Lucene search
+L
OracleCommunications Operations Monitor

45 matches found

cve
cve
added 2021/12/20 12:0 a.m.7279 views

CVE-2021-44790

CVE-2021-44790 affects Apache HTTP Server up to version 2.4.51. It describes a buffer overflow in the mod_lua multipart parser (triggered via r:parsebody() from Lua scripts). Connected documents corroborate this in various advisories and patch notes, indicating releases with fixes (e.g., patched ...

9.8CVSS9.9AI score0.97108EPSS
Web
cve
cve
added 2020/04/29 12:0 a.m.7250 views

CVE-2020-11023

The connected Astra Linux bulletin confirms CVE-2020-11023: in jQuery versions >= 1.0.3 and < 3.5.0, passing HTML containing elements from untrusted sources to DOM manipulation methods (e.g., .html(), .append()) may lead to untrusted code execution. Patch released in jQuery 3.5.0. Remediat...

6.9CVSS7.2AI score0.8383EPSS
In wild
cve
cve
added 2021/06/01 12:28 p.m.6343 views

CVE-2021-23017

CVE-2021-23017 affects nginx's resolver. A security issue arises from an off-by-one in ngx_resolver_copy when DNS labels are followed by a root-domain pointer, allowing a crafted UDP response to overwrite the least significant byte of the next heap chunk metadata. This can lead to a worker proces...

7.7CVSS6.3AI score0.53461EPSS
cve
cve
added 2019/04/19 12:0 a.m.3110 views

CVE-2019-11358

CVE-2019-11358 is a prototype pollution vulnerability in jQuery (before 3.4.0) where mishandling of extend(true, {}, ...) can extend Object.prototype if an unsanitized source object has an enumerable proto property. The Core issue is triggered when a polluted prototype is introduced via nested ob...

6.1CVSS6.4AI score0.87218EPSS
In wild
cve
cve
added 2021/12/20 11:20 a.m.2721 views

CVE-2021-44224

CVE-2021-44224 concerns Apache HTTP Server (httpd) with the mod_proxy forward proxy configuration. A crafted URI to a forward proxy (ProxyRequests on) can trigger a NULL pointer dereference, causing a crash. In configurations that mix forward and reverse proxy declarations, it can enable requests...

8.2CVSS8.7AI score0.82295EPSS
cve
cve
added 2021/10/26 12:0 a.m.1103 views

CVE-2021-41182

CVE-2021-41182 is an XSS in the jQuery-UI Datepicker altField path (embedded in some OTRS deployments). Affected version observed as 1.12.1 copy; the issue is fixed in jQuery UI 1.13.0 by treating any altField value as a CSS selector. Debris from related CVEs (41183/41184) describe similar issues...

6.5CVSS6.4AI score0.42229EPSS
cve
cve
added 2021/10/26 12:0 a.m.913 views

CVE-2021-41184

CVE-2021-41184 describes an XSS in jQuery-UI before 1.13.0 where untrusted input passed to the of option of the .position() utility could lead to code execution. The connected documents confirm the issue affects jQuery-UI embedded in other software (e.g., OTRS/IU contexts) and state the fix is to...

6.5CVSS6.5AI score0.44515EPSS
Web
cve
cve
added 2019/09/16 6:6 p.m.695 views

CVE-2019-5482

CVE-2019-5482 is a heap buffer overflow in curl/libcurl’s TFTP handler (tftp_receive_packet) affecting curl versions up to 7.65.3. Public advisories detail that a small TFTP blocksize can trigger overflow, potentially enabling DoS or arbitrary code execution. Public fixes exist across distributio...

9.8CVSS9.7AI score0.17939EPSS
cve
cve
added 2019/09/06 5:24 p.m.679 views

CVE-2019-16056

CVE-2019-16056 : Debian LTS advisories fix a vulnerability in the Python email module where addresses containing multiple @ characters can bypass checks on From/To headers, potentially causing an application to accept an invalid address. The issue affects Python 2.7 as documented in DLA-2337-1 an...

7.5CVSS6.7AI score0.05366EPSS
cve
cve
added 2021/10/26 12:0 a.m.610 views

CVE-2021-41183

CVE-2021-41183 concerns jQuery-UI’s Datepicker in the embedded jQuery-UI copy used by OTRS (notably in the 1.12.1 series). The vulnerability arises from accepting values for the various *Text options from untrusted sources, which could allow execution of untrusted code. The issue is fixed in jQue...

6.5CVSS6.5AI score0.07948EPSS
cve
cve
added 2019/09/16 6:5 p.m.498 views

CVE-2019-5481

CVE-2019-5481 is a double-free vulnerability in curl’s FTP-Kerberos code, affecting curl 7.52.0 through 7.65.3. Exploitation involves a malicious FTP server sending a very large data block, which can cause memory corruption leading to a crash or denial of service (DoS). Multiple connected advisor...

9.8CVSS9.3AI score0.07266EPSS
cve
cve
added 2021/10/04 6:0 p.m.475 views

CVE-2021-32762

CVE-2021-32762 affects Redis components (redis-cli, redis-sentinel) via an integer overflow when parsing large multi-bulk network replies due to an overflow in the underlying hiredis library. The vulnerability can lead to heap overflow on affected platforms, with fixed defaults noted: the vulnera...

9CVSS8AI score0.02497EPSS
cve
cve
added 2019/10/03 6:38 p.m.467 views

CVE-2019-15165

The CVE-2019-15165 issue affects libpcap: sf-pcapng.c in libpcap before 1.9.1 fails to validate PHB header length before memory allocation, enabling potential memory exhaustion. Confirmed references from multiple advisories indicate the vulnerability is addressed by upgrading to libpcap 1.9.1 or ...

5.3CVSS6.2AI score0.02834EPSS
cve
cve
added 2019/02/06 8:0 p.m.453 views

CVE-2019-3822

CVE-2019-3822 affects libcurl 7.36.0 through before 7.64.0. The vulnerability is a stack-based buffer overflow in the NTLM header creation path: Curl_auth_create_ntlm_type3_message() uses unsigned arithmetic to guard a local buffer, but the check is insufficient, allowing the output data to excee...

9.8CVSS9.3AI score0.12771EPSS
cve
cve
added 2021/10/04 5:30 p.m.445 views

CVE-2021-32626

CVE-2021-32626 affects Redis with Lua scripting. Specifically crafted Lua scripts can overflow the heap-based Lua stack due to insufficient checks, leading to heap corruption and potential remote code execution. Affected: Redis versions supporting Lua scripting (from 2.6 onward). Remediation: upg...

8.8CVSS8.4AI score0.15126EPSS
cve
cve
added 2021/10/04 6:5 p.m.330 views

CVE-2021-41099

Redis EoF/heap corruption CVE-2021-41099 arises from an integer overflow in the Redis string library when proto-max-bulk-len is set to an excessively large value, allowing crafted network payloads to potentially cause denial of service or remote code execution through heap corruption. Affected ve...

7.5CVSS8.3AI score0.03422EPSS
cve
cve
added 2021/10/04 5:50 p.m.328 views

CVE-2021-32675

CVE-2021-32675 affects Redis and is triggered by parsing Redis Standard Protocol (RESP) requests. An attacker can craft requests to cause Redis to allocate large amounts of memory across multiple connections, potentially impacting availability. The issue is tied to the RESP parsing path and authe...

7.5CVSS8.1AI score0.1578EPSS
cve
cve
added 2019/07/11 6:30 p.m.319 views

CVE-2019-10192

CVE-2019-10192 is a heap-buffer overflow in Redis HyperLogLog used by SETRANGE. Affected: Redis HyperLogLog in 3.x before 3.2.13, 4.x before 4.0.14, and 5.x before 5.0.4. By corrupting a hyperloglog, an attacker can cause Redis to write up to 3 bytes beyond the end of a heap-allocated buffer. Imp...

