Communications_offline_mediation_controller - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Communications_offline_mediation_controller
(Oracle)

Repositories	Unknown: This might be proprietary software.
#Vulnerabilities	37

Date	Id	Summary	Products	Score	Patch	Annotated
2020-04-27	CVE-2020-9488	Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1	Log4j, Debian_linux, Communications_application_session_controller, Communications_billing_and_revenue_management, Communications_eagle_ftp_table_base_retrieval, Communications_offline_mediation_controller, Communications_services_gatekeeper, Communications_unified_inventory_management, Data_integrator, Enterprise_manager_for_peoplesoft, Financial_services_analytical_applications_infrastructure, Financial_services_institutional_performance_analytics, Financial_services_market_risk_measurement_and_management, Financial_services_price_creation_and_discovery, Financial_services_retail_customer_analytics, Flexcube_core_banking, Flexcube_private_banking, Health_sciences_information_manager, Insurance_insbridge_rating_and_underwriting, Insurance_policy_administration_j2ee, Insurance_rules_palette, Jd_edwards_world_security, Oracle_goldengate_application_adapters, Peoplesoft_enterprise_peopletools, Policy_automation, Policy_automation_connector_for_siebel, Policy_automation_for_mobile_devices, Primavera_unifier, Retail_advanced_inventory_planning, Retail_assortment_planning, Retail_bulk_data_integration, Retail_customer_management_and_segmentation_foundation, Retail_eftlink, Retail_insights_cloud_service_suite, Retail_integration_bus, Retail_order_broker_cloud_service, Retail_predictive_application_server, Retail_xstore_point_of_service, Siebel_apps_\-_marketing, Siebel_ui_framework, Spatial_and_graph, Storagetek_acsls, Storagetek_tape_analytics_sw_tool, Utilities_framework, Weblogic_server, Reload4j	3.7
2020-06-05	CVE-2020-10543	Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.	Fedora, Leap, Communications_billing_and_revenue_management, Communications_diameter_signaling_router, Communications_eagle_application_processor, Communications_eagle_lnp_application_processor, Communications_lsms, Communications_offline_mediation_controller, Communications_performance_intelligence_center, Communications_pricing_design_center, Configuration_manager, Enterprise_manager_base_platform, Sd\-Wan_edge, Tekelec_platform_distribution, Perl	8.2
2020-06-05	CVE-2020-10878	Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.	Fedora, Oncommand_workflow_automation, Snap_creator_framework, Leap, Communications_billing_and_revenue_management, Communications_diameter_signaling_router, Communications_eagle_application_processor, Communications_eagle_lnp_application_processor, Communications_lsms, Communications_offline_mediation_controller, Communications_performance_intelligence_center, Communications_pricing_design_center, Configuration_manager, Enterprise_manager_base_platform, Sd\-Wan_aware, Tekelec_platform_distribution, Perl	8.6
2020-06-05	CVE-2020-12723	regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.	Fedora, Oncommand_workflow_automation, Snap_creator_framework, Leap, Communications_billing_and_revenue_management, Communications_diameter_signaling_router, Communications_eagle_application_processor, Communications_eagle_lnp_application_processor, Communications_lsms, Communications_offline_mediation_controller, Communications_performance_intelligence_center, Configuration_manager, Enterprise_manager_base_platform, Sd\-Wan_edge, Tekelec_platform_distribution, Perl	7.5
2020-08-25	CVE-2020-24616	FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).	Debian_linux, Jackson\-Databind, Active_iq_unified_manager, Agile_plm, Application_testing_suite, Autovue_for_agile_product_lifecycle_management, Banking_liquidity_management, Banking_supply_chain_finance, Blockchain_platform, Communications_calendar_server, Communications_cloud_native_core_unified_data_repository, Communications_contacts_server, Communications_diameter_signaling_router, Communications_element_manager, Communications_evolved_communications_application_server, Communications_instant_messaging_server, Communications_messaging_server, Communications_offline_mediation_controller, Communications_policy_management, Communications_pricing_design_center, Communications_services_gatekeeper, Communications_session_report_manager, Communications_unified_inventory_management, Identity_manager_connector, Siebel_ui_framework	8.1
2020-10-20	CVE-2020-25648	A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system availability. This flaw affects NSS versions before 3.58.	Fedora, Network_security_services, Communications_offline_mediation_controller, Communications_pricing_design_center, Jd_edwards_enterpriseone_tools, Enterprise_linux	7.5
2020-10-23	CVE-2020-27216	In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the...	Beam, Debian_linux, Jetty, Snap_creator_framework, Snapcenter, Storage_replication_adapter, Vasa_provider, Virtual_storage_console, Communications_application_session_controller, Communications_converged_application_server_\-_service_controller, Communications_element_manager, Communications_offline_mediation_controller, Communications_pricing_design_center, Communications_services_gatekeeper, Flexcube_core_banking, Flexcube_private_banking, Jd_edwards_enterpriseone_tools, Siebel_core_\-_automation	7.0
2020-11-06	CVE-2020-28196	MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite lengths lacks a recursion limit.	Fedora, Kerberos_5, Active_iq_unified_manager, Cloud_backup, Oncommand_insight, Oncommand_workflow_automation, Snapcenter, Communications_cloud_native_core_policy, Communications_offline_mediation_controller, Communications_pricing_design_center, Mysql_server	7.5
2020-12-03	CVE-2020-25649	A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.	Iotdb, Jackson\-Databind, Fedora, Oncommand_api_services, Oncommand_workflow_automation, Service_level_manager, Agile_plm, Agile_product_lifecycle_management_integration_pack, Banking_apis, Banking_platform, Banking_treasury_management, Blockchain_platform, Coherence, Commerce_platform, Communications_billing_and_revenue_management, Communications_cloud_native_core_unified_data_repository, Communications_convergent_charging_controller, Communications_evolved_communications_application_server, Communications_instant_messaging_server, Communications_interactive_session_recorder, Communications_messaging_server, Communications_network_charging_and_control, Communications_offline_mediation_controller, Communications_pricing_design_center, Communications_services_gatekeeper, Communications_unified_inventory_management, Goldengate_application_adapters, Health_sciences_empirica_signal, Insurance_policy_administration, Insurance_rules_palette, Jd_edwards_enterpriseone_orchestrator, Jd_edwards_enterpriseone_tools, Primavera_gateway, Retail_service_backbone, Retail_xstore_point_of_service, Sd\-Wan_edge, Utilities_framework, Webcenter_portal, Quarkus	7.5
2020-12-03	CVE-2020-27783	A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused different behaviors between the sanitizer and the user's page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code.	Debian_linux, Fedora, Lxml, Snapcenter, Communications_offline_mediation_controller, Zfs_storage_appliance_kit, Enterprise_linux, Software_collections	6.1