Lucene search

K
OracleCommunications Policy Management

50 matches found

CVE
CVE
added 2022/04/01 11:15 p.m.2207 views

CVE-2022-22965

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is...

9.8CVSS8.7AI score0.9446EPSS
CVE
CVE
added 2018/08/22 1:29 p.m.1648 views

CVE-2018-11776

Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace...

9.3CVSS8.4AI score0.94427EPSS
CVE
CVE
added 2020/12/11 2:15 a.m.1320 views

CVE-2020-17530

Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software : Apache Struts 2.0.0 - Struts 2.5.25.

9.8CVSS9.6AI score0.94395EPSS
CVE
CVE
added 2015/04/01 2:0 a.m.846 views

CVE-2015-2808

The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic tha...

5CVSS4.8AI score0.4884EPSS
CVE
CVE
added 2021/12/08 10:15 p.m.618 views

CVE-2021-43527

NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS #7, or PKCS #12 are likely to be impacted. Applications using N...

9.8CVSS9.6AI score0.05243EPSS
CVE
CVE
added 2021/04/13 7:15 a.m.516 views

CVE-2021-29425

In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal),...

5.8CVSS6.7AI score0.00357EPSS
CVE
CVE
added 2021/07/12 3:15 p.m.513 views

CVE-2021-33037

Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly ignored the transfer e...

5.3CVSS6.1AI score0.02506EPSS
CVE
CVE
added 2015/01/28 7:59 p.m.512 views

CVE-2015-0235

Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST."

10CVSS7.7AI score0.88605EPSS
CVE
CVE
added 2020/01/17 12:15 a.m.462 views

CVE-2020-5398

In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a "Content-Disposition" header in the response where the filename attribute is derived from use...

8CVSS7.3AI score0.90572EPSS
CVE
CVE
added 2020/09/14 5:15 p.m.405 views

CVE-2019-0230

Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.

9.8CVSS9.5AI score0.93849EPSS
CVE
CVE
added 2021/03/23 12:15 a.m.404 views

CVE-2021-21342

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on thes...

9.1CVSS7.3AI score0.01358EPSS
CVE
CVE
added 2021/03/23 12:15 a.m.401 views

CVE-2021-21343

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on thes...

7.5CVSS7.1AI score0.00832EPSS
CVE
CVE
added 2021/03/23 12:15 a.m.354 views

CVE-2021-21344

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed...

9.8CVSS8AI score0.27692EPSS
CVE
CVE
added 2021/03/23 12:15 a.m.353 views

CVE-2021-21351

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the r...

9.1CVSS8.1AI score0.90494EPSS
CVE
CVE
added 2020/11/16 9:15 p.m.334 views

CVE-2020-26217

XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone using XStream's Security Framework allowlist is ...

9.3CVSS8.2AI score0.93566EPSS
CVE
CVE
added 2021/03/23 12:15 a.m.329 views

CVE-2021-21346

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed...

9.8CVSS8.3AI score0.03899EPSS
CVE
CVE
added 2021/03/23 12:15 a.m.328 views

CVE-2021-21345

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker who has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who foll...

9.9CVSS7.8AI score0.85307EPSS
CVE
CVE
added 2021/03/23 12:15 a.m.318 views

CVE-2021-21347

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed...

9.8CVSS8.3AI score0.02592EPSS
CVE
CVE
added 2020/03/10 6:15 p.m.315 views

CVE-2020-5258

In affected versions of dojo (NPM package), the deepCopy method is vulnerable to Prototype Pollution. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. An attacker manipulates these attributes to overwrite, or pol...

7.7CVSS7.7AI score0.01592EPSS
CVE
CVE
added 2021/03/23 12:15 a.m.315 views

CVE-2021-21349

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream. No user is affe...

8.6CVSS7.8AI score0.05816EPSS
CVE
CVE
added 2021/03/23 12:15 a.m.312 views

CVE-2021-21350

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to execute arbitrary code only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup...

9.8CVSS8AI score0.08098EPSS
CVE
CVE
added 2021/03/23 12:15 a.m.300 views

CVE-2021-21348

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to occupy a thread that consumes maximum CPU time and will never return. No user is affected, who followed the recommendation to setup X...

7.8CVSS7.2AI score0.00265EPSS
CVE
CVE
added 2020/12/27 5:15 a.m.264 views

CVE-2020-35728

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).

8.1CVSS7.7AI score0.41431EPSS
CVE
CVE
added 2021/01/07 12:15 a.m.263 views

CVE-2020-36180

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.

8.8CVSS7.7AI score0.01957EPSS
CVE
CVE
added 2021/01/07 12:15 a.m.262 views

CVE-2020-36183

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.

8.1CVSS7.7AI score0.02421EPSS
CVE
CVE
added 2020/09/17 7:15 p.m.257 views

CVE-2020-24750

FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.

8.1CVSS7.7AI score0.02107EPSS
CVE
CVE
added 2021/01/07 12:15 a.m.254 views

CVE-2020-36179

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS.

8.8CVSS7.7AI score0.61296EPSS
CVE
CVE
added 2021/01/07 12:15 a.m.254 views

CVE-2020-36182

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.

8.8CVSS7.7AI score0.02121EPSS
CVE
CVE
added 2021/01/06 11:15 p.m.253 views

CVE-2020-36185

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource.

8.1CVSS7.7AI score0.01957EPSS
CVE
CVE
added 2021/01/06 11:15 p.m.252 views

CVE-2020-36184

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.

8.8CVSS7.7AI score0.05061EPSS
CVE
CVE
added 2021/01/06 11:15 p.m.251 views

CVE-2020-36188

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource.

8.1CVSS7.7AI score0.0698EPSS
CVE
CVE
added 2021/01/06 11:15 p.m.246 views

CVE-2020-36181

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS.

8.8CVSS7.7AI score0.06306EPSS
CVE
CVE
added 2021/01/06 11:15 p.m.242 views

CVE-2020-36186

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource.

8.1CVSS7.7AI score0.0221EPSS
CVE
CVE
added 2021/01/06 11:15 p.m.240 views

CVE-2020-36187

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.

8.1CVSS7.7AI score0.02039EPSS
CVE
CVE
added 2022/02/01 12:15 p.m.214 views

CVE-2021-43859

XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating ...

7.5CVSS7.5AI score0.01665EPSS
CVE
CVE
added 2020/01/17 7:15 p.m.213 views

CVE-2020-5397

Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC (spring-webmvc module) or Spring WebFlux (spring-webflux module) endpoints. Only non-authenticated endpoints are vulnerable because preflight requests should not inc...

5.3CVSS5.5AI score0.00889EPSS
CVE
CVE
added 2018/04/06 1:29 p.m.198 views

CVE-2018-1271

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or...

5.9CVSS7.2AI score0.90926EPSS
CVE
CVE
added 2021/12/17 8:15 p.m.197 views

CVE-2021-23450

All versions of package dojo are vulnerable to Prototype Pollution via the setObject function.

9.8CVSS8.7AI score0.02776EPSS
CVE
CVE
added 2020/08/25 6:15 p.m.192 views

CVE-2020-24616

FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).

8.1CVSS7.7AI score0.03783EPSS
CVE
CVE
added 2015/01/21 7:59 p.m.149 views

CVE-2015-0411

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Server : Security : Encryption.

7.5CVSS6.5AI score0.12949EPSS
CVE
CVE
added 2015/04/16 5:0 p.m.131 views

CVE-2015-2568

Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote attackers to affect availability via unknown vectors related to Server : Security : Privileges.

5CVSS5AI score0.0447EPSS
CVE
CVE
added 2020/09/14 5:15 p.m.128 views

CVE-2019-0233

An access permission override in Apache Struts 2.0.0 to 2.5.20 may cause a Denial of Service when performing a file upload.

7.5CVSS8.1AI score0.06858EPSS
CVE
CVE
added 2015/04/16 4:59 p.m.125 views

CVE-2015-0433

Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to InnoDB : DML.

4CVSS4.8AI score0.00458EPSS
CVE
CVE
added 2015/01/21 6:59 p.m.101 views

CVE-2015-0382

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0381.

4.3CVSS6.6AI score0.05592EPSS
CVE
CVE
added 2015/01/21 6:59 p.m.100 views

CVE-2015-0381

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0382.

4.3CVSS6.6AI score0.05592EPSS
CVE
CVE
added 2017/08/08 3:29 p.m.88 views

CVE-2017-3633

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Memcached to compromise MySQL...

6.5CVSS5.6AI score0.0071EPSS
CVE
CVE
added 2015/04/16 4:59 p.m.79 views

CVE-2015-0500

Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors.

4CVSS7.7AI score0.00837EPSS
CVE
CVE
added 2015/01/21 6:59 p.m.65 views

CVE-2015-0409

Unspecified vulnerability in Oracle MySQL Server 5.6.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.

4CVSS6.2AI score0.00709EPSS
CVE
CVE
added 2015/04/16 4:59 p.m.64 views

CVE-2015-0423

Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.

4CVSS7.5AI score0.00909EPSS
CVE
CVE
added 2017/10/19 5:29 p.m.45 views

CVE-2017-10159

Vulnerability in the Oracle Communications Policy Management component of Oracle Communications Applications (subcomponent: Portal, CMP). Supported versions that are affected are 11.5 and 12.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromi...

6.1CVSS5.6AI score0.00463EPSS