Oracle: >> Configuration Manager >> 12.1.2.0.2 Security Vulnerabilities
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.
CVSS Score
9.8
EPSS Score
0.94
Published
2017-04-17
Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.
CVSS Score
7.5
EPSS Score
0.121
Published
2016-04-08