Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
oracle communications cloud native core policy 1.14.0 vulnerabilities and exploits
(subscribe to this query)
5.9
CVSSv3
CVE-2021-21295
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.60.Final there is a vulnerability that enables request ...
Netty Netty
Netapp Oncommand Workflow Automation -
Netapp Oncommand Api Services -
Debian Debian Linux 10.0
Quarkus Quarkus
Apache Kudu
Apache Zookeeper 3.5.9
Oracle Communications Cloud Native Core Policy 1.14.0
1 Github repository
5.9
CVSSv3
CVE-2021-27568
An issue exists in netplex json-smart-v1 through 2015-10-23 and json-smart-v2 up to and including 2.4. An exception is thrown from a function, but it is not caught, as demonstrated by NumberFormatException. When it is not caught, it may cause programs using the library to crash o...
Json-smart Project Json-smart-v1
Json-smart Project Json-smart-v2
Oracle Weblogic Server 12.2.1.3.0
Oracle Utilities Framework 4.4.0.0.0
Oracle Weblogic Server 12.2.1.4.0
Oracle Peoplesoft Enterprise Peopletools 8.58
Oracle Weblogic Server 14.1.1.0.0
Oracle Utilities Framework 4.4.0.2.0
Oracle Peoplesoft Enterprise Peopletools 8.59
Oracle Utilities Framework 4.4.0.3.0
Oracle Communications Cloud Native Core Policy 1.14.0
Oracle Oss Support Tools
3 Github repositories
5.5
CVSSv3
CVE-2020-15250
In JUnit4 from version 4.7 and prior to 4.13.1, the test rule TemporaryFolder contains a local information disclosure vulnerability. On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories...
Junit Junit4
Debian Debian Linux 9.0
Apache Pluto
Oracle Communications Cloud Native Core Policy 1.14.0
6 Github repositories
5.5
CVSSv3
CVE-2020-15358
In SQLite prior to 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation.
Sqlite Sqlite
Canonical Ubuntu Linux 20.04
Apple Iphone Os
Apple Watchos
Apple Icloud
Apple Tvos
Apple Ipados
Apple Macos
Oracle Outside In Technology 8.5.4
Oracle Outside In Technology 8.5.5
Oracle Hyperion Infrastructure Technology 11.1.2.4
Oracle Enterprise Manager Ops Center 12.4.0.0
Oracle Communications Network Charging And Control 12.0.2
Oracle Mysql
Oracle Communications Network Charging And Control 6.0.1
Oracle Communications Messaging Server 8.1
Oracle Communications Cloud Native Core Policy 1.14.0
Siemens Sinec Infrastructure Network Services
5.5
CVSSv3
CVE-2020-13434
SQLite up to and including 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.
Sqlite Sqlite
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Fedoraproject Fedora 32
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.10
Canonical Ubuntu Linux 20.04
Canonical Ubuntu Linux 16.04
Freebsd Freebsd 12.0
Freebsd Freebsd 12.1
Freebsd Freebsd 11.4
Freebsd Freebsd
Oracle Outside In Technology 8.5.5
Oracle Communications Network Charging And Control 6.0.1
Oracle Communications Network Charging And Control
Oracle Communications Cloud Native Core Policy 1.14.0
Apple Iphone Os
Apple Watchos
Apple Tvos
Apple Ipados
Apple Icloud
Apple Itunes
2 Github repositories
5.3
CVSSv3
CVE-2021-33037
Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly ign...
Apache Tomcat
Apache Tomee 8.0.6
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Oracle Managed File Transfer 12.2.1.3.0
Oracle Instantis Enterprisetrack 17.1
Oracle Instantis Enterprisetrack 17.2
Oracle Instantis Enterprisetrack 17.3
Oracle Agile Plm 9.3.6
Oracle Communications Policy Management 12.5.0
Oracle Sd-wan Edge 9.0
Oracle Managed File Transfer 12.2.1.4.0
Oracle Secure Global Desktop 5.6
Oracle Hospitality Cruise Shipboard Property Management System 20.1.0
Oracle Communications Pricing Design Center 12.0.0.3.0
Oracle Communications Session Route Manager
Oracle Mysql Enterprise Monitor
Oracle Communications Session Report Manager
Oracle Sd-wan Edge 9.1
Oracle Utilities Testing Accelerator 6.0.0.2.2
Oracle Utilities Testing Accelerator 6.0.0.3.1
Oracle Utilities Testing Accelerator 6.0.0.1.1
5.3
CVSSv3
CVE-2021-28169
For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to `/concat?/%2557EB-INF/web.xml` can retrieve the we...
Eclipse Jetty
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Oracle Rest Data Services
Oracle Communications Cloud Native Core Policy 1.14.0
Netapp Snap Creator Framework -
Netapp Hci -
Netapp Active Iq Unified Manager -
Netapp Management Services For Element Software -
2 Github repositories
5.3
CVSSv3
CVE-2021-28170
In the Jakarta Expression Language implementation 3.0.3 and previous versions, a bug in the ELParserTokenManager enables invalid EL expressions to be evaluated as if they were valid.
Eclipse Jakarta Expression Language
Quarkus Quarkus
Oracle Communications Cloud Native Core Policy 1.14.0
Oracle Weblogic Server 14.1.1.0.0
5.3
CVSSv3
CVE-2020-29582
In JetBrains Kotlin prior to 1.4.21, a vulnerable Java API was used for temporary file and folder creation. An attacker was able to read data from such files and list directories due to insecure permissions.
Jetbrains Kotlin
Oracle Communications Cloud Native Core Network Slice Selection Function 1.2.1
Oracle Communications Cloud Native Core Policy 1.14.0
Oracle Communications Cloud Native Core Service Communication Proxy 1.14.0
5
CVSSv3
CVE-2020-8554
Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status (which is considered a privileged operation and...
Kubernetes Kubernetes
Oracle Communications Cloud Native Core Network Slice Selection Function 1.2.1
Oracle Communications Cloud Native Core Service Communication Proxy 1.14.0
Oracle Communications Cloud Native Core Policy 1.15.0
14 Github repositories
1 Article
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injection
CVE-2024-35894
SQL
CVE-2024-5105
CVE-2014-100005
CVE-2024-35895
unauthorized
CVE-2024-22120
CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
NEXT »