Lucene search
+L
OracleCommunications Pricing Design Center

41 matches found

CVE
CVE
added 2021/01/19 12:0 a.m.2051 views

CVE-2021-3177

CVE-2021-3177: A buffer overflow in PyCArg_repr of Python’s ctypes (_ctypes/callproc.c) may allow remote code execution when untrusted floating-point input is passed (e.g., 1e300 to c_double.from_param) due to unsafe use of sprintf. Affected: Python 3.x up to 3.9.1. Remediation exists in multiple...

9.8CVSS9.3AI score0.23293EPSS
CVE
CVE
added 2020/12/11 1:11 a.m.1428 views

CVE-2020-17530

CVE-2020-17530 describes a vulnerability in Apache Struts 2 where forced OGNL evaluation on raw user input in tag attributes can cause remote code execution. Affected products range from Struts 2.0.0 up to 2.5.25. The description states that evaluating untrusted input via the %{...} syntax enable...

9.8CVSS9.6AI score0.95922EPSS
In wild
CVE
CVE
added 2021/12/18 11:55 a.m.1190 views

CVE-2021-45105

Summary of CVE-2021-45105 (Log4j2) : Affected Log4j 2.x versions 2.0-alpha1 through 2.16.0 (except 2.12.3 and 2.3.1) are vulnerable to denial of service via uncontrolled recursion triggered by self-referential lookups in Thread Context Map data. The root cause is improper handling of self-referen...

5.9CVSS7.7AI score0.99999EPSS
In wildWeb
CVE
CVE
added 2020/12/10 10:10 p.m.1034 views

CVE-2020-8908

CVE-2020-8908 (Guava) : A temp directory creation vulnerability exists in all Guava versions where guava’s API com.google.common.io.Files.createTempDir() creates temporary directories that are world-readable on Unix-like systems. The issue arises because the temp dir permissions are not restricte...

3.3CVSS6.3AI score0.00964EPSS
CVE
CVE
added 2019/08/20 8:10 p.m.956 views

CVE-2019-10086

CVE-2019-10086 affects Apache Commons BeanUtils 1.9.2, where a BeanIntrospector addition could suppress access to the classloader via the class property on Java objects. The issue stems from not applying the suppression by default in PropertyUtilsBean, enabling potential risk across affected depl...

7.5CVSS7.3AI score0.28839EPSS
CVE
CVE
added 2021/02/15 12:15 p.m.820 views

CVE-2021-23336

CVE-2021-23336 affects Python CPython across multiple branches (0 and before 3.6.13; 3.7.0 before 3.7.10; 3.8.0 before 3.8.8; 3.9.0 before 3.9.2). The vulnerability is Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs using parameter cloaking with semicolons, causing the pr...

5.9CVSS7.6AI score0.35963EPSS
CVE
CVE
added 2021/07/12 2:55 p.m.749 views

CVE-2021-30640

CVE-2021-30640 describes a vulnerability in the JNDI Realm of Apache Tomcat that allows an attacker to authenticate using variations of a valid username and/or bypass some LockOut Realm protections. Affected are Tomcat releases: 10.0.0-M1 through 10.0.5, 9.0.0.M1 through 9.0.45, and 8.5.0 through...

6.5CVSS6.6AI score0.09886EPSS
CVE
CVE
added 2021/04/13 6:50 a.m.636 views

CVE-2021-29425

CVE-2021-29425 affects Apache Commons IO up to version 2.6, specifically FileNameUtils.normalize. With inputs such as "//../foo" or "\..\foo", normalization can yield a value that does not escape to higher directories, potentially enabling access to the parent directory if the resulting path is u...

5.8CVSS6.7AI score0.10608EPSS
In wild
CVE
CVE
added 2020/11/06 7:7 a.m.619 views

CVE-2020-28196

CVE-2020-28196 affects MIT Kerberos 5 (krb5) prior to 1.17.2 and 1.18.x prior to 1.18.3. The vulnerability stems from unbounded recursion in the ASN.1 BER decoder (lib/krb5/asn.1/asn1_encode.c) due to no recursion limit for indefinite lengths. This can lead to denial of service due to resource ex...

7.5CVSS7.6AI score0.04365EPSS
CVE
CVE
added 2020/12/03 4:16 p.m.616 views

CVE-2020-25649

The CVE-2020-25649 entry concerns a flaw in FasterXML Jackson Databind where entity expansion was not properly secured, enabling XML External Entity (XXE) attacks. This is a data-integrity risk. Connected advisories consistently associate the issue with Jackson Databind and XXE, and several sourc...

7.5CVSS7.3AI score0.17611EPSS
CVE
CVE
added 2021/07/12 2:55 p.m.612 views

CVE-2021-33037

CVE-2021-33037 affects Apache Tomcat: versions 10.0.0-M1–10.0.6, 9.0.0.M1–9.0.46, and 8.5.0–8.5.66 may mishandle the HTTP transfer-encoding header with reverse proxies, enabling request smuggling. Root cause: improper header handling allowing spoofed content encoding sequencing. Impact stated in ...

5.3CVSS6.1AI score0.75353EPSS
CVE
CVE
added 2017/04/17 9:0 p.m.608 views

CVE-2017-5645

CVE-2017-5645 affects Apache Log4j 2.x prior to 2.8.2. The vulnerability arises when using a TCP/UDP socket server to receive serialized log events from another application; a crafted binary payload can be deserialized to execute arbitrary code. The documented impact is remote code execution via ...

9.8CVSS9.5AI score0.8904EPSS
CVE
CVE
added 2020/11/28 12:0 a.m.521 views

CVE-2020-27218

CVE-2020-27218 affects Eclipse Jetty 9.4.x (9.4.0.RC0–9.4.34.v20201102), 10.x (10.0.0.alpha0–beta2), and 11.x (11.0.0.alpha0–beta2). When GZIP request body inflation is enabled and requests from different clients are multiplexed on one connection, an attacker who can send a body that is received ...

5.8CVSS5.1AI score0.08113EPSS
CVE
CVE
added 2022/02/25 2:35 p.m.419 views

CVE-2022-24329

CVE-2022-24329 affects JetBrains Kotlin prior to 1.6.0. The issue is that dependencies for Multiplatform Gradle Projects could not be locked, per the description. The connected documents do not provide details on exploit methods, affected products beyond Kotlin/Gradle Multiplatform usage, or quan...

5.3CVSS5.4AI score0.02178EPSS
CVE
CVE
added 2020/03/10 5:50 p.m.415 views

CVE-2020-5258

CVE-2020-5258 affects the Dojo NPM package where the deepCopy function is vulnerable to Prototype Pollution. The root cause is injection of properties into native JavaScript prototypes, allowing an attacker to mutate a base object’s prototype. Patched versions are 1.12.8, 1.13.7, 1.14.6, 1.15.3 a...

7.7CVSS7.7AI score0.0399EPSS
CVE
CVE
added 2020/06/05 1:27 p.m.391 views

CVE-2020-10878

Perl before 5.30.3 contains an integer overflow in the regular expression compiler (related to PL_regkind[OP(n)] == NOTHING). A crafted regex can produce malformed bytecode with a possibility of instruction injection, as documented by multiple advisories and CVEs (e.g., CVE-2020-10878). Public re...

8.6CVSS8.8AI score0.04879EPSS
CVE
CVE
added 2020/12/18 12:52 a.m.390 views

CVE-2020-28052

CVE-2020-28052 — BC Java OpenBSDBCrypt.password check issue : In Legion of the Bouncy Castle BC Java versions 1.65 and 1.66, the OpenBSDBCrypt.checkPassword method can compare data incorrectly during password verification, causing some incorrect passwords to be treated as a match for different, p...

8.1CVSS7.7AI score0.0714EPSS
CVE
CVE
added 2020/06/05 1:17 p.m.375 views

CVE-2020-10543

CVE-2020-10543 affects Perl before 5.30.3 on 32-bit platforms, where nested regular expression quantifiers cause a heap-based buffer overflow (integer overflow) in the regex compiler. The connected advisories confirm fixes/updates for Perl (e.g., CloudLinux, AlmaLinux, ALAS2), indicating remediat...

8.2CVSS8.7AI score0.11334EPSS
CVE
CVE
added 2019/10/15 1:42 p.m.332 views

CVE-2019-17195

IBM’s security bulletin for IBM Robotic Process Automation for Cloud Pak identifies CVE-2019-17195 as Nimbus JOSE+JWT vulnerability (uncaught JWT parsing exceptions) that could crash the application or leak information. Affected product: IBM Robotic Process Automation for Cloud Pak versions prior...

9.8CVSS9.2AI score0.11032EPSS
CVE
CVE
added 2021/06/02 3:49 p.m.322 views

CVE-2020-6950

Summary of CVE-2020-6950 (Eclipse Mojarra Local File Read) The Nuclei template confirms a directory traversal vulnerability in Eclipse Mojarra before 2.3.14 that allows reading arbitrary files via the loc or con parameter. Affected component is Mojarra (JavaServer Faces) in versions prior to 2.3....

6.5CVSS6.7AI score0.10124EPSS
CVE
CVE
added 2020/10/20 12:0 a.m.320 views

CVE-2020-25648

CVE-2020-25648 affects the NSS library (TLS 1.3) and describes a denial-of-service condition caused by processing multiple ChangeCipherSpec (CCS) messages. The vulnerability exists in NSS versions prior to 3.58. Several connected advisories indicate fixes/updates to NSS (e.g., NSS 3.58+ and distr...

7.5CVSS7.2AI score0.03901EPSS
CVE
CVE
added 2021/01/06 10:30 p.m.306 views

CVE-2020-36180

The connected documents confirm CVE-2020-36180 affects FasterXML jackson-databind 2.x before 2.9.10.8, due to mishandling of interaction between serialization gadgets and typing, specifically involving DriverAdapterCPDS in org.apache.commons.dbcp2.cpdsadapter (and related CPDS drivers). A public ...

8.8CVSS7.7AI score0.05041EPSS
CVE
CVE
added 2020/10/23 12:5 a.m.303 views

CVE-2020-27216

CVE-2020-27216 affects Eclipse Jetty in Unix-like environments across versions 1.0–9.4.32.v20200930, 10.0.0.alpha1–10.0.0.beta2, and 11.0.0.alpha1–11.0.0.beta2O. It describes a race condition where the system temporary directory is shared among users, allowing a collocated user to observe the cre...

7CVSS6.9AI score0.043EPSS
CVE
CVE
added 2019/11/08 2:46 p.m.299 views

CVE-2019-10219

The CVE-2019-10219 entry affects Hibernate Validator: SafeHtml validator annotation fails to sanitize HTML comments/instructions, enabling XSS in affected code paths. Affected CP4S versions are 1.7.2.0, 1.8.0.0, and 1.8.1.0. Remediation is to upgrade to Cloud Pak for Security 1.9.0.0 per IBM guid...

6.5CVSS6AI score0.02167EPSS
CVE
CVE
added 2021/01/06 10:30 p.m.297 views

CVE-2020-36179

CVE-2020-36179 affects FasterXML Jackson Databind (2.x) prior to 2.9.10.8, where the interaction between serialization gadgets and typing (notably involving DriverAdapterCPDS variants) is mishandled. Several connected advisories corroborate an insecure-deserialization pattern that can be triggere...

8.8CVSS7.7AI score0.20929EPSS
CVE
CVE
added 2021/01/06 10:29 p.m.293 views

CVE-2020-36189

CVE-2020-36189 affects FasterXML jackson-databind 2.x before 2.9.10.8. The issue is a deserialization/serialization typing interaction with gadgets (e.g., logback, MySQL/commons proxies) that can lead to arbitrary code execution, data exfiltration or integrity/availability impacts as described in...

8.1CVSS7.7AI score0.04912EPSS
CVE
CVE
added 2021/01/06 10:30 p.m.292 views

CVE-2020-36182

CVE-2020-36182 affects FasterXML jackson-databind 2.x before 2.9.10.8, due to mishandling of serialization gadgets and typing involving DriverAdapterCPDS (org.apache.tomcat.dbcp.dbcp2.cpdsadapter). Do not speculate on exploitability beyond what is stated; some sources (e.g., Debian LTS advisory) ...

8.8CVSS7.7AI score0.05018EPSS
CVE
CVE
added 2021/01/06 10:30 p.m.291 views

CVE-2020-36183

CVE-2020-36183 affects FasterXML jackson-databind 2.x prior to 2.9.10.8, due to mishandling of interaction between serialization gadgets and typing (JNDIConnectionPool gadget chain). Reported in IBM/X-Force and mirrored in Astra Linux bulletin; impact can be high (deserialization-based). Affected...

8.1CVSS7.7AI score0.0489EPSS
CVE
CVE
added 2021/01/06 10:30 p.m.289 views

CVE-2020-36184

CVE-2020-36184 affects FasterXML jackson-databind 2.x before 2.9.10.8. The connected documents describe a vulnerability arising from the interaction between serialization gadgets and typing, tied to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource (and related datasource classes). T...

8.8CVSS7.7AI score0.10379EPSS
CVE
CVE
added 2020/09/17 6:39 p.m.288 views

CVE-2020-24750

CVE-2020-24750 affects FasterXML jackson-databind 2.x prior to 2.9.10.6, where the interaction between serialization gadgets and typing is mishandled (CWE-502). This deserialization flaw could enable exploitation via untrusted data; the connected IBM/Cloudera doc confirms the CVE entry but does n...

8.1CVSS7.7AI score0.07327EPSS
CVE
CVE
added 2021/01/06 10:29 p.m.286 views

CVE-2020-36185

CVE-2020-36185 is a Jackson Databind v2.x vulnerability (pre-2.9.10.8) where deserialization gadgets interact with typing, linked to SharedPoolDataSource/JNDI-related classes. Affected: jackson-databind 2.x before 2.9.10.8. Impact includes potential remote code execution via gadget chains. Remedi...

8.1CVSS7.7AI score0.05218EPSS
CVE
CVE
added 2021/01/06 10:29 p.m.282 views

CVE-2020-36188

The CVE-2020-36188 issue affects FasterXML jackson-databind 2.x prior to 2.9.10.8, caused by mis-handling serialization gadgets in combination with typing (notably involving com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource). The vulnerability is described across multiple source...

8.1CVSS7.7AI score0.10911EPSS
CVE
CVE
added 2021/01/06 10:29 p.m.281 views

CVE-2020-36181

Consolidated evidence shows CVE-2020-36181 affects FasterXML jackson-databind 2.x before 2.9.10.8. The vulnerability arises from mishandling the interaction between serialization gadgets and typing, specifically related to DriverAdapterCPDS classes (notably org.apache.tomcat.dbcp.dbcp.cpdsadapter...

8.8CVSS7.7AI score0.05018EPSS
CVE
CVE
added 2021/01/06 10:29 p.m.281 views

CVE-2020-36186

CVE-2020-36186 affects FasterXML jackson-databind 2.x up to before 2.9.10.8, where serialization gadgets and typing handling interact incorrectly in the presence of PerUserPoolDataSource (org.apache.tomcat.dbcp.dbcp.datasources). This deserialization-related flaw can impact confidentiality, integ...

8.1CVSS7.7AI score0.05218EPSS
CVE
CVE
added 2021/01/06 10:29 p.m.273 views

CVE-2020-36187

CVE-2020-36187 affects FasterXML jackson-databind 2.x before 2.9.10.8. The root cause is a mishandling of the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource. The connected Astra Linux bulletin mirrors this description....

8.1CVSS7.7AI score0.05195EPSS
CVE
CVE
added 2020/12/17 6:43 p.m.263 views

CVE-2020-35491

CVE-2020-35491 affects FasterXML jackson-databind 2.x prior to 2.9.10.8, tied to deserialization gadget typing interactions via org.apache.commons.dbcp2.datasources.SharedPoolDataSource. Connected docs corroborate an extensive Jackson deserialization issue set with high impact, but the provided m...

8.1CVSS7.7AI score0.09477EPSS
CVE
CVE
added 2020/12/17 6:43 p.m.254 views

CVE-2020-35490

CVE-2020-35490 : jackson-databind 2.x before 2.9.10.8 is affected. The issue arises from mishandling the interaction between serialization gadgets and typing, related to PerUserPoolDataSource in org.apache.commons.dbcp2. Root cause: polymorphic deserialization/gadget chaining leads to potential c...

8.1CVSS7.7AI score0.07694EPSS
CVE
CVE
added 2021/07/20 10:43 p.m.243 views

CVE-2021-2351

CVE-2021-2351 affects Oracle Database Server’s Advanced Networking Option, with affected versions 12.1.0.2, 12.2.0.1, and 19c. The vulnerability allows unauthenticated network access via Oracle Net to compromise the Advanced Networking Option, with access requiring user interaction (UI_R) and ris...

8.3CVSS8.5AI score0.025EPSS
CVE
CVE
added 2020/08/25 5:4 p.m.223 views

CVE-2020-24616

The CVE-2020-24616 vulnerability affects FasterXML jackson-databind 2.x prior to 2.9.10.6, arising from the interaction between serialization gadgets and typing (related to br.com.anteros.dbcp.AnterosDBCPDataSource). Root cause is unsafe deserialization via Gadget chains in Jackson Databind. Impa...

8.1CVSS7.7AI score0.09422EPSS
CVE
CVE
added 2021/01/25 10:45 p.m.87 views

CVE-2021-21275

The CVE-2021-21275 entry concerns the MediaWiki Report extension, where a CSRF vulnerability existed because Special:Report lacked CSRF protection before the fix. The root cause is absence of CSRF checks on report submissions for revisions; the issue was mitigated by commit f828dc6 introducing Me...

5.3CVSS4.6AI score0.00716EPSS
CVE
CVE
added 2022/01/19 11:26 a.m.65 views

CVE-2022-21388

CVE-2022-21388 affects Oracle Communications Pricing Design Center (On Premise Install) within Oracle Communications Applications. Affected versions: 12.0.0.3.0 and 12.0.0.4.0. Root cause described as an input validation issue that can allow a low-privilege, logon-based attacker to read a subset ...

3.3CVSS3.5AI score0.00305EPSS