Oracle Sd-Wan Aware vulnerabilities

5 known vulnerabilities affecting oracle/sd-wan_aware.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1MEDIUM3

Vulnerabilities

Page 1 of 1
CVE-2021-21705MEDIUMCVSS 5.3v8.22021-10-04
CVE-2021-21705 [MEDIUM] CWE-20 CVE-2021-21705: In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using URL validat In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using URL validation functionality via filter_var() function with FILTER_VALIDATE_URL parameter, an URL with invalid password field can be accepted as valid. This can lead to the code incorrectly parsing the URL and potentially leading to other security implications -
nvd
CVE-2020-14701CRITICALCVSS 10.0v8.22020-07-15
CVE-2020-14701 [CRITICAL] CVE-2020-14701: Vulnerability in the Oracle SD-WAN Aware product of Oracle Communications Applications (component: U Vulnerability in the Oracle SD-WAN Aware product of Oracle Communications Applications (component: User Interface). The supported version that is affected is 8.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle SD-WAN Aware. While the vulnerability is in Oracle SD-WAN Aware, attacks may si
nvd
CVE-2020-10878HIGHCVSS 8.6v8.2v9.0+1 more2020-06-05
CVE-2020-10878 [HIGH] CWE-190 CVE-2020-10878: Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.
nvd
CVE-2020-1927MEDIUMCVSS 6.1v8.22020-04-02
CVE-2020-1927 [MEDIUM] CWE-601 CVE-2020-1927: In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to b In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL.
nvd
CVE-2019-10219MEDIUMCVSS 6.1v8.22019-11-08
CVE-2019-10219 [MEDIUM] CWE-79 CVE-2019-10219: A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properl A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.
nvd