Oracle Communications Pricing Design Center vulnerabilities

CVE-2022-24329 [MEDIUM] CWE-829 CVE-2022-24329: In JetBrains Kotlin before 1.6.0, it was not possible to lock dependencies for Multiplatform Gradle In JetBrains Kotlin before 1.6.0, it was not possible to lock dependencies for Multiplatform Gradle Projects.

CVE-2022-21388 [LOW] CVE-2022-21388: Vulnerability in the Oracle Communications Pricing Design Center product of Oracle Communications Ap Vulnerability in the Oracle Communications Pricing Design Center product of Oracle Communications Applications (component: On Premise Install). Supported versions that are affected are 12.0.0.3.0 and 12.0.0.4.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Pricing Design Center exe

CVE-2021-45105 [MEDIUM] CWE-20 CVE-2021-45105: Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from u Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.

CVE-2021-2351 [HIGH] CWE-327 CVE-2021-2351: Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versi Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks require human interaction from a perso

CVE-2021-33037 [MEDIUM] CWE-444 CVE-2021-33037: Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse th Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly ignored the transfer encoding header if the client declared it would only

CVE-2021-30640 [MEDIUM] CWE-116 CVE-2021-30640: A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variatio A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0 to 8.5.65.

CVE-2020-6950 [MEDIUM] CWE-22 CVE-2020-6950: Directory traversal in Eclipse Mojarra before 2.3.14 allows attackers to read arbitrary files via th Directory traversal in Eclipse Mojarra before 2.3.14 allows attackers to read arbitrary files via the loc parameter or con parameter.

CVE-2021-29425 [MEDIUM] CWE-20 CVE-2021-29425: In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper i In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to constru

CVE-2021-23336 [MEDIUM] CWE-444 CVE-2021-23336: The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and be The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they

CVE-2021-21275 [MEDIUM] CWE-352 CVE-2021-21275: The MediaWiki "Report" extension has a Cross-Site Request Forgery (CSRF) vulnerability. Before fixed The MediaWiki "Report" extension has a Cross-Site Request Forgery (CSRF) vulnerability. Before fixed version, there was no protection against CSRF checks on Special:Report, so requests to report a revision could be forged. The problem has been fixed in commit f828dc6 by making use of MediaWiki edit tokens.

CVE-2021-3177 [CRITICAL] CWE-120 CVE-2021-3177: Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf is used unsafely.

CVE-2020-36179 [HIGH] CWE-502 CVE-2020-36179: FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadg FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS.

CVE-2020-36183 [HIGH] CWE-502 CVE-2020-36183: FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadg FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.

CVE-2020-36182 [HIGH] CWE-502 CVE-2020-36182: FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadg FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.

CVE-2020-36180 [HIGH] CWE-502 CVE-2020-36180: FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadg FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.

CVE-2020-36189 [HIGH] CWE-502 CVE-2020-36189: FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadg FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.

CVE-2020-36184 [HIGH] CWE-502 CVE-2020-36184: FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadg FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.

CVE-2020-36186 [HIGH] CWE-502 CVE-2020-36186: FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadg FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource.

CVE-2020-36187 [HIGH] CWE-502 CVE-2020-36187: FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadg FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.

CVE-2020-36181 [HIGH] CWE-502 CVE-2020-36181: FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadg FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS.