Vulnerabilities > Oracle > Communications Operations Monitor > 4.2

DATE	CVE	VULNERABILITY TITLE	RISK
2021-06-01	CVE-2021-23017	Off-by-one Error vulnerability in multiple products A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact. network high complexity f5 openresty fedoraproject netapp oracle CWE-193	7.7
2020-06-15	CVE-2020-14147	Integer Overflow or Wraparound vulnerability in multiple products An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow. network low complexity redislabs oracle suse debian CWE-190	4.0
2020-04-29	CVE-2020-11023	Cross-site Scripting vulnerability in multiple products In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. network low complexity jquery debian fedoraproject drupal oracle netapp tenable CWE-79	6.1
2019-11-08	CVE-2019-10219	Cross-site Scripting vulnerability in multiple products A vulnerability was found in Hibernate-Validator. network low complexity redhat netapp oracle CWE-79	6.1
2019-10-03	CVE-2019-15165	Allocation of Resources Without Limits or Throttling vulnerability in multiple products sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB header length before allocating memory. network low complexity tcpdump debian opensuse oracle apple canonical fedoraproject CWE-770	5.3
2019-09-16	CVE-2019-5482	Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3. network low complexity haxx fedoraproject opensuse netapp oracle debian CWE-787 critical	9.8
2019-09-16	CVE-2019-5481	Double Free vulnerability in multiple products Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3. network low complexity haxx fedoraproject netapp oracle debian opensuse CWE-415 critical	9.8
2019-09-06	CVE-2019-16056	An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. network low complexity python fedoraproject debian canonical redhat oracle opensuse	7.5
2019-04-20	CVE-2019-11358	jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. network low complexity jquery debian drupal backdropcms fedoraproject opensuse netapp redhat oracle joomla juniper	6.1
2019-02-20	CVE-2019-7164	SQL Injection vulnerability in multiple products SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter. network low complexity sqlalchemy debian opensuse redhat oracle CWE-89	7.5

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.