3
Oracle Communications Brm - Elastic Charging Engine=12.0
and 48 more
CVE-2020-5398
A flaw was found in springframework in versions prior to 5.0.16, 5.1.13, and 5.2.3. A reflected file download (RFD) attack is possible when a "Content-Disposition" header is set in response to where t...
IBM Data Risk Manager<=2.0.6
redhat/springframework<5.2.3
redhat/springframework<5.1.13
redhat/springframework<5.0.16
maven/org.springframework:spring-webflux>=5.0.0.RELEASE<5.0.16.RELEASE
maven/org.springframework:spring-webflux>=5.1.0.RELEASE<5.1.13.RELEASE
and 67 more
CVE-2020-2643
Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Job System). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exp...
Oracle Enterprise Manager Base Platform=12.1.0.5
Oracle Enterprise Manager Base Platform=13.2.0.0
Oracle Enterprise Manager Base Platform=13.3.0.0
CVE-2020-2645
Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Connector Framework). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. E...
Oracle Enterprise Manager Base Platform=12.1.0.5
Oracle Enterprise Manager Base Platform=13.2.0.0
Oracle Enterprise Manager Base Platform=13.3.0.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203