CVSS: 9.9EPSS: 1%CPEs: 2EXPL: 0CVE-2022-21391
https://notcve.org/view.php?id=CVE-2022-21391
19 Jan 2022 — Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Connection Manager). Supported versions that are affected are 12.0.0.3 and 12.0.0.4. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Billing and Revenue Management. While the vulnerability is in Oracle Communications Billing and Revenue Management, attacks may significantly impact additional produc... • https://www.oracle.com/security-alerts/cpujan2022.html •
CVSS: 10.0EPSS: 2%CPEs: 2EXPL: 0CVE-2022-21390
https://notcve.org/view.php?id=CVE-2022-21390
19 Jan 2022 — Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Webservices Manager). Supported versions that are affected are 12.0.0.3 and 12.0.0.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Billing and Revenue Management. While the vulnerability is in Oracle Communications Billing and Revenue Management, attacks may significantly impact additional prod... • https://www.oracle.com/security-alerts/cpujan2022.html •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 0CVE-2022-21389
https://notcve.org/view.php?id=CVE-2022-21389
19 Jan 2022 — Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Connection Manager). Supported versions that are affected are 12.0.0.3 and 12.0.0.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Billing and Revenue Management. While the vulnerability is in Oracle Communications Billing and Revenue Management, attacks may significantly impact additional produ... • https://www.oracle.com/security-alerts/cpujan2022.html •
CVSS: 9.9EPSS: 1%CPEs: 2EXPL: 0CVE-2022-21276
https://notcve.org/view.php?id=CVE-2022-21276
19 Jan 2022 — Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Connection Manager). Supported versions that are affected are 12.0.0.3 and 12.0.0.4. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Billing and Revenue Management. While the vulnerability is in Oracle Communications Billing and Revenue Management, attacks may significantly impact additional produc... • https://www.oracle.com/security-alerts/cpujan2022.html •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 0CVE-2022-21275
https://notcve.org/view.php?id=CVE-2022-21275
19 Jan 2022 — Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Connection Manager). Supported versions that are affected are 12.0.0.3 and 12.0.0.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Billing and Revenue Management. While the vulnerability is in Oracle Communications Billing and Revenue Management, attacks may significantly impact additional produ... • https://www.oracle.com/security-alerts/cpujan2022.html •
CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-21268
https://notcve.org/view.php?id=CVE-2022-21268
19 Jan 2022 — Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Pipeline Manager). Supported versions that are affected are 12.0.0.3 and 12.0.0.4. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Billing and Revenue Management executes to compromise Oracle Communications Billing and Revenue Management. Successful attacks of this vulnerability can result in unauthori... • https://www.oracle.com/security-alerts/cpujan2022.html •
CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-21267
https://notcve.org/view.php?id=CVE-2022-21267
19 Jan 2022 — Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Pipeline Manager). Supported versions that are affected are 12.0.0.3 and 12.0.0.4. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Billing and Revenue Management executes to compromise Oracle Communications Billing and Revenue Management. Successful attacks of this vulnerability can result in unauthori... • https://www.oracle.com/security-alerts/cpujan2022.html •
CVSS: 7.5EPSS: 2%CPEs: 2EXPL: 0CVE-2022-21266
https://notcve.org/view.php?id=CVE-2022-21266
19 Jan 2022 — Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Pipeline Manager). Supported versions that are affected are 12.0.0.3 and 12.0.0.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Billing and Revenue Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communicat... • https://www.oracle.com/security-alerts/cpujan2022.html •
CVSS: 5.8EPSS: 0%CPEs: 136EXPL: 1CVE-2021-29425 – Possible limited path traversal vulnerabily in Apache Commons IO
https://notcve.org/view.php?id=CVE-2021-29425
13 Apr 2021 — In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value. En Apache Commons IO versiones anteriores a 2.7, Cuando se invoca el método FileNameUtils.normalize con una cadena de entrada inapropiada, como... • https://issues.apache.org/jira/browse/IO-556 • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.3EPSS: 0%CPEs: 15EXPL: 1CVE-2021-22890 – curl: TLS 1.3 session ticket mix-up with HTTPS proxy host
https://notcve.org/view.php?id=CVE-2021-22890
28 Mar 2021 — curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving from the HTTPS proxy but work as if they arrived from the remote server and then wrongly "short-cut" the host handshake. When confusing the tickets, a HTTPS proxy can trick libcurl to use the wrong session ticket resume for the host and thereby circumvent the serve... • https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf • CWE-290: Authentication Bypass by Spoofing CWE-300: Channel Accessible by Non-Endpoint •