Communications Operations Monitor

DATE	CVE	VULNERABILITY TITLE	RISK
2021-10-04	CVE-2021-32672	Out-of-bounds Read vulnerability in multiple products Redis is an open source, in-memory database that persists on disk. network low complexity redis redhat debian fedoraproject netapp oracle CWE-125	4.3
2021-10-04	CVE-2021-32675	Allocation of Resources Without Limits or Throttling vulnerability in multiple products Redis is an open source, in-memory database that persists on disk. network low complexity redis fedoraproject debian netapp oracle CWE-770	7.5
2021-10-04	CVE-2021-32687	Integer Overflow to Buffer Overflow vulnerability in multiple products Redis is an open source, in-memory database that persists on disk. network high complexity redis fedoraproject debian netapp oracle CWE-680	7.5
2021-10-04	CVE-2021-32762	Integer Overflow to Buffer Overflow vulnerability in multiple products Redis is an open source, in-memory database that persists on disk. network low complexity redis debian fedoraproject netapp oracle CWE-680	8.8
2021-10-04	CVE-2021-41099	Integer Overflow to Buffer Overflow vulnerability in multiple products Redis is an open source, in-memory database that persists on disk. network high complexity redis fedoraproject debian netapp oracle CWE-680	7.5
2021-06-01	CVE-2021-23017	Off-by-one Error vulnerability in multiple products A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact. network high complexity f5 openresty fedoraproject netapp oracle CWE-193	7.7
2020-06-15	CVE-2020-14147	Integer Overflow or Wraparound vulnerability in multiple products An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow. network low complexity redislabs oracle suse debian CWE-190	7.7
2020-04-29	CVE-2020-11023	Cross-site Scripting vulnerability in multiple products In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. network low complexity jquery debian fedoraproject drupal oracle netapp tenable CWE-79	6.1
2019-11-08	CVE-2019-10219	Cross-site Scripting vulnerability in multiple products A vulnerability was found in Hibernate-Validator. network low complexity redhat netapp oracle CWE-79	6.1
2019-10-03	CVE-2019-15165	Allocation of Resources Without Limits or Throttling vulnerability in multiple products sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB header length before allocating memory. network low complexity tcpdump debian opensuse oracle apple canonical fedoraproject CWE-770	5.3