Communications Operations Monitor Oracle Communications Operations Monitor

Do you want an email whenever new security vulnerabilities are reported in Oracle Communications Operations Monitor?

By the Year

In 2022 there have been 0 vulnerabilities in Oracle Communications Operations Monitor . Last year Communications Operations Monitor had 1 security vulnerability published. Right now, Communications Operations Monitor is on track to have less security vulnerabilities in 2022 than it did last year.

Year Vulnerabilities Average Score
2022 0 0.00
2021 1 9.40
2020 2 6.90
2019 9 8.08
2018 2 9.80

It may take a day or so for new Communications Operations Monitor vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Oracle Communications Operations Monitor Security Vulnerabilities

A security issue in nginx resolver was identified, which might

CVE-2021-23017 9.4 - Critical - June 01, 2021

A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.

off-by-five

An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3

CVE-2020-14147 7.7 - High - June 15, 2020

An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow. NOTE: this issue exists because of a CVE-2015-8080 regression.

Memory Corruption

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements

CVE-2020-11023 6.1 - Medium - April 29, 2020

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

XSS

Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.

CVE-2019-5482 9.8 - Critical - September 16, 2019

Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.

Memory Corruption

A stack-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13

CVE-2019-10193 7.2 - High - July 11, 2019

A stack-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By corrupting a hyperloglog using the SETRANGE command, an attacker could cause Redis to perform controlled increments of up to 12 bytes past the end of a stack-allocated buffer.

Memory Corruption

A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13

CVE-2019-10192 7.2 - High - July 11, 2019

A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By carefully corrupting a hyperloglog using the SETRANGE command, an attacker could trick Redis interpretation of dense HLL encoding to write up to 3 bytes beyond the end of a heap-allocated buffer.

Memory Corruption

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {},

CVE-2019-11358 6.1 - Medium - April 20, 2019

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.

XSS

SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2

CVE-2019-7164 9.8 - Critical - February 20, 2019

SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter.

SQL Injection

SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter

CVE-2019-7548 7.8 - High - February 06, 2019

SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled.

SQL Injection

libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow

CVE-2019-3822 9.8 - Critical - February 06, 2019

libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (`lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()`), generates the request HTTP header contents based on previously received data. The check that exists to prevent the local buffer from getting overflowed is implemented wrongly (using unsigned math) and as such it does not prevent the overflow from happening. This output data can grow larger than the local buffer if very large 'nt response' data is extracted from a previous NTLMv2 header provided by the malicious or broken HTTP server. Such a 'large value' needs to be around 1000 bytes or more. The actual payload data copied to the target buffer comes from the NTLMv2 type-2 response header.

Memory Corruption

libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP

CVE-2019-3823 7.5 - High - February 06, 2019

libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to `smtp_endofresp()` isn't NUL terminated and contains no character ending the parsed number, and `len` is set to 5, then the `strtol()` call reads beyond the allocated buffer. The read contents will not be returned to the caller.

Out-of-bounds Read

libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read

CVE-2018-16890 7.5 - High - February 06, 2019

libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds.

Integer Overflow or Wraparound

Memory Corruption was discovered in the cmsgpack library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2

CVE-2018-11218 9.8 - Critical - June 17, 2018

Memory Corruption was discovered in the cmsgpack library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2 because of stack-based buffer overflows.

Memory Corruption

An Integer Overflow issue was discovered in the struct library in the Lua subsystem in Redis before 3.2.12

CVE-2018-11219 9.8 - Critical - June 17, 2018

An Integer Overflow issue was discovered in the struct library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2, leading to a failure of bounds checking.

Integer Overflow or Wraparound

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Debian Linux or by Oracle? Click the Watch button to subscribe.

Oracle
Vendor

subscribe