Vulnerabilities > Oracle > Communications Offline Mediation Controller > 12.0.0.3.0

DATE CVE VULNERABILITY TITLE RISK
2020-11-28 CVE-2020-27218 In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that is received entirely but not consumed by the application, then a subsequent request on the same connection will see that body prepended to its body.
network
high complexity
eclipse netapp oracle apache debian
4.8
4.8
2020-11-12 CVE-2019-17566 Server-Side Request Forgery (SSRF) vulnerability in multiple products
Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes.
network
low complexity
apache oracle CWE-918
7.5
7.5
2020-11-06 CVE-2020-28196 Uncontrolled Recursion vulnerability in multiple products
MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite lengths lacks a recursion limit.
network
low complexity
mit fedoraproject netapp oracle CWE-674
7.5
7.5
2020-10-23 CVE-2020-27216 In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system.
local
high complexity
eclipse netapp oracle apache debian
7.0
7.0
2020-10-20 CVE-2020-25648 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3.
network
low complexity
mozilla redhat fedoraproject oracle CWE-770
7.5
7.5
2020-09-17 CVE-2020-24750 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.
network
high complexity
fasterxml oracle debian CWE-502
8.1
8.1
2020-06-05 CVE-2020-12723 Classic Buffer Overflow vulnerability in multiple products
regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.
network
low complexity
perl netapp fedoraproject opensuse oracle CWE-120
7.5
7.5
2020-06-05 CVE-2020-10878 Integer Overflow or Wraparound vulnerability in multiple products
Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation.
network
low complexity
perl fedoraproject opensuse netapp oracle CWE-190
8.6
8.6
2020-06-05 CVE-2020-10543 Integer Overflow or Wraparound vulnerability in multiple products
Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.
network
low complexity
perl fedoraproject opensuse oracle CWE-190
8.2
8.2
2020-04-27 CVE-2020-9488 Improper Certificate Validation vulnerability in multiple products
Improper validation of certificate with host mismatch in Apache Log4j SMTP appender.
network
high complexity
apache oracle debian qos CWE-295
3.7
3.7