threat
engine
.sh
Back
·
··:··
Home
/
Product
/
oracle communications policy management
Product
oracle communications policy management
50 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2022-22965
all versions
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. Th
9.8
CRITICAL
CVE-2021-43859
all versions
XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote att
7.5
HIGH
CVE-2021-23450
all versions
All versions of package dojo are vulnerable to Prototype Pollution via the setObject function.
7.5
HIGH
CVE-2021-43527
all versions
NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded D
9.8
CRITICAL
CVE-2021-33037
all versions
Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding reque
5.3
MEDIUM
CVE-2021-29425
all versions
In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo",
4.8
MEDIUM
CVE-2021-21351
all versions
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability m
5.4
MEDIUM
CVE-2021-21350
all versions
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability w
5.3
MEDIUM
CVE-2021-21349
all versions
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability w
6.1
MEDIUM
CVE-2021-21348
all versions
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability w
5.3
MEDIUM
CVE-2021-21347
all versions
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability w
6.1
MEDIUM
CVE-2021-21346
all versions
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability w
6.1
MEDIUM
CVE-2021-21345
all versions
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability w
5.8
MEDIUM
CVE-2021-21344
all versions
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability w
5.3
MEDIUM
CVE-2021-21343
all versions
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability w
5.3
MEDIUM
CVE-2021-21342
all versions
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability w
5.3
MEDIUM
CVE-2020-36183
all versions
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org
8.1
HIGH
CVE-2020-36182
all versions
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org
8.1
HIGH
CVE-2020-36180
all versions
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org
8.1
HIGH
CVE-2020-36179
all versions
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to oad
8.1
HIGH
CVE-2020-36188
all versions
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com
8.1
HIGH
CVE-2020-36187
all versions
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org
8.1
HIGH
CVE-2020-36186
all versions
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org
8.1
HIGH
CVE-2020-36185
all versions
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org
8.1
HIGH
CVE-2020-36184
all versions
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org
8.1
HIGH
CVE-2020-36181
all versions
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org
8.1
HIGH
CVE-2020-35728
all versions
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com
8.1
HIGH
CVE-2020-17530
all versions
Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software :
9.8
CRITICAL
CVE-2020-26217
all versions
XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrar
8.0
HIGH
CVE-2020-24750
all versions
FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com
8.1
HIGH
CVE-2019-0233
all versions
An access permission override in Apache Struts 2.0.0 to 2.5.20 may cause a Denial of Service when performing a file upload.
7.5
HIGH
CVE-2019-0230
all versions
Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remot
9.8
CRITICAL
CVE-2020-24616
all versions
FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.
8.1
HIGH
CVE-2020-5258
all versions
In affected versions of dojo (NPM package), the deepCopy method is vulnerable to Prototype Pollution. Prototype Pollution refers t
7.7
HIGH
CVE-2020-5397
all versions
Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring
5.3
MEDIUM
CVE-2020-5398
all versions
In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an applica
7.5
HIGH
CVE-2018-11776
< 12.5.0
Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace i
8.1
HIGH
CVE-2018-1271
all versions
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications
5.9
MEDIUM
CVE-2017-10159
all versions
Vulnerability in the Oracle Communications Policy Management component of Oracle Communications Applications (subcomponent: Portal
6.1
MEDIUM
CVE-2017-3633
>= 12.0 and <= 12.0.0.4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affecte
6.5
MEDIUM
CVE-2015-2568
<= 9.7.3
Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote attackers to affect ava
CVE-2015-0500
<= 9.7.3
Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via u
CVE-2015-0433
<= 9.7.3
Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to
CVE-2015-0423
<= 9.7.3
Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via u
CVE-2015-2808
< 9.9.2
The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the ini
3.7
LOW
CVE-2015-0235
all versions
Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows con
CVE-2015-0411
<= 9.7.3
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote attackers to affect con
CVE-2015-0409
<= 9.7.3
Unspecified vulnerability in Oracle MySQL Server 5.6.21 and earlier allows remote authenticated users to affect availability via u
CVE-2015-0382
<= 9.7.3
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect avail
CVE-2015-0381
<= 9.7.3
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect avail
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin