Oracle

Communications Operations Monitor

45 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2021-32687

  • EPSS 0.91%
  • Veröffentlicht 04.10.2021 18:15:08
  • Zuletzt bearbeitet 21.11.2024 06:07:31

Redis is an open source, in-memory database that persists on disk. An integer overflow bug affecting all versions of Redis can be exploited to corrupt the heap and potentially be used to leak arbitrary contents of the heap or trigger remote code exec...

7.5

CVE-2021-32675

  • EPSS 2.53%
  • Veröffentlicht 04.10.2021 18:15:08
  • Zuletzt bearbeitet 21.11.2024 06:07:30

Redis is an open source, in-memory database that persists on disk. When parsing an incoming Redis Standard Protocol (RESP) request, Redis allocates memory according to user-specified values which determine the number of elements (in the multi-bulk he...

4.3

CVE-2021-32672

  • EPSS 0.29%
  • Veröffentlicht 04.10.2021 18:15:08
  • Zuletzt bearbeitet 21.11.2024 06:07:30

Redis is an open source, in-memory database that persists on disk. When using the Redis Lua Debugger, users can send malformed requests that cause the debugger’s protocol parser to read data beyond the actual buffer. This issue affects all versions o...

7.5

CVE-2021-32627

  • EPSS 0.8%
  • Veröffentlicht 04.10.2021 18:15:08
  • Zuletzt bearbeitet 21.11.2024 06:07:24

Redis is an open source, in-memory database that persists on disk. In affected versions an integer overflow bug in Redis can be exploited to corrupt the heap and potentially result with remote code execution. The vulnerability involves changing the d...

8.8

CVE-2021-32626

  • EPSS 1.17%
  • Veröffentlicht 04.10.2021 18:15:08
  • Zuletzt bearbeitet 21.11.2024 06:07:24

Redis is an open source, in-memory database that persists on disk. In affected versions specially crafted Lua scripts executing in Redis can cause the heap-based Lua stack to be overflowed, due to incomplete checks for this condition. This can result...

7.7

CVE-2021-23017

  • EPSS 76.12%
  • Veröffentlicht 01.06.2021 13:15:07
  • Zuletzt bearbeitet 21.11.2024 05:51:09

A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.

7.7

CVE-2020-14147

  • EPSS 0.27%
  • Veröffentlicht 15.06.2020 18:15:14
  • Zuletzt bearbeitet 21.11.2024 05:02:44

An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly ...

6.1

CVE-2020-11023

Warnung Exploit
  • EPSS 21.32%
  • Veröffentlicht 29.04.2020 21:15:11
  • Zuletzt bearbeitet 24.01.2025 02:00:02

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may ex...

6.1

CVE-2019-10219

  • EPSS 1.67%
  • Veröffentlicht 08.11.2019 15:15:11
  • Zuletzt bearbeitet 07.07.2025 14:15:21

A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.

5.3

CVE-2019-15165

  • EPSS 1.19%
  • Veröffentlicht 03.10.2019 19:15:09
  • Zuletzt bearbeitet 21.11.2024 04:28:11

sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB header length before allocating memory.