Skip to main content

Enterprise Manager Base Platform

111 CVEs product

Monthly

CVE-2024-21067 HIGH This Week

Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Host Management). Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Oracle Enterprise Manager Base Platform
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-20917 HIGH This Week

Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Log Management). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Denial Of Service Oracle Enterprise Manager Base Platform
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-21623 HIGH PATCH This Week

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Application Config Console). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Enterprise Manager Base Platform
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-29577 Maven MEDIUM PATCH This Month

OWASP AntiSamy before 1.6.7 allows XSS via HTML tag smuggling on STYLE content with crafted input. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Antisamy Enterprise Manager Base Platform Weblogic Server
NVD GitHub
CVSS 3.1
6.1
EPSS
1.3%
CVE-2022-21469 MEDIUM This Month

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: UI Framework). Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Enterprise Manager Base Platform
NVD
CVSS 3.1
4.7
EPSS
0.7%
CVE-2022-23307 Maven HIGH PATCH This Week

CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Apache Chainsaw Log4J Reload4J +23
NVD VulDB
CVSS 3.1
8.8
EPSS
2.7%
CVE-2022-23305 Maven CRITICAL PATCH GHSA Act Now

By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

Apache SQLi Log4J Snapmanager Brocade Sannav +25
NVD VulDB
CVSS 3.1
9.8
EPSS
9.5%
CVE-2022-23302 Maven HIGH PATCH This Week

JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Deserialization Apache Log4J Snapmanager +24
NVD VulDB
CVSS 3.1
8.8
EPSS
0.8%
CVE-2021-4104 Maven HIGH Act Now

JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Epss exploitation probability 72.2% and no vendor patch available.

RCE Deserialization Apache Log4J Fedora +44
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
72.2%
CVE-2021-2137 HIGH This Week

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Policy Framework). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Information Disclosure Enterprise Manager Base Platform
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-36160 HIGH PATCH This Week

A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS).4.30 to 2.4.48 (inclusive). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Apache Information Disclosure Http Server Fedora +10
NVD
CVSS 3.1
7.5
EPSS
62.9%
CVE-2021-34798 HIGH PATCH This Week

Malformed requests may cause the server to dereference a NULL pointer.4.48 and earlier. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Apache Denial Of Service Http Server Fedora +15
NVD
CVSS 3.1
7.5
EPSS
64.5%
CVE-2021-2351 HIGH POC PATCH This Week

Vulnerability in the Advanced Networking Option component of Oracle Database Server. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Oracle Information Disclosure Advanced Networking Option Agile Engineering Data Management Agile Plm +108
NVD
CVSS 3.1
8.3
EPSS
2.5%
CVE-2021-3517 Ruby HIGH PATCH This Week

There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Libxml2 Jboss Core Services Enterprise Linux +25
NVD
CVSS 3.1
8.6
EPSS
8.3%
CVE-2021-3518 Ruby HIGH PATCH This Week

There's a flaw in libxml2 in versions before 2.9.11. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Information Disclosure Libxml2 Debian Linux +16
NVD
CVSS 3.1
8.8
EPSS
3.7%
CVE-2021-3537 Ruby MEDIUM PATCH This Month

A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Libxml2 Jboss Core Services Enterprise Linux +16
NVD
CVSS 3.1
5.9
EPSS
3.5%
CVE-2021-2053 MEDIUM POC PATCH This Month

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: UI Framework). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Oracle Authentication Bypass Enterprise Manager Base Platform
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2020-1971 MEDIUM PATCH This Month

The X.509 GeneralName type is a generic type for representing different types of names. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

OpenSSL Denial Of Service Null Pointer Dereference Debian Linux Fedora +41
NVD VulDB
CVSS 3.1
5.9
EPSS
0.3%
CVE-2020-24977 MEDIUM POC PATCH This Month

GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Libxml2 Debian Linux Fedora +15
NVD
CVSS 3.1
6.5
EPSS
3.7%
CVE-2020-2982 HIGH PATCH This Week

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Enterprise Manager Base Platform
NVD
CVSS 3.1
7.1
EPSS
1.1%
CVE-2020-11994 Maven HIGH PATCH This Week

Server-Side Template Injection and arbitrary file disclosure on Camel templating components. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Camel Communications Diameter Signaling Router Enterprise Manager Base Platform Enterprise Repository
NVD
CVSS 3.1
7.5
EPSS
4.5%
CVE-2020-12723 HIGH PATCH This Week

regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Perl Oncommand Workflow Automation Snap Creator Framework Fedora +12
NVD GitHub
CVSS 3.1
7.5
EPSS
6.0%
CVE-2020-10878 HIGH PATCH This Week

Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Integer Overflow Perl Fedora Leap +14
NVD GitHub
CVSS 3.1
8.6
EPSS
4.9%
CVE-2020-10543 HIGH PATCH This Week

Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Integer Overflow Perl Fedora Leap +12
NVD GitHub
CVSS 3.1
8.2
EPSS
11.3%
CVE-2020-11973 Maven CRITICAL PATCH Act Now

Apache Camel Netty enables Java deserialization by default. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Java Deserialization Camel Communications Diameter Signaling Router +2
NVD
CVSS 3.1
9.8
EPSS
6.6%
CVE-2020-11972 Maven CRITICAL PATCH Act Now

Apache Camel RabbitMQ enables Java deserialization by default. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Java Deserialization Camel Communications Diameter Signaling Router +2
NVD
CVSS 3.1
9.8
EPSS
5.5%
CVE-2020-11971 Maven HIGH PATCH This Week

Apache Camel's JMX is vulnerable to Rebind Flaw. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Camel Communications Diameter Intelligence Hub Communications Diameter Signaling Router +2
NVD
CVSS 3.1
7.5
EPSS
14.3%
CVE-2020-10683 Maven CRITICAL PATCH Act Now

dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Dom4J Agile Plm Application Testing Suite Banking Platform +34
NVD GitHub
CVSS 3.1
9.8
EPSS
7.3%
CVE-2020-1967 Cargo HIGH POC PATCH THREAT This Week

Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service OpenSSL Debian Linux Freebsd +23
NVD GitHub
CVSS 3.1
7.5
EPSS
53.3%
CVE-2020-2961 CRITICAL PATCH Act Now

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Discovery Framework (Oracle OHS)). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Information Disclosure Enterprise Manager Base Platform
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2020-11620 Maven HIGH PATCH This Week

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apache Deserialization Jackson Databind Debian Linux Active Iq Unified Manager +15
NVD GitHub
CVSS 3.1
8.1
EPSS
5.6%
CVE-2020-11619 Maven HIGH PATCH This Week

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Java Deserialization Jackson Databind Debian Linux Active Iq Unified Manager +18
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
1.3%
CVE-2020-1954 Maven MEDIUM PATCH This Month

Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required.

Apache Information Disclosure Cxf Communications Diameter Signaling Router Communications Element Manager +7
NVD
CVSS 3.1
5.3
EPSS
6.1%
CVE-2020-11113 Maven HIGH PATCH Act Now

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 60.7%.

Apache Deserialization Jackson Databind Debian Linux Steelstore Cloud Integrated Storage +29
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
60.7%
CVE-2020-11112 Maven HIGH PATCH This Week

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Apache Deserialization Jackson Databind Debian Linux Steelstore Cloud Integrated Storage +28
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
6.8%
CVE-2020-11111 Maven HIGH PATCH This Week

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Apache Deserialization Jackson Databind Debian Linux Steelstore Cloud Integrated Storage +22
NVD GitHub
CVSS 3.1
8.8
EPSS
3.5%
CVE-2020-10969 Maven HIGH PATCH This Week

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Jackson Databind Debian Linux Steelstore Cloud Integrated Storage Agile Plm +27
NVD GitHub
CVSS 3.1
8.8
EPSS
3.5%
CVE-2020-10968 Maven HIGH PATCH This Week

