threat
engine
.sh
Back
·
··:··
Home
/
Product
/
oracle communications session route manager
Product
oracle communications session route manager
74 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2022-23437
< 9.0
There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads.
6.5
MEDIUM
CVE-2021-44790
<= 9.0
A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua script
9.8
CRITICAL
CVE-2021-44224
< 9.0
A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for
8.2
HIGH
CVE-2021-45105
< 9.0
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from sel
5.9
MEDIUM
CVE-2021-2351
>= 8.2.0 and <= 8.2.5
Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1
8.3
HIGH
CVE-2021-36090
>= 8.0.0 and <= 8.2.5.0
When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an ou
7.5
HIGH
CVE-2021-35517
>= 8.0.0 and <= 8.2.5
When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an ou
7.5
HIGH
CVE-2021-35516
>= 8.0.0 and <= 8.2.5
When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out
7.5
HIGH
CVE-2021-35515
>= 8.0.0 and <= 8.2.5
When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infi
7.5
HIGH
CVE-2021-33037
>= 8.0.0 and <= 8.2.4
Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding reque
5.3
MEDIUM
CVE-2021-34428
>= 8.0.0 and <= 8.2.4.0
For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, if an exception is thrown from the SessionListener#sessionDestroyed()
2.9
LOW
CVE-2021-22118
>= 8.0.0 and <= 8.2.4.0
In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a pr
7.8
HIGH
CVE-2021-22696
>= 8.0.0 and <= 8.2.4
CXF supports (via JwtRequestCodeFilter) passing OAuth 2 parameters via a JWT token as opposed to query parameters (see: The OAuth
7.5
HIGH
CVE-2021-28165
>= 8.0.0.0 and <= 8.2.4.0
In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a
7.5
HIGH
CVE-2021-28164
>= 8.0.0 and <= 8.2.4
In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %
5.3
MEDIUM
CVE-2021-28163
>= 8.0.0 and <= 8.2.4.0
In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is
2.7
LOW
CVE-2020-13947
>= 8.0.0 and <= 8.2.2
An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the me
6.1
MEDIUM
CVE-2021-26117
>= 8.0.0 and <= 8.2.2
The optional ActiveMQ LDAP login module can be configured to use anonymous access to the LDAP server. In this case, for Apache Act
7.5
HIGH
CVE-2020-36183
>= 8.2.0.0 and <= 8.2.2.1
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org
8.1
HIGH
CVE-2020-36182
>= 8.2.0.0 and <= 8.2.2.1
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org
8.1
HIGH
CVE-2020-36180
>= 8.2.0.0 and <= 8.2.2.1
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org
8.1
HIGH
CVE-2020-36179
>= 8.2.0 and <= 8.2.2.1
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to oad
8.1
HIGH
CVE-2020-36189
>= 8.2.0.0 and <= 8.2.2.1
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com
8.1
HIGH
CVE-2020-36188
>= 8.2.0.0 and <= 8.2.2.1
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com
8.1
HIGH
CVE-2020-36187
>= 8.2.0.0 and <= 8.2.2.1
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org
8.1
HIGH
CVE-2020-36186
>= 8.2.0.0 and <= 8.2.2.1
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org
8.1
HIGH
CVE-2020-36185
>= 8.2.0.0 and <= 8.2.2.1
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org
8.1
HIGH
CVE-2020-36184
>= 8.2.0.0 and <= 8.2.2.1
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org
8.1
HIGH
CVE-2020-36181
>= 8.2.0.0 and <= 8.2.2.1
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org
8.1
HIGH
CVE-2020-35728
>= 8.2.0.0 and <= 8.2.2.1
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com
8.1
HIGH
CVE-2020-28052
>= 8.2.0 and <= 8.2.4
An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compa
8.1
HIGH
CVE-2020-27218
>= 8.0.0 and <= 8.2.4
In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP
4.8
MEDIUM
CVE-2020-24750
>= 8.2.0 and <= 8.2.2.1
FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com
8.1
HIGH
CVE-2020-11998
>= 8.0.0 and <= 8.2.2
A regression has been introduced in the commit preventing JMX re-bind. By passing an empty environment map to RMIConnectorServer,
9.8
CRITICAL
CVE-2020-9490
>= 8.2.0 and <= 8.2.2
Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would re
7.5
HIGH
CVE-2020-11993
>= 8.2.0 and <= 8.2.2
Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patter
7.5
HIGH
CVE-2020-11984
>= 8.2.0 and <= 8.2.2
Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE
9.8
CRITICAL
CVE-2020-14195
>= 8.2.0 and <= 8.2.2
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org
8.1
HIGH
CVE-2020-14060
>= 8.2.0 and <= 8.2.2
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oad
8.1
HIGH
CVE-2020-14062
>= 8.2.0 and <= 8.2.2
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com
8.1
HIGH
CVE-2020-14061
>= 8.2.0 and <= 8.2.2
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to ora
8.1
HIGH
CVE-2020-9484
>= 8.2.0 and <= 8.2.2
When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attack
7.0
HIGH
CVE-2020-1941
all versions
In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open to XSS, in the view that lists the contents of a queue.
6.1
MEDIUM
CVE-2020-11023
all versions
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sourc
6.9
MEDIUM
CVE-2020-11655
>= 8.2.0 and <= 8.2.2
SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query bec
7.5
HIGH
CVE-2020-1927
all versions
In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fo
6.1
MEDIUM
CVE-2020-1954
>= 8.2.0 and <= 8.2.2
Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the ‘cr
5.3
MEDIUM
CVE-2020-1934
all versions
In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server.
5.3
MEDIUM
CVE-2020-11113
>= 8.2.0 and <= 8.2.2
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org
8.8
HIGH
CVE-2020-11112
>= 8.2.0 and <= 8.2.2
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org
8.8
HIGH
CVE-2020-11111
>= 8.2.0 and <= 8.2.2
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org
8.8
HIGH
CVE-2020-10969
>= 8.2.0 and <= 8.2.2
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to jav
8.8
HIGH
CVE-2020-10968
>= 8.2.0 and <= 8.2.2
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org
8.8
HIGH
CVE-2020-10673
>= 8.2.0 and <= 8.2.2
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com
8.8
HIGH
CVE-2020-10672
>= 8.2.0 and <= 8.2.2
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org
8.8
HIGH
CVE-2020-9548
>= 8.2.0 and <= 8.2.2
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.
9.8
CRITICAL
CVE-2020-9546
>= 8.2.0 and <= 8.2.2
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org
9.8
CRITICAL
CVE-2020-5397
all versions
Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring
5.3
MEDIUM
CVE-2020-5398
all versions
In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an applica
7.5
HIGH
CVE-2019-17573
all versions
By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage i
6.1
MEDIUM
CVE-2019-12423
all versions
Apache CXF ships with a OpenId Connect JWK Keys service, which allows a client to obtain the public keys in JWK format, which can
7.5
HIGH
CVE-2019-17359
>= 8.2.0 and <= 8.2.2
The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigger a large attempted memory allocation, and resultant OutOfMe
7.5
HIGH
CVE-2019-10097
all versions
In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the "PROXY"
7.2
HIGH
CVE-2019-12402
>= 8.2.0 and <= 8.2.2
The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced
7.5
HIGH
CVE-2019-13990
>= 8.2.0 and <= 8.2.2
initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a jo
9.8
CRITICAL
CVE-2019-0197
all versions
A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enable
4.2
MEDIUM
CVE-2019-0227
all versions
A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Secur
7.5
HIGH
CVE-2019-5427
>= 8.2.0 and <= 8.2.2
c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections again
7.5
HIGH
CVE-2019-10247
all versions
In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jett
5.3
MEDIUM
CVE-2019-10246
all versions
In Eclipse Jetty version 9.2.27, 9.3.26, and 9.4.16, the server running on Windows is vulnerable to exposure of the fully qualifie
5.3
MEDIUM
CVE-2019-11358
all versions
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Objec
6.1
MEDIUM
CVE-2019-0211
all versions
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child pr
7.8
HIGH
CVE-2018-15756
all versions
Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on t
7.5
HIGH
CVE-2018-8032
all versions
Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services.
6.1
MEDIUM
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin