Oracle Communications Policy Management — known CVE vulnerabilities
Every CVE whose affected-product data names Oracle Communications Policy Management, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (50)
CVE-2015-0235 — CVSS 10.0 (critical): Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows…
CVE-2019-0230 — CVSS 9.8 (critical): Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code…
CVE-2021-43527 — CVSS 9.8 (critical): NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or…
CVE-2020-36184 — CVSS 8.1 (high): FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to…
CVE-2020-36183 — CVSS 8.1 (high): FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to…
CVE-2020-36182 — CVSS 8.1 (high): FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to…
CVE-2020-36181 — CVSS 8.1 (high): FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to…
CVE-2020-36180 — CVSS 8.1 (high): FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to…
CVE-2020-36179 — CVSS 8.1 (high): FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to…
CVE-2020-35728 — CVSS 8.1 (high): FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to…
CVE-2020-24616 — CVSS 8.1 (high): FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to…
CVE-2020-24750 — CVSS 8.1 (high): FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to…
CVE-2020-36188 — CVSS 8.1 (high): FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to…
CVE-2020-36187 — CVSS 8.1 (high): FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to…
CVE-2020-36186 — CVSS 8.1 (high): FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to…
CVE-2020-36185 — CVSS 8.1 (high): FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to…
CVE-2020-26217 — CVSS 8.0 (high): XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell…
CVE-2020-5258 — CVSS 7.7 (high): In affected versions of dojo (NPM package), the deepCopy method is vulnerable to Prototype Pollution. Prototype Pollution refers to the…
CVE-2015-0411 — CVSS 7.5 (high): Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote attackers to affect…
CVE-2019-0233 — CVSS 7.5 (high): An access permission override in Apache Struts 2.0.0 to 2.5.20 may cause a Denial of Service when performing a file upload.
CVE-2020-5398 — CVSS 7.5 (high): In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is…
CVE-2021-43859 — CVSS 7.5 (high): XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote attacker to…
CVE-2021-23450 — CVSS 7.5 (high): All versions of package dojo are vulnerable to Prototype Pollution via the setObject function.
CVE-2017-3633 — CVSS 6.5 (medium): Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are…
CVE-2021-21346 — CVSS 6.1 (medium): XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may…
CVE-2021-21347 — CVSS 6.1 (medium): XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may…
CVE-2021-21349 — CVSS 6.1 (medium): XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may…
CVE-2017-10159 — CVSS 6.1 (medium): Vulnerability in the Oracle Communications Policy Management component of Oracle Communications Applications (subcomponent: Portal, CMP)…
CVE-2018-1271 — CVSS 5.9 (medium): Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to…
CVE-2021-21345 — CVSS 5.8 (medium): XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may…
CVE-2021-21351 — CVSS 5.4 (medium): XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability may allow…
CVE-2021-21343 — CVSS 5.3 (medium): XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the…
CVE-2020-5397 — CVSS 5.3 (medium): Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC…
CVE-2021-21342 — CVSS 5.3 (medium): XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the…
CVE-2021-21344 — CVSS 5.3 (medium): XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may…
CVE-2021-21348 — CVSS 5.3 (medium): XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may…
CVE-2021-21350 — CVSS 5.3 (medium): XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may…
CVE-2021-33037 — CVSS 5.3 (medium): Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header…
CVE-2015-2568 — CVSS 5.0 (medium): Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote attackers to affect availability…
CVE-2021-29425 — CVSS 4.8 (medium): In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or…
CVE-2015-0382 — CVSS 4.3 (medium): Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability…
CVE-2015-0381 — CVSS 4.3 (medium): Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability…
CVE-2015-0433 — CVSS 4.0 (medium): Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect…
CVE-2015-0409 — CVSS 4.0 (medium): Unspecified vulnerability in Oracle MySQL Server 5.6.21 and earlier allows remote authenticated users to affect availability via unknown…
CVE-2015-0423 — CVSS 4.0 (medium): Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown…
CVE-2015-0500 — CVSS 4.0 (medium): Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown…
CVE-2015-2808 — CVSS 3.7 (low): The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the…