Oracle Communications Operations Monitor vulnerabilities

CVE-2019-7548 [HIGH] CWE-89 CVE-2019-7548: SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled. SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled.

CVE-2018-11219 [CRITICAL] CWE-190 CVE-2018-11219: An Integer Overflow issue was discovered in the struct library in the Lua subsystem in Redis before An Integer Overflow issue was discovered in the struct library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2, leading to a failure of bounds checking.

CVE-2018-11218 [CRITICAL] CWE-787 CVE-2018-11218: Memory Corruption was discovered in the cmsgpack library in the Lua subsystem in Redis before 3.2.12 Memory Corruption was discovered in the cmsgpack library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2 because of stack-based buffer overflows.

CVE-2017-3730 [HIGH] CWE-476 CVE-2017-3730: In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash. This could be exploited in a Denial of Service attack.

CVE-2016-3513 [MEDIUM] CVE-2016-3513: Unspecified vulnerability in the Oracle Communications Operations Monitor component in Oracle Commun Unspecified vulnerability in the Oracle Communications Operations Monitor component in Oracle Communications Applications before 3.3.92.0.0 allows remote authenticated users to affect confidentiality via vectors related to Infrastructure.