Oracle Communications Operations Monitor — known CVE vulnerabilities
Every CVE whose affected-product data names Oracle Communications Operations Monitor, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (45)
CVE-2019-3822 — CVSS 9.8 (critical): libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM…
CVE-2018-11218 — CVSS 9.8 (critical): Memory Corruption was discovered in the cmsgpack library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0…
CVE-2021-44790 — CVSS 9.8 (critical): A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The…
CVE-2018-11219 — CVSS 9.8 (critical): An Integer Overflow issue was discovered in the struct library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x…
CVE-2021-44224 — CVSS 8.2 (high): A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for…
CVE-2021-23017 — CVSS 7.7 (high): A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to…
CVE-2020-14147 — CVSS 7.7 (high): An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run…
CVE-2021-32626 — CVSS 7.5 (high): Redis is an open source, in-memory database that persists on disk. In affected versions specially crafted Lua scripts executing in Redis…
CVE-2021-32628 — CVSS 7.5 (high): Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the ziplist data structure used by all…
CVE-2018-16890 — CVSS 7.5 (high): libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2…
CVE-2017-3730 — CVSS 7.5 (high): In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the…
CVE-2021-41099 — CVSS 7.5 (high): Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the underlying string library can be used to…
CVE-2021-32762 — CVSS 7.5 (high): Redis is an open source, in-memory database that persists on disk. The redis-cli command line tool and redis-sentinel service may be…
CVE-2019-16056 — CVSS 7.5 (high): An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly…
CVE-2021-32687 — CVSS 7.5 (high): Redis is an open source, in-memory database that persists on disk. An integer overflow bug affecting all versions of Redis can be exploited…
CVE-2021-32675 — CVSS 7.5 (high): Redis is an open source, in-memory database that persists on disk. When parsing an incoming Redis Standard Protocol (RESP) request, Redis…
CVE-2021-32627 — CVSS 7.5 (high): Redis is an open source, in-memory database that persists on disk. In affected versions an integer overflow bug in Redis can be exploited…
CVE-2019-10192 — CVSS 7.2 (high): A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and…
CVE-2019-10193 — CVSS 7.2 (high): A stack-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and…
CVE-2022-21395 — CVSS 7.2 (high): Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine). Supported…
CVE-2022-21403 — CVSS 6.6 (medium): Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine). Supported…
CVE-2022-21401 — CVSS 6.6 (medium): Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine). Supported…
CVE-2022-21399 — CVSS 6.6 (medium): Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine). Supported…
CVE-2021-41182 — CVSS 6.5 (medium): jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the…
CVE-2016-3513 — CVSS 6.5 (medium): Unspecified vulnerability in the Oracle Communications Operations Monitor component in Oracle Communications Applications before 3.3.92.0.0…
CVE-2021-41183 — CVSS 6.5 (medium): jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the…
CVE-2021-41184 — CVSS 6.5 (medium): jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the…
CVE-2019-10219 — CVSS 6.1 (medium): A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of…
CVE-2019-11358 — CVSS 6.1 (medium): jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of…
CVE-2022-21246 — CVSS 5.4 (medium): Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine). Supported…
CVE-2022-21396 — CVSS 5.4 (medium): Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine). Supported…
CVE-2022-21397 — CVSS 5.4 (medium): Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine). Supported…
CVE-2022-21398 — CVSS 5.4 (medium): Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine). Supported…
CVE-2022-21400 — CVSS 5.4 (medium): Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine). Supported…
CVE-2021-32672 — CVSS 5.3 (medium): Redis is an open source, in-memory database that persists on disk. When using the Redis Lua Debugger, users can send malformed requests…
CVE-2019-15165 — CVSS 5.3 (medium): sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB header length before allocating memory.
CVE-2022-21402 — CVSS 4.8 (medium): Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine). Supported…
CVE-2019-3823 — CVSS 4.3 (medium): libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for…
CVE-2022-24735 — CVSS 3.9 (low): Redis is an in-memory database that persists on disk. By exploiting weaknesses in the Lua script execution environment, an attacker with…
CVE-2022-24736 — CVSS 3.3 (low): Redis is an in-memory database that persists on disk. Prior to versions 6.2.7 and 7.0.0, an attacker attempting to load a specially crafted…