VYPR

Communications Billing And Revenue Management

by Oracle Corporation

CVEs (25)

  • CVE-2020-11022MedApr 29, 2020
    risk 0.49cvss 6.9epss 0.99

    In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

  • CVE-2016-2381HigApr 8, 2016
    risk 0.49cvss 7.5epss 0.09

    Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.

  • CVE-2020-35728HigDec 27, 2020
    risk 0.47cvss 8.1epss 0.13

    FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).

  • CVE-2020-36183HigJan 7, 2021
    risk 0.46cvss 8.1epss 0.05

    FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.

  • CVE-2020-8285HigDec 14, 2020
    risk 0.42cvss 7.5epss 0.10

    curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing.

  • CVE-2021-45105MedDec 18, 2021
    risk 0.37cvss 5.9epss 1.00

    Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is…

  • CVE-2020-8284LowDec 14, 2020
    risk 0.24cvss 3.7epss 0.04

    A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port…

  • CVE-2020-9488LowApr 27, 2020
    risk 0.17cvss 3.7epss 0.08

    Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1

  • CVE-2022-21601Oct 18, 2022
    risk 0.00cvss epss 0.01

    Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Connection Manager). Supported versions that are affected are 12.0.0.4.0-12.0.0.7.0. Easily exploitable vulnerability allows unauthenticated…

  • CVE-2022-21574Jul 19, 2022
    risk 0.00cvss epss 0.01

    Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Connection Manager). Supported versions that are affected are 12.0.0.4.0-12.0.0.6.0. Easily exploitable vulnerability allows unauthenticated…

  • CVE-2022-21573Jul 19, 2022
    risk 0.00cvss epss 0.01

    Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Billing Care). Supported versions that are affected are 12.0.0.4.0-12.0.0.6.0. Easily exploitable vulnerability allows low privileged attacker with…

  • CVE-2022-21572Jul 19, 2022
    risk 0.00cvss epss 0.00

    Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Billing Care). Supported versions that are affected are 12.0.0.4.0-12.0.0.6.0. Easily exploitable vulnerability allows low privileged attacker with…

  • CVE-2022-21429Jul 19, 2022
    risk 0.00cvss epss 0.01

    Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Billing Care). Supported versions that are affected are 12.0.0.4.0-12.0.0.6.0. Difficult to exploit vulnerability allows unauthenticated attacker…

  • CVE-2022-21431Apr 19, 2022
    risk 0.00cvss epss 0.02

    Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Connection Manager). Supported versions that are affected are 12.0.0.4 and 12.0.0.5. Easily exploitable vulnerability allows unauthenticated…

  • CVE-2022-21430Apr 19, 2022
    risk 0.00cvss epss 0.01

    Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Connection Manager). Supported versions that are affected are 12.0.0.4 and 12.0.0.5. Difficult to exploit vulnerability allows low privileged…

  • CVE-2022-21424Apr 19, 2022
    risk 0.00cvss epss 0.01

    Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Connection Manager). The supported version that is affected is 12.0.0.4. Easily exploitable vulnerability allows low privileged attacker with…

  • CVE-2022-21422Apr 19, 2022
    risk 0.00cvss epss 0.01

    Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Connection Manager). Supported versions that are affected are 12.0.0.4 and 12.0.0.5. Difficult to exploit vulnerability allows low privileged…

  • CVE-2022-21391Jan 19, 2022
    risk 0.00cvss epss 0.01

    Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Connection Manager). Supported versions that are affected are 12.0.0.3 and 12.0.0.4. Easily exploitable vulnerability allows low privileged…

  • CVE-2022-21390Jan 19, 2022
    risk 0.00cvss epss 0.02

    Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Webservices Manager). Supported versions that are affected are 12.0.0.3 and 12.0.0.4. Easily exploitable vulnerability allows unauthenticated…

  • CVE-2022-21389Jan 19, 2022
    risk 0.00cvss epss 0.02

    Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Connection Manager). Supported versions that are affected are 12.0.0.3 and 12.0.0.4. Easily exploitable vulnerability allows unauthenticated…

Page 1 of 2