Filtered by vendor Oracle
Subscriptions
Filtered by product Communications Pricing Design Center
Subscriptions
Total
41 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-24329 | 2 Jetbrains, Oracle | 3 Kotlin, Communications Cloud Native Core Binding Support Function, Communications Pricing Design Center | 2024-10-29 | 5.3 Medium |
| In JetBrains Kotlin before 1.6.0, it was not possible to lock dependencies for Multiplatform Gradle Projects. | ||||
| CVE-2022-21388 | 1 Oracle | 1 Communications Pricing Design Center | 2024-09-24 | 3.3 Low |
| Vulnerability in the Oracle Communications Pricing Design Center product of Oracle Communications Applications (component: On Premise Install). Supported versions that are affected are 12.0.0.3.0 and 12.0.0.4.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Pricing Design Center executes to compromise Oracle Communications Pricing Design Center. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Communications Pricing Design Center accessible data. CVSS 3.1 Base Score 3.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). | ||||
| CVE-2021-23336 | 7 Debian, Djangoproject, Fedoraproject and 4 more | 14 Debian Linux, Django, Fedora and 11 more | 2024-09-16 | 5.9 Medium |
| The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter. | ||||
| CVE-2017-5645 | 4 Apache, Netapp, Oracle and 1 more | 86 Log4j, Oncommand Api Services, Oncommand Insight and 83 more | 2024-08-05 | 9.8 Critical |
| In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code. | ||||
| CVE-2019-17195 | 4 Apache, Connect2id, Oracle and 1 more | 17 Hadoop, Nimbus Jose\+jwt, Communications Cloud Native Core Security Edge Protection Proxy and 14 more | 2024-08-05 | 9.8 Critical |
| Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential authentication bypass. | ||||
| CVE-2019-10219 | 3 Netapp, Oracle, Redhat | 199 Active Iq Unified Manager, Element, Management Services For Element Software And Netapp Hci and 196 more | 2024-08-04 | 6.1 Medium |
| A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack. | ||||
| CVE-2019-10086 | 6 Apache, Debian, Fedoraproject and 3 more | 73 Commons Beanutils, Nifi, Debian Linux and 70 more | 2024-08-04 | 7.3 High |
| In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean. | ||||
| CVE-2020-36182 | 5 Debian, Fasterxml, Netapp and 2 more | 47 Debian Linux, Jackson-databind, Cloud Backup and 44 more | 2024-08-04 | 8.1 High |
| FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS. | ||||
| CVE-2020-36180 | 5 Debian, Fasterxml, Netapp and 2 more | 47 Debian Linux, Jackson-databind, Cloud Backup and 44 more | 2024-08-04 | 8.1 High |
| FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS. | ||||
| CVE-2020-36189 | 5 Debian, Fasterxml, Netapp and 2 more | 42 Debian Linux, Jackson-databind, Cloud Backup and 39 more | 2024-08-04 | 8.1 High |
| FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource. | ||||
| CVE-2020-36185 | 5 Debian, Fasterxml, Netapp and 2 more | 47 Debian Linux, Jackson-databind, Cloud Backup and 44 more | 2024-08-04 | 8.1 High |
| FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource. | ||||
| CVE-2020-36186 | 5 Debian, Fasterxml, Netapp and 2 more | 47 Debian Linux, Jackson-databind, Cloud Backup and 44 more | 2024-08-04 | 8.1 High |
| FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource. | ||||
| CVE-2020-36184 | 5 Debian, Fasterxml, Netapp and 2 more | 47 Debian Linux, Jackson-databind, Cloud Backup and 44 more | 2024-08-04 | 8.1 High |
| FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource. | ||||
| CVE-2020-36183 | 5 Debian, Fasterxml, Netapp and 2 more | 47 Debian Linux, Jackson-databind, Cloud Backup and 44 more | 2024-08-04 | 8.1 High |
| FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool. | ||||
| CVE-2020-36188 | 5 Debian, Fasterxml, Netapp and 2 more | 47 Debian Linux, Jackson-databind, Cloud Backup and 44 more | 2024-08-04 | 8.1 High |
| FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource. | ||||
| CVE-2020-36181 | 5 Debian, Fasterxml, Netapp and 2 more | 46 Debian Linux, Jackson-databind, Service Level Manager and 43 more | 2024-08-04 | 8.1 High |
| FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS. | ||||
| CVE-2020-36179 | 5 Debian, Fasterxml, Netapp and 2 more | 45 Debian Linux, Jackson-databind, Cloud Backup and 42 more | 2024-08-04 | 8.1 High |
| FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS. | ||||
| CVE-2020-36187 | 5 Debian, Fasterxml, Netapp and 2 more | 47 Debian Linux, Jackson-databind, Cloud Backup and 44 more | 2024-08-04 | 8.1 High |
| FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource. | ||||
| CVE-2020-35491 | 5 Debian, Fasterxml, Netapp and 2 more | 28 Debian Linux, Jackson-databind, Service Level Manager and 25 more | 2024-08-04 | 8.1 High |
| FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource. | ||||
| CVE-2020-35490 | 5 Debian, Fasterxml, Netapp and 2 more | 27 Debian Linux, Jackson-databind, Service Level Manager and 24 more | 2024-08-04 | 8.1 High |
| FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource. | ||||