CVSS: 9.9EPSS: 1%CPEs: 2EXPL: 0CVE-2022-21391
https://notcve.org/view.php?id=CVE-2022-21391
19 Jan 2022 — Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Connection Manager). Supported versions that are affected are 12.0.0.3 and 12.0.0.4. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Billing and Revenue Management. While the vulnerability is in Oracle Communications Billing and Revenue Management, attacks may significantly impact additional produc... • https://www.oracle.com/security-alerts/cpujan2022.html •
CVSS: 10.0EPSS: 2%CPEs: 2EXPL: 0CVE-2022-21390
https://notcve.org/view.php?id=CVE-2022-21390
19 Jan 2022 — Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Webservices Manager). Supported versions that are affected are 12.0.0.3 and 12.0.0.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Billing and Revenue Management. While the vulnerability is in Oracle Communications Billing and Revenue Management, attacks may significantly impact additional prod... • https://www.oracle.com/security-alerts/cpujan2022.html •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 0CVE-2022-21389
https://notcve.org/view.php?id=CVE-2022-21389
19 Jan 2022 — Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Connection Manager). Supported versions that are affected are 12.0.0.3 and 12.0.0.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Billing and Revenue Management. While the vulnerability is in Oracle Communications Billing and Revenue Management, attacks may significantly impact additional produ... • https://www.oracle.com/security-alerts/cpujan2022.html •
CVSS: 9.9EPSS: 1%CPEs: 2EXPL: 0CVE-2022-21276
https://notcve.org/view.php?id=CVE-2022-21276
19 Jan 2022 — Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Connection Manager). Supported versions that are affected are 12.0.0.3 and 12.0.0.4. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Billing and Revenue Management. While the vulnerability is in Oracle Communications Billing and Revenue Management, attacks may significantly impact additional produc... • https://www.oracle.com/security-alerts/cpujan2022.html •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 0CVE-2022-21275
https://notcve.org/view.php?id=CVE-2022-21275
19 Jan 2022 — Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Connection Manager). Supported versions that are affected are 12.0.0.3 and 12.0.0.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Billing and Revenue Management. While the vulnerability is in Oracle Communications Billing and Revenue Management, attacks may significantly impact additional produ... • https://www.oracle.com/security-alerts/cpujan2022.html •
CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-21268
https://notcve.org/view.php?id=CVE-2022-21268
19 Jan 2022 — Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Pipeline Manager). Supported versions that are affected are 12.0.0.3 and 12.0.0.4. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Billing and Revenue Management executes to compromise Oracle Communications Billing and Revenue Management. Successful attacks of this vulnerability can result in unauthori... • https://www.oracle.com/security-alerts/cpujan2022.html •
CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-21267
https://notcve.org/view.php?id=CVE-2022-21267
19 Jan 2022 — Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Pipeline Manager). Supported versions that are affected are 12.0.0.3 and 12.0.0.4. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Billing and Revenue Management executes to compromise Oracle Communications Billing and Revenue Management. Successful attacks of this vulnerability can result in unauthori... • https://www.oracle.com/security-alerts/cpujan2022.html •
CVSS: 7.5EPSS: 2%CPEs: 2EXPL: 0CVE-2022-21266
https://notcve.org/view.php?id=CVE-2022-21266
19 Jan 2022 — Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Pipeline Manager). Supported versions that are affected are 12.0.0.3 and 12.0.0.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Billing and Revenue Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communicat... • https://www.oracle.com/security-alerts/cpujan2022.html •
CVSS: 5.3EPSS: 0%CPEs: 16EXPL: 1CVE-2021-22876 – curl: Leak of authentication credentials in URL via automatic Referer
https://notcve.org/view.php?id=CVE-2021-22876
28 Mar 2021 — curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and therefore risks leaking sensitive data to the server that is the target of the second HTTP request. curl versiones 7.1.1 hasta 7.75.0 incluyéndola, es vulnerable a una "Exposure of... • https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-359: Exposure of Private Personal Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 15EXPL: 1CVE-2021-22890 – curl: TLS 1.3 session ticket mix-up with HTTPS proxy host
https://notcve.org/view.php?id=CVE-2021-22890
28 Mar 2021 — curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving from the HTTPS proxy but work as if they arrived from the remote server and then wrongly "short-cut" the host handshake. When confusing the tickets, a HTTPS proxy can trick libcurl to use the wrong session ticket resume for the host and thereby circumvent the serve... • https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf • CWE-290: Authentication Bypass by Spoofing CWE-300: Channel Accessible by Non-Endpoint •