Oracle Configuration Manager vulnerabilities

6 known vulnerabilities affecting oracle/configuration_manager.

Total CVEs
6
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH5

Vulnerabilities

Page 1 of 1
CVE-2020-2984HIGHCVSS 7.1v12.1.2.0.62020-07-15
CVE-2020-2984 [HIGH] CVE-2020-2984: Vulnerability in the Oracle Configuration Manager product of Oracle Enterprise Manager (component: D Vulnerability in the Oracle Configuration Manager product of Oracle Enterprise Manager (component: Discovery and collection script). The supported version that is affected is 12.1.2.0.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Configuration Manager. Successful attacks of this vulnerabilit
nvd
CVE-2020-12723HIGHCVSS 7.5v12.1.2.0.82020-06-05
CVE-2020-12723 [HIGH] CWE-120 CVE-2020-12723: regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.
nvd
CVE-2020-10543HIGHCVSS 8.2v12.1.2.0.82020-06-05
CVE-2020-10543 [HIGH] CWE-190 CVE-2020-10543: Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular ex Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.
nvd
CVE-2020-10878HIGHCVSS 8.6v12.1.2.0.82020-06-05
CVE-2020-10878 [HIGH] CWE-190 CVE-2020-10878: Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.
nvd
CVE-2017-5645CRITICALCVSS 9.8PoCv12.1.2.0.2v12.1.2.0.52017-04-17
CVE-2017-5645 [CRITICAL] CWE-502 CVE-2017-5645: In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive s In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.
nvd
CVE-2016-2381HIGHCVSS 7.5fixed in 12.1.2.0.4v12.1.2.0.62016-04-08
CVE-2016-2381 [HIGH] CWE-20 CVE-2016-2381: Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child pro Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.
nvd