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Jackson Databind Debian Linux Steelstore Cloud Integrated Storage Agile Plm +27
NVD GitHub
CVSS 3.1
8.8
EPSS
3.5%
CVE-2020-10673 Maven HIGH PATCH This Week

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Jackson Databind Debian Linux Steelstore Cloud Integrated Storage Agile Plm +27
NVD GitHub
CVSS 3.1
8.8
EPSS
8.0%
CVE-2020-10672 Maven HIGH PATCH This Week

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Apache Deserialization Jackson Databind Debian Linux Steelstore Cloud Integrated Storage +28
NVD GitHub
CVSS 3.1
8.8
EPSS
3.0%
CVE-2020-9548 Maven CRITICAL POC PATCH THREAT Act Now

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Jackson Databind Active Iq Unified Manager Debian Linux Agile Plm +21
NVD GitHub
CVSS 3.1
9.8
EPSS
18.3%
CVE-2020-9547 Maven CRITICAL POC PATCH THREAT Act Now

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig (aka. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Jackson Databind Active Iq Unified Manager Debian Linux Autovue For Agile Product Lifecycle Management +12
NVD GitHub
CVSS 3.1
9.8
EPSS
18.7%
CVE-2020-9546 Maven CRITICAL PATCH GHSA Act Now

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Apache Deserialization Jackson Databind Active Iq Unified Manager Debian Linux +28
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
2.3%
CVE-2020-7595 Ruby HIGH PATCH This Week

xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Libxml2 Fedora Ubuntu Linux Debian Linux +20
NVD
CVSS 3.1
7.5
EPSS
7.6%
CVE-2020-5397 Maven MEDIUM POC PATCH This Month

Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC (spring-webmvc module) or Spring WebFlux (spring-webflux module). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Google Java CSRF Spring Framework Application Testing Suite +25
NVD
CVSS 3.1
5.3
EPSS
2.4%
CVE-2020-5398 Maven HIGH PATCH This Week

In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Java Spring Framework Application Testing Suite Communications Billing And Revenue Management Elastic Charging Engine +30
NVD
CVSS 3.1
7.5
EPSS
88.1%
CVE-2020-2646 MEDIUM PATCH This Month

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Command Line Interface). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Enterprise Manager Base Platform
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-2645 MEDIUM PATCH This Month

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Connector Framework). Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Authentication Bypass Enterprise Manager Base Platform
NVD
CVSS 3.1
6.0
EPSS
1.2%
CVE-2020-2644 MEDIUM PATCH This Month

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Oracle Management Service). Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Authentication Bypass Enterprise Manager Base Platform
NVD
CVSS 3.1
6.0
EPSS
1.2%
CVE-2020-2643 MEDIUM This Month

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Job System). Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle Authentication Bypass Enterprise Manager Base Platform
NVD
CVSS 3.1
6.0
EPSS
1.2%
CVE-2020-2642 MEDIUM PATCH This Month

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Connector Framework). Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Authentication Bypass Enterprise Manager Base Platform
NVD
CVSS 3.1
6.0
EPSS
1.2%
CVE-2020-2639 MEDIUM PATCH This Month

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Host Management). Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Authentication Bypass Enterprise Manager Base Platform
NVD
CVSS 3.1
6.0
EPSS
1.2%
CVE-2020-2636 MEDIUM PATCH This Month

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Application Service Level Mgmt). Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Authentication Bypass Enterprise Manager Base Platform
NVD
CVSS 3.1
6.0
EPSS
1.2%
CVE-2020-2635 MEDIUM PATCH This Month

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: System Monitoring). Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Authentication Bypass Enterprise Manager Base Platform
NVD
CVSS 3.1
6.0
EPSS
1.2%
CVE-2020-2634 MEDIUM PATCH This Month

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Configuration Standard Framewk). Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Authentication Bypass Enterprise Manager Base Platform
NVD
CVSS 3.1
6.0
EPSS
1.2%
CVE-2020-2633 MEDIUM PATCH This Month

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Connector Framework). Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Authentication Bypass Enterprise Manager Base Platform
NVD
CVSS 3.1
6.0
EPSS
1.2%
CVE-2020-2632 MEDIUM PATCH This Month

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: System Monitoring). Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Authentication Bypass Enterprise Manager Base Platform
NVD
CVSS 3.1
6.0
EPSS
1.2%
CVE-2020-2631 MEDIUM PATCH This Month

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Application Service Level Mgmt). Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Authentication Bypass Enterprise Manager Base Platform
NVD
CVSS 3.1
6.0
EPSS
1.2%
CVE-2020-2630 MEDIUM PATCH This Month

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Extensibility Framework). Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Authentication Bypass Enterprise Manager Base Platform
NVD
CVSS 3.1
6.0
EPSS
1.2%
CVE-2020-2629 MEDIUM PATCH This Month

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Extensibility Framework). Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Authentication Bypass Enterprise Manager Base Platform
NVD
CVSS 3.1
6.0
EPSS
1.2%
CVE-2020-2628 MEDIUM PATCH This Month

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Host Management). Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Authentication Bypass Enterprise Manager Base Platform
NVD
CVSS 3.1
6.0
EPSS
1.3%
CVE-2020-2626 MEDIUM PATCH This Month

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Cloud Control Manager - OMS). Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Authentication Bypass Enterprise Manager Base Platform
NVD
CVSS 3.1
6.0
EPSS
1.4%
CVE-2020-2625 MEDIUM PATCH This Month

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Job System). Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Authentication Bypass Enterprise Manager Base Platform
NVD
CVSS 3.1
6.0
EPSS
1.2%
CVE-2020-2624 MEDIUM PATCH This Month

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Connector Framework). Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Authentication Bypass Enterprise Manager Base Platform
NVD
CVSS 3.1
6.0
EPSS
1.2%
CVE-2020-2623 MEDIUM PATCH This Month

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Metrics Framework). Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Authentication Bypass Enterprise Manager Base Platform
NVD
CVSS 3.1
6.0
EPSS
1.2%
CVE-2020-2622 MEDIUM PATCH This Month

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Event Management). Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Authentication Bypass Enterprise Manager Base Platform
NVD
CVSS 3.1
6.0
EPSS
1.2%
CVE-2020-2621 MEDIUM PATCH This Month

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Authentication Bypass Enterprise Manager Base Platform
NVD
CVSS 3.1
6.0
EPSS
1.2%
CVE-2020-2620 MEDIUM PATCH This Month

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Authentication Bypass Enterprise Manager Base Platform
NVD
CVSS 3.1
6.0
EPSS
1.2%
CVE-2020-2619 MEDIUM PATCH This Month

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Authentication Bypass Enterprise Manager Base Platform
NVD
CVSS 3.1
6.0
EPSS
1.2%
CVE-2020-2618 MEDIUM PATCH This Month

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Authentication Bypass Enterprise Manager Base Platform
NVD
CVSS 3.1
6.0
EPSS
1.2%
CVE-2020-2617 MEDIUM PATCH This Month

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Discovery Framework). Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Authentication Bypass Enterprise Manager Base Platform
NVD
CVSS 3.1
6.0
EPSS
1.2%
CVE-2020-2616 MEDIUM PATCH This Month

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Manager Repository). Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Authentication Bypass Enterprise Manager Base Platform
NVD
CVSS 3.1
6.0
EPSS
1.3%
CVE-2020-2615 MEDIUM PATCH This Month

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Oracle Management Service). Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Authentication Bypass Enterprise Manager Base Platform
NVD
CVSS 3.1
6.0
EPSS
1.3%
CVE-2020-2613 MEDIUM PATCH This Month

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Global EM Framework). Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Authentication Bypass Enterprise Manager Base Platform
NVD
CVSS 3.1
6.0
EPSS
1.2%
CVE-2020-2612 MEDIUM PATCH This Month

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Authentication Bypass Enterprise Manager Base Platform
NVD
CVSS 3.1
6.0
EPSS
1.3%
CVE-2020-2611 MEDIUM PATCH This Month

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Authentication Bypass Enterprise Manager Base Platform
NVD
CVSS 3.1
6.0
EPSS
1.2%
CVE-2020-2610 MEDIUM PATCH This Month

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Authentication Bypass Enterprise Manager Base Platform
NVD
CVSS 3.1
6.0
EPSS
1.2%
CVE-2020-2609 MEDIUM PATCH This Month

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Enterprise Manager Base Platform
NVD
CVSS 3.1
6.3
EPSS
1.1%
CVE-2020-2608 MEDIUM PATCH This Month

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Repository). Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Authentication Bypass Enterprise Manager Base Platform
NVD
CVSS 3.1
6.0
EPSS
1.4%
CVE-2019-10219 Maven MEDIUM POC PATCH This Month

A vulnerability was found in Hibernate-Validator. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Hibernate Validator Fuse Jboss Data Grid Jboss Enterprise Application Platform +184
NVD GitHub
CVSS 3.1
6.1
EPSS
2.2%
CVE-2019-12419 Maven CRITICAL PATCH Act Now

Apache CXF before 3.3.4 and 3.2.11 provides all of the components that are required to build a fully fledged OpenId Connect service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Apache Cxf Commerce Guided Search Enterprise Manager Base Platform +2
NVD
CVSS 3.1
9.8
EPSS
13.8%
CVE-2019-12415 Maven MEDIUM PATCH This Month

In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

XXE Microsoft Apache Poi Application Testing Suite +25
NVD
CVSS 3.1
5.5
EPSS
1.0%
CVE-2019-2897 MEDIUM PATCH This Month

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Actions). Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Oracle Business Intelligence Enterprise Manager Base Platform Mysql Server
NVD
CVSS 3.1
6.4
EPSS
0.9%
CVE-2019-17195 Maven CRITICAL PATCH Act Now

Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Information Disclosure Nimbus Jose Jwt Hadoop Communications Cloud Native Core Security Edge Protection Proxy +12
NVD
CVSS 3.1
9.8
EPSS
11.0%
CVE-2019-13990 Maven CRITICAL PATCH Act Now

initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Java Quartz Apache Batik Mapviewer Banking Enterprise Originations +28
NVD GitHub
CVSS 3.1
9.8
EPSS
16.2%
CVE-2019-0188 Maven HIGH PATCH This Week

Apache Camel prior to 2.24.0 contains an XML external entity injection (XXE) vulnerability (CWE-611) due to using an outdated vulnerable JSON-lib library. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Apache Camel Enterprise Data Quality Enterprise Manager Base Platform +2
NVD GitHub
CVSS 3.1
7.5
EPSS
8.5%
CVE-2019-0227 Maven HIGH POC PATCH THREAT This Week

A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. Public exploit code available.

SSRF Apache Axis Agile Engineering Data Management Agile Product Lifecycle Management +34
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
86.5%
CVE-2019-5427 Maven HIGH POC PATCH This Week

c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure C3P0 Fedora Communications Ip Service Activator Communications Session Route Manager +7
NVD
CVSS 3.1
7.5
EPSS
4.9%
CVE-2019-10247 Maven MEDIUM PATCH This Month

In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Jetty Oncommand System Manager Snap Creator Framework Snapcenter +22
NVD
CVSS 3.1
5.3
EPSS
5.8%
CVE-2019-10246 Maven MEDIUM PATCH This Month

In Eclipse Jetty version 9.2.27, 9.3.26, and 9.4.16, the server running on Windows is vulnerable to exposure of the fully qualified Base Resource directory name on Windows to a remote client when it. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Jetty Oncommand System Manager Snap Creator Framework +22
NVD
CVSS 3.1
5.3
EPSS
4.0%
EPSS 0% CVSS 8.8
HIGH This Week

Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Host Management). Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Oracle Enterprise Manager Base Platform
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Log Management). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Denial Of Service Oracle +1
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Application Config Console). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Enterprise Manager Base Platform
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

OWASP AntiSamy before 1.6.7 allows XSS via HTML tag smuggling on STYLE content with crafted input. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Antisamy Enterprise Manager Base Platform +1
NVD GitHub
EPSS 1% CVSS 4.7
MEDIUM This Month

