threat
engine
.sh
Back
·
··:··
Home
/
Product
/
oracle communications cloud native core automated test suite
Product
oracle communications cloud native core automated test suite
50 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2022-22965
all versions
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. Th
9.8
CRITICAL
CVE-2022-22963
all versions
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for
9.8
CRITICAL
CVE-2021-43859
all versions
XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote att
7.5
HIGH
CVE-2022-20615
all versions
Jenkins Matrix Project Plugin 1.19 and earlier does not escape HTML metacharacters in node and label names, and label descriptions
5.4
MEDIUM
CVE-2022-20614
all versions
A missing permission check in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier allows attackers with Overall/Read access to
4.3
MEDIUM
CVE-2022-20613
all versions
A cross-site request forgery (CSRF) vulnerability in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier allows attackers to us
4.3
MEDIUM
CVE-2022-20612
all versions
A cross-site request forgery (CSRF) vulnerability in Jenkins 2.329 and earlier, LTS 2.319.1 and earlier allows attackers to trigge
4.3
MEDIUM
CVE-2021-39152
all versions
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote
8.5
HIGH
CVE-2021-39150
all versions
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote
8.5
HIGH
CVE-2021-39140
all versions
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote
6.5
MEDIUM
CVE-2021-39154
all versions
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote
8.5
HIGH
CVE-2021-39153
all versions
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote
8.5
HIGH
CVE-2021-39151
all versions
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote
8.5
HIGH
CVE-2021-39149
all versions
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote
8.5
HIGH
CVE-2021-39148
all versions
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote
8.5
HIGH
CVE-2021-39147
all versions
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote
8.5
HIGH
CVE-2021-39146
all versions
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote
8.5
HIGH
CVE-2021-39145
all versions
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote
8.5
HIGH
CVE-2021-39144
all versions
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote
8.5
HIGH
CVE-2021-39141
all versions
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote
8.5
HIGH
CVE-2021-39139
all versions
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote
8.5
HIGH
CVE-2021-22144
all versions
In Elasticsearch versions before 7.13.3 and 6.8.17 an uncontrolled recursion vulnerability that could lead to a denial of service
6.5
MEDIUM
CVE-2021-22145
all versions
A memory disclosure vulnerability was identified in Elasticsearch 7.10.0 to 7.13.3 error reporting. A user with the ability to sub
6.5
MEDIUM
CVE-2021-36374
all versions
When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of m
5.5
MEDIUM
CVE-2021-36373
all versions
When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally lead
5.5
MEDIUM
CVE-2021-36090
all versions
When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an ou
7.5
HIGH
CVE-2021-35516
all versions
When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out
7.5
HIGH
CVE-2021-35515
all versions
When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infi
7.5
HIGH
CVE-2021-29921
all versions
In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This (in s
9.8
CRITICAL
CVE-2021-22134
all versions
A document disclosure flaw was found in Elasticsearch versions after 7.6.0 and before 7.11.0 when Document or Field Level Security
4.3
MEDIUM
CVE-2021-22132
all versions
Elasticsearch versions 7.7.0 to 7.10.1 contain an information disclosure flaw in the async search API. Users who execute an async
4.8
MEDIUM
CVE-2019-10219
all versions
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting
6.1
MEDIUM
CVE-2019-10384
all versions
Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed users to obtain CSRF tokens without an associated web session ID, resul
8.8
HIGH
CVE-2019-10383
all versions
A stored cross-site scripting vulnerability in Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed attackers with Overall/A
4.8
MEDIUM
CVE-2019-1003050
all versions
The f:validateButton form control for the Jenkins UI did not properly escape job URLs in Jenkins 2.171 and earlier and Jenkins LTS
5.4
MEDIUM
CVE-2019-1003049
all versions
Users who cached their CLI authentication before Jenkins was updated to 2.150.2 and newer, or 2.160 and newer, would remain authen
8.1
HIGH
CVE-2018-1999007
all versions
A cross-site scripting vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/k
5.4
MEDIUM
CVE-2018-1999005
all versions
A cross-site scripting vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in BuildTimelineWidget.java, BuildTi
5.4
MEDIUM
CVE-2018-1999004
all versions
A Improper authorization vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in SlaveComputer.java that allows
4.3
MEDIUM
CVE-2018-1999003
all versions
A Improper authorization vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in Queue.java that allows attacker
4.3
MEDIUM
CVE-2018-1999002
all versions
A arbitrary file read vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/ko
7.5
HIGH
CVE-2018-1999001
all versions
A unauthorized modification of configuration vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in User.java t
8.8
HIGH
CVE-2018-1000195
all versions
A server-side request forgery vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in ZipExtractionInstaller.jav
4.3
MEDIUM
CVE-2018-1000194
all versions
A path traversal vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in FilePath.java, SoloFilePathFilter.java
8.1
HIGH
CVE-2018-1000193
all versions
A improper neutralization of control sequences vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in HudsonPri
4.3
MEDIUM
CVE-2018-1000192
all versions
A information exposure vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in AboutJenkins.java, ListPluginsCom
4.3
MEDIUM
CVE-2018-6356
all versions
Jenkins before 2.107 and Jenkins LTS before 2.89.4 did not properly prevent specifying relative paths that escape a base directory
6.5
MEDIUM
CVE-2018-1000068
all versions
An improper input validation vulnerability exists in Jenkins versions 2.106 and earlier, and LTS 2.89.3 and earlier, that allows a
5.3
MEDIUM
CVE-2018-1000067
all versions
An improper authorization vulnerability exists in Jenkins versions 2.106 and earlier, and LTS 2.89.3 and earlier, that allows an a
5.3
MEDIUM
CVE-2017-1000353
all versions
Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an unauthenticated remote code execution. An
9.8
CRITICAL
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin