Latest oracle communications billing and revenue management Vulnerabilities

CVE-2022-21574
Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Connection Manager). Supported versions that are affected are 12.0.0...
Oracle Communications Billing and Revenue Management>=12.0.0.4.0<=12.0.0.6.0
CVE-2022-21573
Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Billing Care). Supported versions that are affected are 12.0.0.4.0-1...
Oracle Communications Billing and Revenue Management>=12.0.0.4.0<=12.0.0.6.0
CVE-2022-21572
Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Billing Care). Supported versions that are affected are 12.0.0.4.0-1...
Oracle Communications Billing and Revenue Management>=12.0.0.4.0<=12.0.0.6.0
CVE-2022-21429
Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Billing Care). Supported versions that are affected are 12.0.0.4.0-1...
Oracle Communications Billing and Revenue Management>=12.0.0.4.0<=12.0.0.6.0
CVE-2022-21431
Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Connection Manager). Supported versions that are affected are 12.0.0...
Oracle Communications Billing and Revenue Management=12.0.0.4
Oracle Communications Billing and Revenue Management=12.0.0.5
CVE-2022-21430
Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Connection Manager). Supported versions that are affected are 12.0.0...
Oracle Communications Billing and Revenue Management=12.0.0.4
Oracle Communications Billing and Revenue Management=12.0.0.5
CVE-2022-21424
Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Connection Manager). The supported version that is affected is 12.0....
Oracle Communications Billing and Revenue Management=12.0.0.4
CVE-2022-21422
Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Connection Manager). Supported versions that are affected are 12.0.0...
Oracle Communications Billing and Revenue Management=12.0.0.4
Oracle Communications Billing and Revenue Management=12.0.0.5
CVE-2022-21389
Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Connection Manager). Supported versions that are affected are 12.0.0...
Oracle Communications Billing and Revenue Management=12.0.0.3.0
Oracle Communications Billing and Revenue Management=12.0.0.4.0
CVE-2022-21391
Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Connection Manager). Supported versions that are affected are 12.0.0...
Oracle Communications Billing and Revenue Management=12.0.0.3.0
Oracle Communications Billing and Revenue Management=12.0.0.4.0
CVE-2022-21390
Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Webservices Manager). Supported versions that are affected are 12.0....
Oracle Communications Billing and Revenue Management=12.0.0.3.0
Oracle Communications Billing and Revenue Management=12.0.0.4.0
CVE-2022-21266
Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Pipeline Manager). Supported versions that are affected are 12.0.0.3...
Oracle Communications Billing and Revenue Management=12.0.0.3.0
Oracle Communications Billing and Revenue Management=12.0.0.4.0
CVE-2022-21275
Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Connection Manager). Supported versions that are affected are 12.0.0...
Oracle Communications Billing and Revenue Management=12.0.0.3.0
Oracle Communications Billing and Revenue Management=12.0.0.4.0
CVE-2022-21268
Oracle Communications Billing and Revenue Management=12.0.0.3.0
Oracle Communications Billing and Revenue Management=12.0.0.4.0
CVE-2022-21267
Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Pipeline Manager). Supported versions that are affected are 12.0.0.3...
Oracle Communications Billing and Revenue Management=12.0.0.3.0
Oracle Communications Billing and Revenue Management=12.0.0.4.0
CVE-2021-45105
Apache Log4j StrSubstitutor Uncontrolled Recursion Denial-of-Service Vulnerability
redhat/eap7-log4j<0:2.17.1-1.redhat_00001.1.el8ea
redhat/eap7-log4j<0:2.17.1-1.redhat_00001.1.el7ea
redhat/rh-sso7-keycloak<0:15.0.6-1.redhat_00001.1.el7
redhat/rh-sso7-keycloak<0:15.0.6-1.redhat_00001.1.el8
debian/apache-log4j2
debian/apache-log4j2<=2.16.0-1~deb10u1<=2.16.0-1<=2.16.0-1~deb11u1
and 217 more
CVE-2021-2351
Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unau...
Oracle Advanced Networking Option=12.1.0.2
Oracle Advanced Networking Option=12.2.0.1
Oracle Advanced Networking Option=19c
Oracle Agile Engineering Data Management=6.2.1.0
Oracle Agile PLM=9.3.6
Oracle Agile Product Lifecycle Management for Process=6.2.2.0
and 242 more
CVE-2021-36090
A flaw was found in apache-commons-compress. When reading a specially crafted ZIP archive, Compress can allocate large amounts of memory that leads to an out-of-memory error for small inputs. This fla...
redhat/apache-commons-compress<0:1.21-1.2.el8e
IBM Cloud Pak System<=V2.3.0 - V2.3.3.3 Interim Fix 1
redhat/apache-commons-compress<1.21
Apache Commons Compress>=1.0<1.21
Oracle Banking Apis>=18.1<=18.3
Oracle Banking Apis=19.1
and 69 more
CVE-2021-35515
A flaw was found in apache-commons-compress. When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This flaw allo...
redhat/apache-commons-compress<0:1.21-1.2.el8e
redhat/apache-commons-compress<1.21
Apache Commons Compress>=1.6<=1.20
Netapp Active Iq Unified Manager Linux
Netapp Active Iq Unified Manager Vmware Vsphere
Netapp Active Iq Unified Manager Windows
and 43 more
CVE-2021-35517
A flaw was found in apache-commons-compress. When reading a specially crafted TAR archive, Compress can allocate large amounts of memory that leads to an out-of-memory error for small inputs. This fla...
redhat/apache-commons-compress<0:1.21-1.2.el8e
redhat/apache-commons-compress<1.21
Apache Commons Compress>=1.1<=1.20
Netapp Active Iq Unified Manager Linux
Netapp Active Iq Unified Manager Vmware Vsphere
Netapp Active Iq Unified Manager Windows
and 50 more
CVE-2021-35516
A flaw was found in apache-commons-compress. When reading a specially crafted 7Z archive, Compress can allocate large amounts of memory that leads to an out-of-memory error for very small inputs. This...
redhat/apache-commons-compress<0:1.21-1.2.el8e
redhat/apache-commons-compress<1.21
Apache Commons Compress>=1.6<=1.20
Netapp Active Iq Unified Manager Linux
Netapp Active Iq Unified Manager Vmware Vsphere
Netapp Active Iq Unified Manager Windows
and 43 more
CVE-2021-22890
curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.3...
redhat/jbcs-httpd24<0:1-18.el8
redhat/jbcs-httpd24-apr<0:1.6.3-105.el8
redhat/jbcs-httpd24-apr-util<0:1.6.1-82.el8
redhat/jbcs-httpd24-brotli<0:1.0.6-40.el8
redhat/jbcs-httpd24-curl<0:7.77.0-2.el8
redhat/jbcs-httpd24-httpd<0:2.4.37-74.el8
and 28 more
CVE-2021-22876
cURL libcurl could allow a remote attacker to obtain sensitive information, caused by the failure to strip off user credentials from the URL when automatically populating the Referer: HTTP request hea...
redhat/jbcs-httpd24<0:1-18.el8
redhat/jbcs-httpd24-apr<0:1.6.3-105.el8
redhat/jbcs-httpd24-apr-util<0:1.6.1-82.el8
redhat/jbcs-httpd24-brotli<0:1.0.6-40.el8
redhat/jbcs-httpd24-curl<0:7.77.0-2.el8
redhat/jbcs-httpd24-httpd<0:2.4.37-74.el8
and 34 more
CVE-2021-3345
_gcry_md_block_write in cipher/hash-common.c in Libgcrypt version 1.9.0 has a heap-based buffer overflow when the digest final function sets a large count value. It is recommended to upgrade to 1.9.1 ...
GnuPG Libgcrypt=1.9.0
Oracle Communications Billing and Revenue Management=12.0.0.3.0
CVE-2020-36180
A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity...
maven/com.fasterxml.jackson.core:jackson-databind>=2.0.0<2.6.7.5
maven/com.fasterxml.jackson.core:jackson-databind>=2.7.0<2.9.10.8
redhat/jackson-databind<2.9.10.8
Netapp Cloud Backup
NetApp Service Level Manager
Debian Debian Linux=9.0
and 72 more
CVE-2020-36181
A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity...
maven/com.fasterxml.jackson.core:jackson-databind>=2.0.0<2.6.7.5
maven/com.fasterxml.jackson.core:jackson-databind>=2.7.0<2.9.10.8
redhat/jackson-databind<2.9.10.8
NetApp Service Level Manager
Debian Debian Linux=9.0
Oracle Agile PLM=9.3.6
and 71 more
CVE-2020-36179
A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity...
maven/com.fasterxml.jackson.core:jackson-databind>=2.0.0<2.6.7.5
maven/com.fasterxml.jackson.core:jackson-databind>=2.7.0<2.9.10.8
redhat/jackson-databind<2.9.10.8
Netapp Cloud Backup
NetApp Service Level Manager
Debian Debian Linux=9.0
and 65 more
CVE-2020-36183
A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity...
maven/com.fasterxml.jackson.core:jackson-databind>=2.0.0<2.6.7.5
maven/com.fasterxml.jackson.core:jackson-databind>=2.7.00<2.9.10.8
redhat/jackson-databind<2.9.10.8
FasterXML jackson-databind>=2.0.0.<2.6.7.5
FasterXML jackson-databind>=2.7.0<2.9.10.8
Netapp Cloud Backup
and 72 more
CVE-2020-36182
A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity...
maven/com.fasterxml.jackson.core:jackson-databind>=2.0.0<2.6.7.5
maven/com.fasterxml.jackson.core:jackson-databind>=2.7.0<2.9.10.8
redhat/jackson-databind<2.9.10.8
FasterXML jackson-databind>=2.0.0<2.6.7.5
FasterXML jackson-databind>=2.7.0<2.9.10.8
Netapp Cloud Backup
and 72 more
CVE-2020-36184
A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity...
maven/com.fasterxml.jackson.core:jackson-databind>=2.0.0<2.9.10.8
redhat/jackson-databind<2.9.10.8
Netapp Cloud Backup
NetApp Service Level Manager
Debian Debian Linux=9.0
Oracle Agile PLM=9.3.6
and 71 more
CVE-2020-36185
A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity...
maven/com.fasterxml.jackson.core:jackson-databind>=2.0.0<2.9.10.8
redhat/jackson-databind<2.9.10.8
FasterXML jackson-databind>=2.0.0<2.6.7.5
FasterXML jackson-databind>=2.7.0<2.9.10.8
Netapp Cloud Backup
NetApp Service Level Manager
and 71 more
CVE-2020-35728
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka em...
IBM Disconnected Log Collector<=v1.0 - v1.8.2
maven/com.fasterxml.jackson.core:jackson-databind>=2.0.0<=2.9.10.7
redhat/jackson-databind<2.9.10.8
FasterXML jackson-databind>=2.9.0<2.9.10.8
Debian Debian Linux=9.0
NetApp Service Level Manager
and 62 more
CVE-2020-36188
A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity...
maven/com.fasterxml.jackson.core:jackson-databind>=2.0.0<2.6.7.5
maven/com.fasterxml.jackson.core:jackson-databind>=2.7.0<2.9.10.8
IBM Disconnected Log Collector<=v1.0 - v1.8.2
redhat/jackson-databind<2.9.10.8
FasterXML jackson-databind>=2.0.0<2.6.7.5
FasterXML jackson-databind>=2.7.0<2.9.10.8
and 73 more
CVE-2020-36189
A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity...
maven/com.fasterxml.jackson.core:jackson-databind<2.6.7.5
maven/com.fasterxml.jackson.core:jackson-databind>=2.7.0<2.9.10.8
IBM Disconnected Log Collector<=v1.0 - v1.8.2
redhat/jackson-databind<2.9.10.8
FasterXML jackson-databind>=2.0.0<2.6.7.5
FasterXML jackson-databind>=2.7.0<2.9.10.8
and 65 more
CVE-2020-36186
A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity...
maven/com.fasterxml.jackson.core:jackson-databind>=2.0.0<2.9.10.8
redhat/jackson-databind<2.9.10.8
FasterXML jackson-databind>=2.0.0<2.6.7.5
FasterXML jackson-databind>=2.7.0<2.9.10.8
Netapp Cloud Backup
NetApp Service Level Manager
and 71 more
CVE-2020-36187
A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity...
maven/com.fasterxml.jackson.core:jackson-databind>=2.0.0<2.9.10.8
redhat/jackson-databind<2.9.10.8
FasterXML jackson-databind>=2.0.0<2.6.7.5
FasterXML jackson-databind>=2.7.0<2.9.10.8
Netapp Cloud Backup
NetApp Service Level Manager
and 71 more
CVE-2020-8286
curl. This issue was addressed with improved checks.
redhat/jbcs-httpd24<0:1-18.el8
redhat/jbcs-httpd24-apr<0:1.6.3-105.el8
redhat/jbcs-httpd24-apr-util<0:1.6.1-82.el8
redhat/jbcs-httpd24-brotli<0:1.0.6-40.el8
redhat/jbcs-httpd24-curl<0:7.77.0-2.el8
redhat/jbcs-httpd24-httpd<0:2.4.37-74.el8
and 67 more
CVE-2020-8285
curl. A buffer overflow was addressed with improved input validation.
redhat/jbcs-httpd24<0:1-18.el8
redhat/jbcs-httpd24-apr<0:1.6.3-105.el8
redhat/jbcs-httpd24-apr-util<0:1.6.1-82.el8
redhat/jbcs-httpd24-brotli<0:1.0.6-40.el8
redhat/jbcs-httpd24-curl<0:7.77.0-2.el8
redhat/jbcs-httpd24-httpd<0:2.4.37-74.el8
and 105 more
CVE-2020-8284
curl. This issue was addressed with improved checks.
redhat/jbcs-httpd24<0:1-18.el8
redhat/jbcs-httpd24-apr<0:1.6.3-105.el8
redhat/jbcs-httpd24-apr-util<0:1.6.1-82.el8
redhat/jbcs-httpd24-brotli<0:1.0.6-40.el8
redhat/jbcs-httpd24-curl<0:7.77.0-2.el8
redhat/jbcs-httpd24-httpd<0:2.4.37-74.el8
and 113 more
CVE-2020-36518
A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.
debian/jackson-databind<=2.9.8-3+deb10u3
redhat/jackson-databind<0:2.14.1-2.el9
redhat/eap7-jackson-databind<0:2.12.6.1-1.redhat_00003.1.el8ea
redhat/eap7-jackson-databind<0:2.12.6.1-1.redhat_00003.1.el7ea
redhat/rh-sso7-keycloak<0:15.0.8-1.redhat_00001.1.el7
redhat/rh-sso7-keycloak<0:15.0.8-1.redhat_00001.1.el8
and 88 more
CVE-2020-7016
Kibana versions before 6.8.11 and 7.8.1 contain a denial of service (DoS) flaw in Timelion. An attacker can construct a URL that when viewed by a Kibana user can lead to the Kibana process consuming l...
Elasticsearch Kibana<6.8.11
Elasticsearch Kibana>=7.0.0<7.8.1
Oracle Communications Billing and Revenue Management=12.0.0.3.0
Oracle Communications Cloud Native Core Network Function Cloud Native Environment=1.7.0
Oracle PeopleSoft Enterprise PeopleTools=8.58
CVE-2020-7017
In Kibana versions before 6.8.11 and 7.8.1 the region map visualization in contains a stored XSS flaw. An attacker who is able to edit or create a region map visualization could obtain sensitive infor...
Elasticsearch Kibana<6.8.11
Elasticsearch Kibana>=7.0.0<7.8.1
Oracle Communications Billing and Revenue Management=12.0.0.3.0
Oracle Communications Cloud Native Core Network Function Cloud Native Environment=1.7.0
Oracle PeopleSoft Enterprise PeopleTools=8.58
CVE-2020-12723
Perl. This issue was addressed with improved checks.
IBM BM Security Guardium<=11.3
IBM Security Guardium<=11.4
IBM Security Guardium<=11.5
Apple macOS Catalina<10.15.6
Apple Mojave
Apple High Sierra
and 21 more
CVE-2020-10543
Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.
IBM BM Security Guardium<=11.3
IBM Security Guardium<=11.4
IBM Security Guardium<=11.5
Perl Perl<5.30.3
Fedoraproject Fedora=31
openSUSE Leap=15.1
and 20 more
CVE-2020-10878
Perl. This issue was addressed with improved checks.
IBM BM Security Guardium<=11.3
IBM Security Guardium<=11.4
IBM Security Guardium<=11.5
Apple macOS Catalina<10.15.6
Apple Mojave
Apple High Sierra
and 25 more
CVE-2020-8203
A flaw was found in nodejs-lodash in versions 4.17.15 and earlier. A prototype pollution attack is possible which can lead to arbitrary code execution. The primary threat from this vulnerability is to...
redhat/kiali<0:v1.12.10.redhat2-1.el7
redhat/ior<0:1.1.6-1.el8
redhat/servicemesh<0:1.1.6-1.el8
redhat/servicemesh-cni<0:1.1.6-1.el8
redhat/servicemesh-grafana<0:6.4.3-13.el8
redhat/servicemesh-operator<0:1.1.6-2.el8
and 54 more
CVE-2020-9488
Apache Log4j is vulnerable to a man-in-the-middle attack, caused by improper certificate validation with host mismatch in the SMTP appender. An attacker could exploit this vulnerability to launch a ma...
debian/apache-log4j2
redhat/qpid-cpp<0:1.36.0-31.el6_10a
redhat/qpid-proton<0:0.32.0-1.el6_10
redhat/qpid-cpp<0:1.36.0-31.el7a
redhat/qpid-proton<0:0.32.0-2.el7
redhat/nodejs-rhea<0:1.0.24-1.el8
and 110 more
CVE-2020-11022
### Impact Passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. `.html()`, `.append()`, and others) may execute untrusted code. ### Patch...
rubygems/jquery-rails<4.4.0
maven/org.webjars.npm:jquery>=1.2.0<3.5.0
nuget/jquery>=1.2.0<3.5.0
npm/jquery>=1.2.0<3.5.0
redhat/qpid-dispatch<0:1.13.0-3.el6_10
redhat/qpid-dispatch<0:1.13.0-3.el7
and 164 more
CVE-2020-25649
A flaw was found in FasterXML Jackson Databind which did not have entity expansion secured properly making it vulnerable to XML external entity (XXE). This vulnerability is similar to <a href="https:...
redhat/eap7-jackson-databind<0:2.10.4-1.redhat_00002.1.el6ea
redhat/eap7-activemq-artemis<0:2.9.0-6.redhat_00016.1.el6ea
redhat/eap7-fge-btf<0:1.2.0-1.redhat_00007.1.el6ea
redhat/eap7-fge-msg-simple<0:1.1.0-1.redhat_00007.1.el6ea
redhat/eap7-hal-console<0:3.2.11-1.Final_redhat_00001.1.el6ea
redhat/eap7-hibernate-validator<0:6.0.21-1.Final_redhat_00001.1.el6ea
and 147 more
CVE-2019-20330
A lacking of certain net.sf.ehcache blocking in FasterXML jackson-databind has an unknown impact and attack vector.
redhat/candlepin<0:2.6.16-1.el7
redhat/foreman<0:1.22.0.39-2.el7
redhat/satellite<0:6.6.3-1.el7
redhat/tfm-rubygem-fog-ovirt<0:1.2.3-1.el7
redhat/tfm-rubygem-katello<0:3.12.0.41-1.el7
redhat/tfm-rubygem-runcible<0:2.13.0-1.el7
and 79 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203