Communications Offline Mediation Controller Security Vulnerabilities and Issues — Communications Offline Mediation Controller CVE List

Lucene search

OracleCommunications Offline Mediation Controller

8 matches found

CVE•added 2021/03/05 9:15 p.m.•12586 views

CVE-2021-28041

ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host.

7.1CVSS6.8AI score0.00275EPSS

CVE•added 2021/12/14 12:15 p.m.•1131 views

CVE-2021-4104

JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remot...

7.5CVSS9.4AI score0.94358EPSS

CVE•added 2020/11/06 8:15 a.m.•587 views

CVE-2020-28196

MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite lengths lacks a recursion limit.

7.5CVSS7.6AI score0.00278EPSS

CVE•added 2020/12/03 5:15 p.m.•514 views

CVE-2020-25649

A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.

7.5CVSS7.3AI score0.00011EPSS

CVE•added 2020/06/05 3:15 p.m.•440 views

CVE-2020-12723

regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.

7.5CVSS8.1AI score0.00201EPSS

CVE•added 2020/10/20 10:15 p.m.•267 views

CVE-2020-25648

A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system availability. This fla...

7.5CVSS7.2AI score0.00123EPSS

CVE•added 2020/10/23 1:15 p.m.•267 views

CVE-2020-27216

In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub direct...

7CVSS6.9AI score0.00164EPSS

CVE•added 2020/11/12 6:15 p.m.•260 views

CVE-2019-17566

Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.

7.5CVSS8.2AI score0.00815EPSS