Communications Operations Monitor@4.0 Security Vulnerabilities and Issues — Communications Operations Monitor@4.0 CVE List

Lucene search

OracleCommunications Operations Monitor4.0

11 matches found

CVE•added 2021/12/20 12:15 p.m.•2483 views

CVE-2021-44224

A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forger...

8.2CVSS8.7AI score0.11965EPSS

CVE•added 2019/04/20 12:29 a.m.•2189 views

CVE-2019-11358

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.

6.1CVSS6.4AI score0.02394EPSS

CVE•added 2019/09/16 7:15 p.m.•610 views

CVE-2019-5482

Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.

9.8CVSS9.7AI score0.10791EPSS

CVE•added 2019/09/16 7:15 p.m.•460 views

CVE-2019-5481

Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.

9.8CVSS9.3AI score0.0479EPSS

CVE•added 2019/10/03 7:15 p.m.•415 views

CVE-2019-15165

sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB header length before allocating memory.

5.3CVSS6.2AI score0.01322EPSS

CVE•added 2019/02/06 8:29 p.m.•405 views

CVE-2019-3822

libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()), generates the request HTTP header contents based on previously received data. The check that ...

9.8CVSS9.3AI score0.34384EPSS

CVE•added 2019/02/06 8:29 p.m.•247 views

CVE-2019-3823

libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to smtp_endofresp() isn't NUL terminated and contains no character ending the parsed number, and len is set to 5, then the strtol() call ...

7.5CVSS8.5AI score0.01536EPSS

CVE•added 2019/02/06 8:29 p.m.•234 views

CVE-2018-16890

libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (lib/vauth/ntlm.c:ntlm_decode_type2_target) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that ...

7.5CVSS8.6AI score0.01104EPSS

CVE•added 2018/06/17 5:29 p.m.•192 views

CVE-2018-11219

An Integer Overflow issue was discovered in the struct library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2, leading to a failure of bounds checking.

9.8CVSS7.9AI score0.03482EPSS

CVE•added 2018/06/17 5:29 p.m.•179 views

CVE-2018-11218

Memory Corruption was discovered in the cmsgpack library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2 because of stack-based buffer overflows.

9.8CVSS8.1AI score0.0964EPSS

CVE•added 2017/05/04 7:29 p.m.•96 views

CVE-2017-3730

In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash. This could be exploited in a Denial of Service attack.

7.5CVSS7.3AI score0.58568EPSS