threat
engine
.sh
Back
·
··:··
Home
/
Product
/
oracle communications billing and revenue management
Product
oracle communications billing and revenue management
66 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2022-21601
>= 12.0.0.4.0 and <= 12.0.0.7.0
Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component
6.5
MEDIUM
CVE-2022-21574
>= 12.0.0.4.0 and <= 12.0.0.6.0
Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component
5.3
MEDIUM
CVE-2022-21573
>= 12.0.0.4.0 and <= 12.0.0.6.0
Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component
6.5
MEDIUM
CVE-2022-21572
>= 12.0.0.4.0 and <= 12.0.0.6.0
Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component
5.4
MEDIUM
CVE-2022-21429
>= 12.0.0.4.0 and <= 12.0.0.6.0
Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component
8.1
HIGH
CVE-2022-21431
all versions
Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component
10.0
CRITICAL
CVE-2022-21430
all versions
Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component
8.5
HIGH
CVE-2022-21424
all versions
Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component
8.3
HIGH
CVE-2022-21422
all versions
Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component
7.5
HIGH
CVE-2020-36518
>= 12.0.0.4.0 and <= 12.0.0.6.0
jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.
7.5
HIGH
CVE-2022-21391
all versions
Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component
9.9
CRITICAL
CVE-2022-21390
all versions
Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component
10.0
CRITICAL
CVE-2022-21389
all versions
Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component
10.0
CRITICAL
CVE-2022-21276
all versions
Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component
9.9
CRITICAL
CVE-2022-21275
all versions
Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component
10.0
CRITICAL
CVE-2022-21268
all versions
Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component
3.3
LOW
CVE-2022-21267
all versions
Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component
3.3
LOW
CVE-2022-21266
all versions
Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component
7.5
HIGH
CVE-2021-45105
all versions
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from sel
5.9
MEDIUM
CVE-2021-2351
all versions
Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1
8.3
HIGH
CVE-2021-36090
all versions
When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an ou
7.5
HIGH
CVE-2021-35517
all versions
When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an ou
7.5
HIGH
CVE-2021-35516
all versions
When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out
7.5
HIGH
CVE-2021-35515
all versions
When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infi
7.5
HIGH
CVE-2021-22890
all versions
curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad han
3.7
LOW
CVE-2021-22876
all versions
curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leak
5.3
MEDIUM
CVE-2021-3345
all versions
_gcry_md_block_write in cipher/hash-common.c in Libgcrypt version 1.9.0 has a heap-based buffer overflow when the digest final fun
7.8
HIGH
CVE-2020-36183
all versions
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org
8.1
HIGH
CVE-2020-36182
all versions
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org
8.1
HIGH
CVE-2020-36180
all versions
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org
8.1
HIGH
CVE-2020-36179
all versions
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to oad
8.1
HIGH
CVE-2020-36189
all versions
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com
8.1
HIGH
CVE-2020-36188
all versions
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com
8.1
HIGH
CVE-2020-36187
all versions
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org
8.1
HIGH
CVE-2020-36186
all versions
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org
8.1
HIGH
CVE-2020-36185
all versions
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org
8.1
HIGH
CVE-2020-36184
all versions
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org
8.1
HIGH
CVE-2020-36181
all versions
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org
8.1
HIGH
CVE-2020-35728
all versions
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com
8.1
HIGH
CVE-2020-8286
all versions
curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the O
7.5
HIGH
CVE-2020-8285
all versions
curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match pa
7.5
HIGH
CVE-2020-8284
all versions
A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and p
3.7
LOW
CVE-2020-25649
all versions
A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerab
7.5
HIGH
CVE-2020-7017
all versions
In Kibana versions before 6.8.11 and 7.8.1 the region map visualization in contains a stored XSS flaw. An attacker who is able to
6.7
MEDIUM
CVE-2020-7016
all versions
Kibana versions before 6.8.11 and 7.8.1 contain a denial of service (DoS) flaw in Timelion. An attacker can construct a URL that w
4.8
MEDIUM
CVE-2020-8203
all versions
Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.
7.4
HIGH
CVE-2020-12723
all versions
regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls
7.5
HIGH
CVE-2020-10878
all versions
Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular
8.6
HIGH
CVE-2020-10543
all versions
Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an i
8.2
HIGH
CVE-2020-11022
all versions
In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery
6.9
MEDIUM
CVE-2020-9488
all versions
Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be in
3.7
LOW
CVE-2019-20330
all versions
FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking.
9.8
CRITICAL
CVE-2019-10219
all versions
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting
6.1
MEDIUM
CVE-2019-17531
all versions
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (eith
9.8
CRITICAL
CVE-2019-16943
all versions
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (eith
9.8
CRITICAL
CVE-2019-16942
all versions
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (eith
9.8
CRITICAL
CVE-2019-10086
all versions
In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker
7.3
HIGH
CVE-2019-11358
all versions
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Objec
6.1
MEDIUM
CVE-2018-14721
all versions
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by
10.0
CRITICAL
CVE-2018-14720
all versions
FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failu
9.8
CRITICAL
CVE-2018-14719
all versions
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block
9.8
CRITICAL
CVE-2018-14718
all versions
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block
9.8
CRITICAL
CVE-2018-7489
all versions
FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code executi
9.8
CRITICAL
CVE-2017-7525
all versions
A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an un
9.8
CRITICAL
CVE-2017-15095
all versions
A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenti
9.8
CRITICAL
CVE-2016-2381
all versions
Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment
7.5
HIGH
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin