Aggregator

A vulnerability has been found in Oracle JD Edwards EnterpriseOne Orchestrator 9.2 and classified as critical. This vulnerability affects unknown code of the component E1 IOT Orchestrator Security. The manipulation leads to information disclosure. This vulnerability was named CVE-2019-12086. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in FasterXML jackson-databind up to 2.9.8 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Default Typing. The manipulation leads to information disclosure. This vulnerability is known as CVE-2019-12086. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Oracle Billing and Revenue Management 7.5/12.0. It has been rated as critical. Affected by this issue is some unknown functionality of the component jackson-databind. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2019-12086. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Perl up to 5.30.2 and classified as critical. This vulnerability affects the function S_study_chunk of the file regcomp.c of the component Regular Expression. The manipulation leads to buffer overflow. This vulnerability was named CVE-2020-12723. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Oracle Communications EAGLE Application Processor 16.1/16.2/16.3/16.4. Affected by this issue is some unknown functionality of the component Platform. The manipulation leads to integer overflow. This vulnerability is handled as CVE-2020-10878. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Oracle Tekelec Platform Distribution up to 7.7.1. This issue affects some unknown processing of the component Perl. The manipulation leads to integer overflow. The identification of this vulnerability is CVE-2020-10878. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Oracle Communications EAGLE LNP Application Processor 10.1/10.2. Affected by this issue is some unknown functionality of the component Platform. The manipulation leads to integer overflow. This vulnerability is handled as CVE-2020-10878. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Oracle Communications Performance Intelligence Center Software up to 10.3.0.2.1/10.4.0.3.1. This affects an unknown part of the component Platform. The manipulation leads to integer overflow. This vulnerability is uniquely identified as CVE-2020-10878. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Oracle Communications User Data Repository 12.4.0. Affected by this vulnerability is an unknown functionality of the component Platform. The manipulation leads to integer overflow. This vulnerability is known as CVE-2020-10878. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Oracle Configuration Manager 12.1.2.0.8. Affected by this issue is some unknown functionality of the component Perl. The manipulation leads to integer overflow. This vulnerability is handled as CVE-2020-10878. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Oracle Communications Diameter Signaling Router up to 8.5.0.0. This affects an unknown part of the component Perl. The manipulation leads to integer overflow. This vulnerability is uniquely identified as CVE-2020-10878. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Oracle Communications LSMS 13.1/13.2/13.3/13.4. This vulnerability affects unknown code of the component Perl. The manipulation leads to integer overflow. This vulnerability was named CVE-2020-10878. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

在国内，这类事件带来的风险事件还比较少，感受比较明显的是公司收到过QT的律师函。不过，从风险治理的角度来说，这类风险搞不好要打官司、不容忽视。有见过比较强管理的方法：不允许使用强传染性的开源组件，但是对业务造成的影响很大，况且安全团队并没有那么高的话语权；其次是对强传染性的协议进行分析，比如LGPL的组件，要用就必须以动态链接的方式，否则就得开源产品代码。 综合来讲，这类风险需要提前纳入治理计划，需要从高层建设治理组织，最好是从源头做统一的、公司级的开源组件管理。 更多内容，可以访问： 1、SDL 100问 SDL100问：我与SDL的故事 SAST误报太高，如何解决？ SDL需要哪些人参与？ SDL是否适合互联网公司？ 如何计算安全评审的覆盖率？ 研发安全管理用哪些工具？ ATT＆CK与SDL能否混搭使用？ 软件安全领域有哪些成熟度模型？ SDL 61/100问：如何在隔离环境中修复大量的Java漏洞？ 2、SDL创新实践 首发！“ 研发安全运营 ” 架构研究与实践 DevSecOps实施关键：研发安全团队 DevSecOps实施关键：研发安全流程 DevSecOps实施关键：研发安全规范 从安全视角，看研发安全 数字化转型下的研发安全痛点 一个思考：安全测试驱动产品安全？ 3、SDL最初实践 【SDL最初实践】开篇 【SDL最初实践】安全培训 【SDL最初实践】安全需求 【SDL最初实践】安全设计 【SDL最初实践】安全开发 【SDL最初实践】安全测试 【SDL最初实践】安全审核 【SDL最初实践】安全响应 4、软件供应链安全 软件供应商面临的攻防实战风险 软件供应商实战对抗十大安全举措 软件供应商攻防常规战之SDL 软件供应链投毒事件应急响应 浅谈企业级供应链投毒应急安全能力建设 5、安全运营实践 基于实践的安全事件简述 安全事件运营SOP：钓鱼邮件 安全事件运营SOP：网络攻击 安全事件运营SOP：蜜罐告警 安全事件运营SOP：webshell事件 安全事件运营SOP：接收漏洞事件 应急响应：redis挖矿（防御篇） 应急响应：redis挖矿（攻击篇） 应急响应：redis挖矿（完结篇） 应急能力提升：实战应急困境与突破 应急能力提升：挖矿权限维持攻击模拟 应急能力提升：内网横向移动攻击模拟 应急能力提升：实战应急响应经验

A vulnerability was found in Oracle SD-WAN Aware 8.2/9.0 and classified as critical. This issue affects some unknown processing of the component Perl. The manipulation leads to integer overflow. The identification of this vulnerability is CVE-2020-10878. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Perl up to 5.30.2. It has been rated as critical. This issue affects some unknown processing of the component Regular Expression. The manipulation leads to integer overflow. The identification of this vulnerability is CVE-2020-10878. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Oracle Communications Billing and Revenue Management 12.0.0.2.0/12.0.0.3.0. This affects an unknown part. The manipulation leads to integer overflow. This vulnerability is uniquely identified as CVE-2020-10878. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Oracle Enterprise Manager Base Platform 13.4.0.0. Affected is an unknown function of the component EM on Market Place. The manipulation leads to integer overflow. This vulnerability is traded as CVE-2020-10878. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Oracle Communications Offline Mediation Controller 12.0.0.3.0. This issue affects some unknown processing of the component Perl. The manipulation leads to integer overflow. The identification of this vulnerability is CVE-2020-10878. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Oracle Communications Pricing Design Center 12.0.0.3.0. Affected is an unknown function of the component Perl. The manipulation leads to integer overflow. This vulnerability is traded as CVE-2020-10878. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Oracle Communications EAGLE LNP Application Processor 46.7/46.8/46.9. It has been declared as critical. This vulnerability affects unknown code of the component Perl. The manipulation leads to out-of-bounds write. This vulnerability was named CVE-2020-10543. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.