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: UI Framework). Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Enterprise Manager Base Platform
NVD
EPSS 3% CVSS 8.8
HIGH PATCH This Week

CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Apache Chainsaw +25
NVD VulDB
EPSS 9% CVSS 9.8
CRITICAL PATCH Act Now

By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

Apache SQLi Log4J +27
NVD VulDB
EPSS 1% CVSS 8.8
HIGH PATCH This Week

JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Deserialization Apache +26
NVD VulDB
EPSS 72% CVSS 7.5
HIGH Act Now

JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Epss exploitation probability 72.2% and no vendor patch available.

RCE Deserialization Apache +46
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH This Week

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Policy Framework). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Information Disclosure Enterprise Manager Base Platform
NVD
EPSS 63% CVSS 7.5
HIGH PATCH This Week

A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS).4.30 to 2.4.48 (inclusive). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Apache Information Disclosure +12
NVD
EPSS 65% CVSS 7.5
HIGH PATCH This Week

Malformed requests may cause the server to dereference a NULL pointer.4.48 and earlier. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Apache Denial Of Service +17
NVD
EPSS 2% CVSS 8.3
HIGH POC PATCH This Week

Vulnerability in the Advanced Networking Option component of Oracle Database Server. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Oracle Information Disclosure Advanced Networking Option +110
NVD
EPSS 8% CVSS 8.6
HIGH PATCH This Week

There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Libxml2 +27
NVD
EPSS 4% CVSS 8.8
HIGH PATCH This Week

There's a flaw in libxml2 in versions before 2.9.11. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Information Disclosure +18
NVD
EPSS 4% CVSS 5.9
MEDIUM PATCH This Month

A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Libxml2 +18
NVD
EPSS 1% CVSS 6.1
MEDIUM POC PATCH This Month

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: UI Framework). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Oracle Authentication Bypass Enterprise Manager Base Platform
NVD
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

The X.509 GeneralName type is a generic type for representing different types of names. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

OpenSSL Denial Of Service Null Pointer Dereference +43
NVD VulDB
EPSS 4% CVSS 6.5
MEDIUM POC PATCH This Month

GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Libxml2 +17
NVD
EPSS 1% CVSS 7.1
HIGH PATCH This Week

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Enterprise Manager Base Platform
NVD
EPSS 4% CVSS 7.5
HIGH PATCH This Week

Server-Side Template Injection and arbitrary file disclosure on Camel templating components. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Camel Communications Diameter Signaling Router +2
NVD
EPSS 6% CVSS 7.5
HIGH PATCH This Week

regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Perl Oncommand Workflow Automation +14
NVD GitHub
EPSS 5% CVSS 8.6
HIGH PATCH This Week

Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Integer Overflow Perl +16
NVD GitHub
EPSS 11% CVSS 8.2
HIGH PATCH This Week

Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Integer Overflow Perl +14
NVD GitHub
EPSS 7% CVSS 9.8
CRITICAL PATCH Act Now

Apache Camel Netty enables Java deserialization by default. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Java Deserialization +4
NVD
EPSS 6% CVSS 9.8
CRITICAL PATCH Act Now

Apache Camel RabbitMQ enables Java deserialization by default. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Java Deserialization +4
NVD
EPSS 14% CVSS 7.5
HIGH PATCH This Week

Apache Camel's JMX is vulnerable to Rebind Flaw. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Camel +4
NVD
EPSS 7% CVSS 9.8
CRITICAL PATCH Act Now

dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Dom4J Agile Plm +36
NVD GitHub
EPSS 53% CVSS 7.5
HIGH POC PATCH THREAT This Week

Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service OpenSSL +25
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Discovery Framework (Oracle OHS)). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Information Disclosure Enterprise Manager Base Platform
NVD
EPSS 6% CVSS 8.1
HIGH PATCH This Week

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apache Deserialization Jackson Databind +17
NVD GitHub
EPSS 1% CVSS 8.1
HIGH PATCH This Week

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Java Deserialization Jackson Databind +20
NVD GitHub VulDB
EPSS 6% CVSS 5.3
MEDIUM PATCH This Month

Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required.

Apache Information Disclosure Cxf +9
NVD
EPSS 61% CVSS 8.8
HIGH PATCH Act Now

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 60.7%.

Apache Deserialization Jackson Databind +31
NVD GitHub VulDB
EPSS 7% CVSS 8.8
HIGH PATCH This Week

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Apache Deserialization Jackson Databind +30
NVD GitHub VulDB
EPSS 3% CVSS 8.8
HIGH PATCH This Week

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Apache Deserialization Jackson Databind +24
NVD GitHub
EPSS 3% CVSS 8.8
HIGH PATCH This Week

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Jackson Databind Debian Linux +29
NVD GitHub
EPSS 4% CVSS 8.8
HIGH PATCH This Week

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Jackson Databind Debian Linux +29
NVD GitHub
EPSS 8% CVSS 8.8
HIGH PATCH This Week

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Jackson Databind Debian Linux +29
NVD GitHub
EPSS 3% CVSS 8.8
HIGH PATCH This Week

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Apache Deserialization Jackson Databind +30
NVD GitHub
EPSS 18% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Jackson Databind Active Iq Unified Manager +23
NVD GitHub
EPSS 19% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig (aka. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Jackson Databind Active Iq Unified Manager +14
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Apache Deserialization Jackson Databind +30
NVD GitHub VulDB
EPSS 8% CVSS 7.5
HIGH PATCH This Week

xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Libxml2 Fedora +22
NVD
EPSS 2% CVSS 5.3
MEDIUM POC PATCH This Month

Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC (spring-webmvc module) or Spring WebFlux (spring-webflux module). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Google Java CSRF +27
NVD
EPSS 88% CVSS 7.5
HIGH PATCH This Week

In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Java Spring Framework +32
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Command Line Interface). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Enterprise Manager Base Platform
NVD
EPSS 1% CVSS 6.0
MEDIUM PATCH This Month

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Connector Framework). Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Authentication Bypass +1
NVD
EPSS 1% CVSS 6.0
MEDIUM PATCH This Month

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Oracle Management Service). Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Authentication Bypass +1
NVD
EPSS 1% CVSS 6.0
MEDIUM This Month

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Job System). Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle Authentication Bypass +1
NVD
EPSS 1% CVSS 6.0
MEDIUM PATCH This Month

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Connector Framework). Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Authentication Bypass +1
NVD
EPSS 1% CVSS 6.0
MEDIUM PATCH This Month

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Host Management). Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Authentication Bypass +1
NVD
EPSS 1% CVSS 6.0
MEDIUM PATCH This Month

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Application Service Level Mgmt). Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Authentication Bypass +1
NVD
EPSS 1% CVSS 6.0
MEDIUM PATCH This Month

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: System Monitoring). Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Authentication Bypass +1
NVD
EPSS 1% CVSS 6.0
MEDIUM PATCH This Month

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Configuration Standard Framewk). Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Authentication Bypass +1
NVD
EPSS 1% CVSS 6.0
MEDIUM PATCH This Month

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Connector Framework). Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Authentication Bypass +1
NVD
EPSS 1% CVSS 6.0
MEDIUM PATCH This Month

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: System Monitoring). Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Authentication Bypass +1
NVD
EPSS 1% CVSS 6.0
MEDIUM PATCH This Month

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Application Service Level Mgmt). Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Authentication Bypass +1
NVD
EPSS 1% CVSS 6.0
MEDIUM PATCH This Month

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Extensibility Framework). Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Authentication Bypass +1
NVD
EPSS 1% CVSS 6.0
MEDIUM PATCH This Month

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Extensibility Framework). Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Authentication Bypass +1
NVD
EPSS 1% CVSS 6.0
MEDIUM PATCH This Month

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Host Management). Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Authentication Bypass +1
NVD
EPSS 1% CVSS 6.0
MEDIUM PATCH This Month

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Cloud Control Manager - OMS). Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Authentication Bypass +1
NVD
EPSS 1% CVSS 6.0
MEDIUM PATCH This Month

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Job System). Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Authentication Bypass +1
NVD
EPSS 1% CVSS 6.0
MEDIUM PATCH This Month

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Connector Framework). Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Authentication Bypass +1
NVD
EPSS 1% CVSS 6.0
MEDIUM PATCH This Month

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Metrics Framework). Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Authentication Bypass +1
NVD
EPSS 1% CVSS 6.0
MEDIUM PATCH This Month

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Event Management). Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Authentication Bypass +1
NVD
EPSS 1% CVSS 6.0
MEDIUM PATCH This Month

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Authentication Bypass +1
NVD
EPSS 1% CVSS 6.0
MEDIUM PATCH This Month

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Authentication Bypass +1
NVD
EPSS 1% CVSS 6.0
MEDIUM PATCH This Month

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Authentication Bypass +1
NVD
EPSS 1% CVSS 6.0
MEDIUM PATCH This Month

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Authentication Bypass +1
NVD
EPSS 1% CVSS 6.0
MEDIUM PATCH This Month

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Discovery Framework). Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Authentication Bypass +1
NVD
EPSS 1% CVSS 6.0
MEDIUM PATCH This Month

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Manager Repository). Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Authentication Bypass +1
NVD
EPSS 1% CVSS 6.0
MEDIUM PATCH This Month

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Oracle Management Service). Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Authentication Bypass +1
NVD
EPSS 1% CVSS 6.0
MEDIUM PATCH This Month

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Global EM Framework). Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Authentication Bypass +1
NVD
EPSS 1% CVSS 6.0
MEDIUM PATCH This Month

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Authentication Bypass +1
NVD
EPSS 1% CVSS 6.0
MEDIUM PATCH This Month

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Authentication Bypass +1
NVD
EPSS 1% CVSS 6.0
MEDIUM PATCH This Month

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Authentication Bypass +1
NVD
EPSS 1% CVSS 6.3
MEDIUM PATCH This Month

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Enterprise Manager Base Platform
NVD
EPSS 1% CVSS 6.0
MEDIUM PATCH This Month

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Repository). Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Authentication Bypass +1
NVD
EPSS 2% CVSS 6.1
MEDIUM POC PATCH This Month

A vulnerability was found in Hibernate-Validator. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Hibernate Validator Fuse +186
NVD GitHub
EPSS 14% CVSS 9.8
CRITICAL PATCH Act Now

Apache CXF before 3.3.4 and 3.2.11 provides all of the components that are required to build a fully fledged OpenId Connect service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Apache Cxf +4
NVD
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

XXE Microsoft Apache +27
NVD
EPSS 1% CVSS 6.4
MEDIUM PATCH This Month

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Actions). Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Oracle Business Intelligence +2
NVD
EPSS 11% CVSS 9.8
CRITICAL PATCH Act Now

Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Information Disclosure Nimbus Jose Jwt +14
NVD
EPSS 16% CVSS 9.8
CRITICAL PATCH Act Now

initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Java Quartz +30
NVD GitHub
EPSS 8% CVSS 7.5
HIGH PATCH This Week

Apache Camel prior to 2.24.0 contains an XML external entity injection (XXE) vulnerability (CWE-611) due to using an outdated vulnerable JSON-lib library. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Apache Camel +4
NVD GitHub
EPSS 87% CVSS 7.5
HIGH POC PATCH THREAT This Week

A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. Public exploit code available.

SSRF Apache Axis +36
NVD Exploit-DB
EPSS 5% CVSS 7.5
HIGH POC PATCH This Week

c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure C3P0 Fedora +9
NVD
EPSS 6% CVSS 5.3
MEDIUM PATCH This Month

In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Jetty Oncommand System Manager +24
NVD
EPSS 4% CVSS 5.3
MEDIUM PATCH This Month

In Eclipse Jetty version 9.2.27, 9.3.26, and 9.4.16, the server running on Windows is vulnerable to exposure of the fully qualified Base Resource directory name on Windows to a remote client when it. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Jetty +24
NVD
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy