Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
oracle communications application session controller vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-21890
Vulnerability in the Oracle Communications Converged Application Server product of Oracle Communications (component: Core). Supported versions that are affected are 7.1.0 and 8.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via UDP to co...
Oracle Communications Converged Application Server 8.0.0
Oracle Communications Converged Application Server 7.1.0
766
VMScore
CVE-2021-44832
Apache Log4j2 versions 2.0-beta7 up to and including 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the tar...
Apache Log4j 2.0
Apache Log4j
Oracle Weblogic Server 12.2.1.3.0
Oracle Primavera Unifier 18.8
Oracle Weblogic Server 12.2.1.4.0
Oracle Primavera Unifier 19.12
Oracle Weblogic Server 14.1.1.0.0
Oracle Primavera Unifier 20.12
Oracle Communications Interactive Session Recorder 6.3
Oracle Communications Interactive Session Recorder 6.4
Oracle Primavera Gateway
Oracle Retail Assortment Planning 16.0.3
Oracle Primavera Unifier 21.12
Oracle Primavera P6 Enterprise Project Portfolio Management 21.12.0.0
Oracle Primavera P6 Enterprise Project Portfolio Management
Oracle Primavera Gateway 21.12.0
Oracle Retail Fiscal Management 14.2
Oracle Siebel Ui Framework 21.12
Oracle Communications Diameter Signaling Router
Cisco Cloudcenter 4.10.0.16
Fedoraproject Fedora 34
Fedoraproject Fedora 35
34 Github repositories
4 Articles
405
VMScore
CVE-2021-45105
Apache Log4j2 versions 2.0-alpha1 up to and including 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted strin...
Apache Log4j
Netapp Cloud Manager -
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Sonicwall Network Security Manager
Sonicwall Email Security
Sonicwall Web Application Firewall
Sonicwall 6bk1602-0aa12-0tp0 Firmware
Sonicwall 6bk1602-0aa22-0tp0 Firmware
Sonicwall 6bk1602-0aa32-0tp0 Firmware
Sonicwall 6bk1602-0aa42-0tp0 Firmware
Sonicwall 6bk1602-0aa52-0tp0 Firmware
Oracle E-business Suite 12.2
Oracle Retail Back Office 14.1
Oracle Weblogic Server 12.2.1.3.0
Oracle Webcenter Portal 12.2.1.3.0
Oracle Webcenter Sites 12.2.1.3.0
Oracle Managed File Transfer 12.2.1.3.0
Oracle Retail Order Broker 16.0
Oracle Retail Integration Bus 14.1.3
Oracle Retail Returns Management 14.1
Oracle Retail Central Office 14.1
74 Github repositories
5 Articles
1000
VMScore
CVE-2021-44228
Apache Log4j2 2.0-beta9 up to and including 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can contr...
Apache Log4j 2.0
Apache Log4j
Siemens Sppa-t3000 Ses3000 Firmware
Siemens Logo\\! Soft Comfort
Siemens Spectrum Power 4 4.70
Siemens Spectrum Power 4
Siemens Siveillance Control Pro
Siemens Energyip Prepay 3.7
Siemens Energyip Prepay 3.8
Siemens Siveillance Identity 1.6
Siemens Siveillance Identity 1.5
Siemens Siveillance Command
Siemens Sipass Integrated 2.85
Siemens Sipass Integrated 2.80
Siemens Head-end System Universal Device Integration System
Siemens Gma-manager
Siemens Energyip 8.5
Siemens Energyip 8.6
Siemens Energyip 8.7
Siemens Energyip 9.0
Siemens Energy Engage 3.1
Siemens E-car Operation Center
2 Metasploit modules
1159 Github repositories
28 Articles
517
VMScore
CVE-2021-3712
ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated...
Openssl Openssl
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Netapp Santricity Smi-s Provider -
Netapp Clustered Data Ontap -
Netapp Clustered Data Ontap Antivirus Connector -
Netapp Solidfire -
Netapp Hci Management Node -
Netapp Manageability Software Development Kit -
Netapp Storage Encryption -
Netapp E-series Santricity Os Controller
Mcafee Epolicy Orchestrator 5.10.0
Mcafee Epolicy Orchestrator
Tenable Tenable.sc
Tenable Nessus Network Monitor
Oracle Peoplesoft Enterprise Peopletools 8.57
Oracle Peoplesoft Enterprise Peopletools 8.58
Oracle Zfs Storage Appliance Kit 8.8
Oracle Peoplesoft Enterprise Peopletools 8.59
Oracle Mysql Server
Oracle Mysql Workbench
2 Github repositories
668
VMScore
CVE-2021-3711
In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" paramete...
Openssl Openssl
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Netapp Santricity Smi-s Provider -
Netapp Snapcenter -
Netapp Oncommand Workflow Automation -
Netapp Oncommand Insight -
Netapp Clustered Data Ontap -
Netapp Clustered Data Ontap Antivirus Connector -
Netapp Solidfire -
Netapp Hci Management Node -
Netapp Active Iq Unified Manager -
Netapp Manageability Software Development Kit -
Netapp Storage Encryption -
Netapp E-series Santricity Os Controller
Oracle Peoplesoft Enterprise Peopletools 8.57
Oracle Jd Edwards World Security A9.4
Oracle Peoplesoft Enterprise Peopletools 8.58
Oracle Enterprise Session Border Controller 8.4
Oracle Enterprise Communications Broker 3.2.0
Oracle Zfs Storage Appliance Kit 8.8
Oracle Peoplesoft Enterprise Peopletools 8.59
1 Github repository
1 Article
454
VMScore
CVE-2021-2351
Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced N...
Oracle Flexcube Investor Servicing 12.3.0
Oracle Flexcube Investor Servicing 12.1.0
Oracle Flexcube Private Banking 12.1.0
Oracle Flexcube Private Banking 12.0.0
Oracle Flexcube Investor Servicing 12.0.4
Oracle Retail Store Inventory Management 14.1
Oracle Ilearning 6.2
Oracle Hospitality Suite8 8.10.2
Oracle Retail Back Office 14.1
Oracle Weblogic Server 12.2.1.3.0
Oracle Utilities Framework 4.2.0.3.0
Oracle Flexcube Investor Servicing 12.4.0
Oracle Peoplesoft Enterprise Peopletools 8.57
Oracle Hospitality Reporting And Analytics 9.1.0
Oracle Application Testing Suite 13.3.0.1
Oracle Retail Order Broker 16.0
Oracle Retail Returns Management 14.1
Oracle Retail Central Office 14.1
Oracle Banking Platform 2.6.2
Oracle Primavera Unifier 18.8
Oracle Retail Point-of-service 14.1
Oracle Retail Predictive Application Server 15.0.3
321
VMScore
CVE-2021-34428
For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, if an exception is thrown from the SessionListener#sessionDestroyed() method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this c...
Eclipse Jetty
Debian Debian Linux 10.0
Netapp Snap Creator Framework -
Netapp Santricity Cloud Connector -
Netapp Snapmanager -
Netapp E-series Santricity Web Services -
Netapp Active Iq Unified Manager -
Netapp E-series Santricity Os Controller
Netapp Element Plug-in For Vcenter Server -
Oracle Communications Services Gatekeeper 7.0
Oracle Autovue For Agile Product Lifecycle Management 21.0.2
Oracle Siebel Core - Automation
Oracle Communications Session Route Manager
Oracle Communications Element Manager 8.2.2
Oracle Rest Data Services
Oracle Communications Session Report Manager
383
VMScore
CVE-2021-22897
curl 7.61.0 up to and including 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single "static" variable...
Haxx Curl
Oracle Mysql Server
Oracle Essbase
Oracle Communications Cloud Native Core Network Slice Selection Function 1.8.0
Oracle Communications Cloud Native Core Network Repository Function 1.15.0
Oracle Communications Cloud Native Core Network Function Cloud Native Environment 1.10.0
Oracle Communications Cloud Native Core Service Communication Proxy 1.15.0
Oracle Communications Cloud Native Core Network Repository Function 1.15.1
Oracle Communications Cloud Native Core Binding Support Function 1.11.0
Netapp Cloud Backup -
Netapp Solidfire \\& Hci Management Node -
Netapp Solidfire Baseboard Management Controller Firmware -
Netapp Solidfire\\, Enterprise Sds \\& Hci Storage Node -
Netapp Hci Compute Node Firmware -
Netapp H300e Firmware -
Netapp H300s Firmware -
Netapp H410s Firmware -
Netapp H500e Firmware -
Netapp H500s Firmware -
Netapp H700e Firmware -
Netapp H700s Firmware -
Siemens Sinec Infrastructure Network Services
606
VMScore
CVE-2021-22901
curl 7.75.0 up to and including 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection. A malicious server can use this in rare unfortunate circumstances to potentially reach remote c...
Haxx Curl
Oracle Mysql Server
Oracle Essbase
Oracle Communications Cloud Native Core Network Slice Selection Function 1.8.0
Oracle Communications Cloud Native Core Network Repository Function 1.15.0
Oracle Communications Cloud Native Core Network Function Cloud Native Environment 1.10.0
Oracle Communications Cloud Native Core Service Communication Proxy 1.15.0
Oracle Communications Cloud Native Core Network Repository Function 1.15.1
Oracle Communications Cloud Native Core Binding Support Function 1.11.0
Netapp Cloud Backup -
Netapp Snapcenter -
Netapp Oncommand Workflow Automation -
Netapp Oncommand Insight -
Netapp Solidfire \\& Hci Management Node -
Netapp Active Iq Unified Manager -
Netapp Solidfire Baseboard Management Controller Firmware -
Netapp Solidfire\\, Enterprise Sds \\& Hci Storage Node -
Netapp Hci Compute Node Firmware -
Netapp H300e Firmware -
Netapp H300s Firmware -
Netapp H410s Firmware -
Netapp H500e Firmware -
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4761
command injection
CVE-2024-3676
IDOR
CVE-2024-30039
CVE-2024-32113
CVE-2024-30049
CVE-2024-4776
SQL injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »