Oracle Communications Billing And Revenue Management — known CVE vulnerabilities
Every CVE whose affected-product data names Oracle Communications Billing And Revenue Management, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVE-2022-21389 — CVSS 10.0 (critical): Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component…
CVE-2022-21390 — CVSS 10.0 (critical): Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component…
CVE-2022-21275 — CVSS 10.0 (critical): Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component…
CVE-2022-21431 — CVSS 10.0 (critical): Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component…
CVE-2022-21276 — CVSS 9.9 (critical): Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component…
CVE-2022-21391 — CVSS 9.9 (critical): Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component…
CVE-2017-15095 — CVSS 9.8 (critical): A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated…
CVE-2018-14718 — CVSS 9.8 (critical): FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the…
CVE-2018-7489 — CVSS 9.8 (critical): FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution…
CVE-2017-7525 — CVSS 9.8 (critical): A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an…
CVE-2018-14720 — CVSS 9.8 (critical): FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to…
CVE-2019-16942 — CVSS 9.8 (critical): A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either…
CVE-2019-16943 — CVSS 9.8 (critical): A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either…
CVE-2019-17531 — CVSS 9.8 (critical): A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either…
CVE-2018-14719 — CVSS 9.8 (critical): FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the…
CVE-2020-10878 — CVSS 8.6 (high): Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular…
CVE-2022-21430 — CVSS 8.5 (high): Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component…
CVE-2021-2351 — CVSS 8.3 (high): Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2…
CVE-2022-21424 — CVSS 8.3 (high): Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component…
CVE-2020-10543 — CVSS 8.2 (high): Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer…
CVE-2020-36180 — CVSS 8.1 (high): FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to…
CVE-2020-36181 — CVSS 8.1 (high): FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to…
CVE-2020-36182 — CVSS 8.1 (high): FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to…
CVE-2020-36183 — CVSS 8.1 (high): FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to…
CVE-2020-36184 — CVSS 8.1 (high): FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to…
CVE-2020-36185 — CVSS 8.1 (high): FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to…
CVE-2020-36186 — CVSS 8.1 (high): FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to…
CVE-2020-36187 — CVSS 8.1 (high): FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to…
CVE-2020-36188 — CVSS 8.1 (high): FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to…
CVE-2020-36189 — CVSS 8.1 (high): FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to…
CVE-2020-35728 — CVSS 8.1 (high): FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to…
CVE-2022-21429 — CVSS 8.1 (high): Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Billing…
CVE-2020-36179 — CVSS 8.1 (high): FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to…
CVE-2021-3345 — CVSS 7.8 (high): _gcry_md_block_write in cipher/hash-common.c in Libgcrypt version 1.9.0 has a heap-based buffer overflow when the digest final function…
CVE-2016-2381 — CVSS 7.5 (high): Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment…
CVE-2020-12723 — CVSS 7.5 (high): regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.
CVE-2020-25649 — CVSS 7.5 (high): A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to…
CVE-2020-36518 — CVSS 7.5 (high): jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.
CVE-2020-8285 — CVSS 7.5 (high): curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing.
CVE-2020-8286 — CVSS 7.5 (high): curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP…
CVE-2021-35515 — CVSS 7.5 (high): When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite…
CVE-2021-35516 — CVSS 7.5 (high): When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out of…
CVE-2021-35517 — CVSS 7.5 (high): When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an out of…
CVE-2021-36090 — CVSS 7.5 (high): When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of…
CVE-2022-21266 — CVSS 7.5 (high): Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component…
CVE-2022-21422 — CVSS 7.5 (high): Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component…
CVE-2019-10086 — CVSS 7.3 (high): In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to…
CVE-2020-11022 — CVSS 6.9 (medium): In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM…
CVE-2020-7017 — CVSS 6.7 (medium): In Kibana versions before 6.8.11 and 7.8.1 the region map visualization in contains a stored XSS flaw. An attacker who is able to edit or…
CVE-2022-21573 — CVSS 6.5 (medium): Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Billing…
CVE-2022-21601 — CVSS 6.5 (medium): Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component…
CVE-2019-11358 — CVSS 6.1 (medium): jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of…
CVE-2019-10219 — CVSS 6.1 (medium): A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of…
CVE-2021-45105 — CVSS 5.9 (medium): Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from…
CVE-2022-21572 — CVSS 5.4 (medium): Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Billing…
CVE-2021-22876 — CVSS 5.3 (medium): curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking…
CVE-2022-21574 — CVSS 5.3 (medium): Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component…
CVE-2020-7016 — CVSS 4.8 (medium): Kibana versions before 6.8.11 and 7.8.1 contain a denial of service (DoS) flaw in Timelion. An attacker can construct a URL that when…
CVE-2020-8284 — CVSS 3.7 (low): A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and…
CVE-2021-22890 — CVSS 3.7 (low): curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of…
CVE-2020-9488 — CVSS 3.7 (low): Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted…
CVE-2022-21268 — CVSS 3.3 (low): Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component…
CVE-2022-21267 — CVSS 3.3 (low): Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component…