Communications Operations Monitor Security Vulnerabilities and Issues — Communications Operations Monitor CVE List

Lucene search

OracleCommunications Operations Monitor

14 matches found

CVE•added 2021/12/20 12:15 p.m.•6738 views

CVE-2021-44790

A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earl...

9.8CVSS9.9AI score0.85362EPSS

CVE•added 2021/06/01 1:15 p.m.•5808 views

CVE-2021-23017

A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.

7.7CVSS6.3AI score0.80961EPSS

CVE•added 2021/12/20 12:15 p.m.•2490 views

CVE-2021-44224

A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forger...

8.2CVSS8.7AI score0.02227EPSS

CVE•added 2021/10/26 3:15 p.m.•746 views

CVE-2021-41184

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the of option of the .position() util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the of option is now treated as a CSS ...

6.5CVSS6.5AI score0.20654EPSS

CVE•added 2021/10/26 3:15 p.m.•617 views

CVE-2021-41182

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the altField option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the altField option is now trea...

6.5CVSS6.4AI score0.272EPSS

CVE•added 2021/10/26 3:15 p.m.•535 views

CVE-2021-41183

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various *Text options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various *Text options are now alway...

6.5CVSS6.5AI score0.02439EPSS

CVE•added 2021/10/04 6:15 p.m.•445 views

CVE-2021-32762

Redis is an open source, in-memory database that persists on disk. The redis-cli command line tool and redis-sentinel service may be vulnerable to integer overflow when parsing specially crafted large multi-bulk network replies. This is a result of a vulnerability in the underlying hiredis library ...

9CVSS8AI score0.00551EPSS

CVE•added 2021/10/04 6:15 p.m.•404 views

CVE-2021-32626

Redis is an open source, in-memory database that persists on disk. In affected versions specially crafted Lua scripts executing in Redis can cause the heap-based Lua stack to be overflowed, due to incomplete checks for this condition. This can result with heap corruption and potentially remote code...

8.8CVSS8.4AI score0.00922EPSS

CVE•added 2021/10/04 6:15 p.m.•284 views

CVE-2021-41099

Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the underlying string library can be used to corrupt the heap and potentially result with denial of service or remote code execution. The vulnerability involves changing the default proto-max-bulk-len conf...

7.5CVSS8.3AI score0.00292EPSS

CVE•added 2021/10/04 6:15 p.m.•255 views

CVE-2021-32672

Redis is an open source, in-memory database that persists on disk. When using the Redis Lua Debugger, users can send malformed requests that cause the debugger’s protocol parser to read data beyond the actual buffer. This issue affects all versions of Redis with Lua debugging support (3.2 or newer)...

5.3CVSS6AI score0.00391EPSS

CVE•added 2021/10/04 6:15 p.m.•255 views

CVE-2021-32687

Redis is an open source, in-memory database that persists on disk. An integer overflow bug affecting all versions of Redis can be exploited to corrupt the heap and potentially be used to leak arbitrary contents of the heap or trigger remote code execution. The vulnerability involves changing the de...

7.5CVSS8.4AI score0.00908EPSS

CVE•added 2021/10/04 6:15 p.m.•251 views

CVE-2021-32628

Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the ziplist data structure used by all versions of Redis can be exploited to corrupt the heap and potentially result with remote code execution. The vulnerability involves modifying the default ziplist con...

7.5CVSS8.4AI score0.00461EPSS

CVE•added 2021/10/04 6:15 p.m.•247 views

CVE-2021-32627

Redis is an open source, in-memory database that persists on disk. In affected versions an integer overflow bug in Redis can be exploited to corrupt the heap and potentially result with remote code execution. The vulnerability involves changing the default proto-max-bulk-len and client-query-buffer...

7.5CVSS8.3AI score0.00626EPSS

CVE•added 2021/10/04 6:15 p.m.•246 views

CVE-2021-32675

Redis is an open source, in-memory database that persists on disk. When parsing an incoming Redis Standard Protocol (RESP) request, Redis allocates memory according to user-specified values which determine the number of elements (in the multi-bulk header) and size of each element (in the bulk heade...

7.5CVSS8.1AI score0.0261EPSS