7.2CVSS6.8AI score0.26048EPSS
cve
cve
added 2019/02/20 12:0 a.m.317 views

CVE-2019-7164

CVE-2019-7164 affects SQLAlchemy up to 1.2.17 and 1.3.x up to 1.3.0b2, allowing SQL Injection when the order_by parameter is controlled. The connected exploit repository (mlflow-cve-2019-7164) demonstrates a practical exploit pipeline using Docker/Hud and a Python test, indicating real-world appl...

9.8CVSS9.7AI score0.03525EPSS
cve
cve
added 2021/10/04 5:40 p.m.308 views

CVE-2021-32672

Redis contains CVE-2021-32672, a vulnerability in the Redis Lua Debugger where the protocol parser can read data beyond the actual buffer when handling malformed requests. This affects Redis builds that include Lua debugging support (3.2+). The issue is mitigated by upgrading to patched releases:...

5.3CVSS6AI score0.01702EPSS
cve
cve
added 2022/04/27 7:43 p.m.306 views

CVE-2022-24735

CVE-2022-24735 concerns Redis, where weaknesses in the Lua script execution environment allow a less-privileged user to inject Lua code that can execute with the (potentially higher) privileges of another Redis user. Affected versions are Redis prior to 7.0.0 or 6.2.7, with fixes in 7.0.0 and 6.2...

7.8CVSS6.4AI score0.02264EPSS
cve
cve
added 2019/07/11 6:30 p.m.301 views

CVE-2019-10193

CVE-2019-10193 is a stack-buffer overflow in Redis HyperLogLog exposed by the SETRANGE usage. Affected branches are Redis 3.x before 3.2.13, 4.x before 4.0.14, and 5.x before 5.0.4. Exploitation could cause writes past the end of a stack-allocated buffer, per multiple connected advisories. Public...

7.2CVSS6.8AI score0.23703EPSS
cve
cve
added 2019/11/08 2:46 p.m.299 views

CVE-2019-10219

The CVE-2019-10219 entry affects Hibernate Validator: SafeHtml validator annotation fails to sanitize HTML comments/instructions, enabling XSS in affected code paths. Affected CP4S versions are 1.7.2.0, 1.8.0.0, and 1.8.1.0. Remediation is to upgrade to Cloud Pak for Security 1.9.0.0 per IBM guid...

6.5CVSS6AI score0.02167EPSS
cve
cve
added 2021/10/04 5:55 p.m.294 views

CVE-2021-32687

CVE-2021-32687 describes an integer overflow in Redis affecting all versions, exploitable via set-max-intset-entries to corrupt the heap and potentially leak heap contents or enable remote code execution. Affected component is Redis’ intset handling when set-max-intset-entries is configured very ...

7.5CVSS8.4AI score0.03839EPSS
cve
cve
added 2019/02/06 8:0 p.m.292 views

CVE-2018-16890

CVE-2018-16890 affects libcurl versions 7.36.0 to before 7.64.0. The NTLM type-2 handling path (lib/vauth/ntlm.c:ntlm_decode_type2_target) fails to validate incoming data, enabling an integer overflow that an attacker could abuse to trigger a heap read out-of-bounds. Related issues in the same se...

7.5CVSS8.6AI score0.05351EPSS
cve
cve
added 2019/02/06 9:0 p.m.291 views

CVE-2019-7548

SQLAlchemy 1.2.17 is affected by CVE-2019-7548 and allows SQL Injection when the group_by parameter can be controlled. Connected documents confirm the vulnerable component is SQLAlchemy 1.2.17 and describe the injection via group_by as the root cause. The sources do not provide specific exploit d...

7.8CVSS9AI score0.01777EPSS
cve
cve
added 2021/10/04 5:35 p.m.290 views

CVE-2021-32627

Redis has a heap-corruption vulnerability (CVE-2021-32627) caused by an integer overflow when modifying proto-max-bulk-len/client-query-buffer-limit to very large values, potentially enabling remote code execution. Affected Redis versions are fixed in 6.2.6, 6.0.16, and 5.0.14. The recommended re...

7.5CVSS8.3AI score0.03688EPSS
cve
cve
added 2021/10/04 5:35 p.m.290 views

CVE-2021-32628

CVE-2021-32628 affects Redis. An integer overflow in the ziplist data structure can be triggered by setting very large ziplist-related configuration parameters (hash-max-ziplist-entries, hash-max-ziplist-value, zset-max-ziplist-entries, zset-max-ziplist-value), leading to heap corruption and pote...

7.5CVSS8.4AI score0.03636EPSS
cve
cve
added 2019/02/06 8:0 p.m.288 views

CVE-2019-3823

CVE-2019-3823 affects curl/libcurl from version 7.34.0 through before 7.64.0. The issue is a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to smtp_endofresp() isn’t NUL terminated and contains no character ending the parsed number, and len is 5, a...

7.5CVSS8.5AI score0.04286EPSS
cve
cve
added 2020/06/15 4:52 p.m.268 views

CVE-2020-14147

The CVE-2020-14147 issue is a vulnerability in Redis: an integer overflow in the getnum function of lua_struct.c on Redis builds before 6.0.3 can be triggered by processing large numbers in Lua code, leading to memory corruption, a denial of service (application crash), and potentially bypassing ...

7.7CVSS8AI score0.03085EPSS
cve
cve
added 2018/06/17 5:0 p.m.242 views

CVE-2018-11219

CVE-2018-11219 is a Redis Lua subsystem integer overflow vulnerability (bounds checking failure) affecting Redis up to versions prior to 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2. The issue originates in lua_struct.c:b_unpack() and can lead to memory corruption or a crash. Public details ...

9.8CVSS7.9AI score0.07056EPSS
cve
cve
added 2018/06/17 5:0 p.m.224 views

CVE-2018-11218

CVE-2018-11218 describes a memory corruption vulnerability in the Redis Lua subsystem’s cmsgpack handling, caused by stack-based buffer overflows. Affected Redis versions are before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2. Several connected sources reiter the issue as a Redis component ...

9.8CVSS8.1AI score0.58529EPSS
cve
cve
added 2022/04/27 7:55 p.m.224 views

CVE-2022-24736

CVE-2022-24736 affects Redis up to versions 6.2.7 and 7.0.0. A crafted Lua script can trigger a NULL pointer dereference, crashing the redis-server process. The issue is fixed in Redis 7.0.0 and 6.2.7. A partial mitigation is to block SCRIPT LOAD and EVAL via ACL rules if Lua scripting isn’t used...

5.5CVSS5.4AI score0.01498EPSS
cve
cve
added 2017/05/04 7:0 p.m.124 views

CVE-2017-3730

OpenSSL 1.1.0 before 1.1.0d is affected. A malicious server may supply bad DHE/ECDHE parameters causing the client to dereference a NULL pointer, resulting in a client crash and a Denial of Service. This is the explicit root cause described in multiple sources. Remediation is to upgrade to OpenSS...

7.5CVSS7.3AI score0.55294EPSS
cve
cve
added 2022/01/19 11:21 a.m.93 views

CVE-2022-21246

CVE-2022-21246 affects Oracle Communications Operations Monitor (Mediation Engine). Affected versions: 3.4, 4.2, 4.3, 4.4 and 5.0. The vulnerability is exploitable with network access via HTTP by a low-privileged attacker; successful exploitation requires minimal user interaction. Impact per sour...

5.4CVSS4.8AI score0.00524EPSS
cve
cve
added 2022/01/19 11:26 a.m.86 views

CVE-2022-21400

CVE-2022-21400 affects Oracle Communications Operations Monitor (component: Mediation Engine). Affected versions: 3.4, 4.2, 4.3, 4.4, 5.0. Exploitation requires network access via HTTP with low privileges and user interaction; successful attacks may lead to unauthorized update/insert/delete and r...

5.4CVSS4.8AI score0.00524EPSS
cve
cve
added 2022/01/19 11:26 a.m.83 views

CVE-2022-21399

The CVE-2022-21399 entry describes a vulnerability in Oracle Communications Operations Monitor (component: Mediation Engine) affecting versions 3.4, 4.2, 4.3, 4.4 and 5.0. The vulnerability allows a high-privileged attacker with network access via HTTP to compromise the product, with potential un...

6.6CVSS5.9AI score0.00667EPSS
cve
cve
added 2022/01/19 11:26 a.m.80 views

CVE-2022-21401

Oracle Communications Operations Monitor (Mediation Engine) is affected in versions 3.4, 4.2, 4.3, 4.4 and 5.0. An attacker with network access via HTTP and high privileges can exploit this to perform unauthorized updates, inserts, deletes, and read access to data, with potential partial denial o...

6.6CVSS5.9AI score0.00667EPSS
cve
cve
added 2022/01/19 11:26 a.m.79 views

CVE-2022-21397

Oracle Communications Operations Monitor (Mediation Engine) is affected in versions 3.4, 4.2, 4.3, 4.4 and 5.0. The flaw allows a low-privilege, network-accessing attacker (HTTP) with user interaction to compromise data integrity and confidentiality, potentially enabling unauthorized read/update/...

5.4CVSS4.8AI score0.00524EPSS
cve
cve
added 2022/01/19 11:26 a.m.78 views

CVE-2022-21396

CVE-2022-21396 affects Oracle Communications Operations Monitor (Mediation Engine). Affected versions: 3.4, 4.2, 4.3, 4.4 and 5.0. Vulnerability allows a low-privileged, network-accessible attacker to compromise via HTTP, with user interaction required, potentially leading to unauthorized update/...

5.4CVSS4.8AI score0.00524EPSS
cve
cve
added 2022/01/19 11:26 a.m.78 views

CVE-2022-21402

Oracle Communications Operations Monitor (Mediation Engine) is affected in CVE-2022-21402 for versions 3.4, 4.2, 4.3, 4.4 and 5.0. The vulnerability enables a high-privilege attacker with network access via HTTP to compromise data confidentiality and integrity, with unauthorized read/update/delet...

4.9CVSS4.2AI score0.00529EPSS
cve
cve
added 2022/01/19 11:26 a.m.77 views

CVE-2022-21395

CVE-2022-21395 affects Oracle Communications Operations Monitor (component: Mediation Engine) with affected versions 3.4, 4.2, 4.3, 4.4 and 5.0. The vulnerability allows a highly privileged attacker who can access the service over HTTP to compromise the monitor, potentially leading to takeover. T...

7.2CVSS7.2AI score0.01168EPSS
cve
cve
added 2022/01/19 11:27 a.m.72 views

CVE-2022-21403

Summary of CVE-2022-21403 : A vulnerability in the Oracle Communications Operations Monitor product (component: Mediation Engine) affects versions 3.4, 4.2, 4.3, 4.4 and 5.0. An attacker with high privileges and network access via HTTP can compromise the monitor, potentially allowing unauthorized...

6.6CVSS5.9AI score0.00667EPSS
cve
cve
added 2022/01/19 11:26 a.m.67 views

CVE-2022-21398

CVE-2022-21398 affects Oracle Communications Operations Monitor (Mediation Engine) with affected versions 3.4, 4.2, 4.3, 4.4 and 5.0. The entry describes a network-exploitable vulnerability allowing a low-privileged attacker with HTTP access to compromise data confidentiality and integrity, requi...

5.4CVSS4.8AI score0.00524EPSS
cve
cve
added 2016/07/21 10:0 a.m.46 views

CVE-2016-3513

The CVE-2016-3513 entry concerns Oracle Communications Operations Monitor (part of Oracle Communications Applications) prior to version 3.3.92.0.0. A vulnerability exists in the Infrastructure-related area that allows remote authenticated users to affect confidentiality. Public information in NVD...

6.8CVSS5.6AI score0.02689EPSS