CVSS: 9.9EPSS: 1%CPEs: 2EXPL: 0CVE-2022-21391
https://notcve.org/view.php?id=CVE-2022-21391
19 Jan 2022 — Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Connection Manager). Supported versions that are affected are 12.0.0.3 and 12.0.0.4. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Billing and Revenue Management. While the vulnerability is in Oracle Communications Billing and Revenue Management, attacks may significantly impact additional produc... • https://www.oracle.com/security-alerts/cpujan2022.html •
CVSS: 10.0EPSS: 2%CPEs: 2EXPL: 0CVE-2022-21390
https://notcve.org/view.php?id=CVE-2022-21390
19 Jan 2022 — Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Webservices Manager). Supported versions that are affected are 12.0.0.3 and 12.0.0.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Billing and Revenue Management. While the vulnerability is in Oracle Communications Billing and Revenue Management, attacks may significantly impact additional prod... • https://www.oracle.com/security-alerts/cpujan2022.html •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 0CVE-2022-21389
https://notcve.org/view.php?id=CVE-2022-21389
19 Jan 2022 — Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Connection Manager). Supported versions that are affected are 12.0.0.3 and 12.0.0.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Billing and Revenue Management. While the vulnerability is in Oracle Communications Billing and Revenue Management, attacks may significantly impact additional produ... • https://www.oracle.com/security-alerts/cpujan2022.html •
CVSS: 9.9EPSS: 1%CPEs: 2EXPL: 0CVE-2022-21276
https://notcve.org/view.php?id=CVE-2022-21276
19 Jan 2022 — Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Connection Manager). Supported versions that are affected are 12.0.0.3 and 12.0.0.4. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Billing and Revenue Management. While the vulnerability is in Oracle Communications Billing and Revenue Management, attacks may significantly impact additional produc... • https://www.oracle.com/security-alerts/cpujan2022.html •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 0CVE-2022-21275
https://notcve.org/view.php?id=CVE-2022-21275
19 Jan 2022 — Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Connection Manager). Supported versions that are affected are 12.0.0.3 and 12.0.0.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Billing and Revenue Management. While the vulnerability is in Oracle Communications Billing and Revenue Management, attacks may significantly impact additional produ... • https://www.oracle.com/security-alerts/cpujan2022.html •
CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-21268
https://notcve.org/view.php?id=CVE-2022-21268
19 Jan 2022 — Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Pipeline Manager). Supported versions that are affected are 12.0.0.3 and 12.0.0.4. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Billing and Revenue Management executes to compromise Oracle Communications Billing and Revenue Management. Successful attacks of this vulnerability can result in unauthori... • https://www.oracle.com/security-alerts/cpujan2022.html •
CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-21267
https://notcve.org/view.php?id=CVE-2022-21267
19 Jan 2022 — Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Pipeline Manager). Supported versions that are affected are 12.0.0.3 and 12.0.0.4. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Billing and Revenue Management executes to compromise Oracle Communications Billing and Revenue Management. Successful attacks of this vulnerability can result in unauthori... • https://www.oracle.com/security-alerts/cpujan2022.html •
CVSS: 7.5EPSS: 2%CPEs: 2EXPL: 0CVE-2022-21266
https://notcve.org/view.php?id=CVE-2022-21266
19 Jan 2022 — Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Pipeline Manager). Supported versions that are affected are 12.0.0.3 and 12.0.0.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Billing and Revenue Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communicat... • https://www.oracle.com/security-alerts/cpujan2022.html •
CVSS: 5.8EPSS: 0%CPEs: 136EXPL: 2CVE-2021-29425 – Possible limited path traversal vulnerabily in Apache Commons IO
https://notcve.org/view.php?id=CVE-2021-29425
13 Apr 2021 — In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value. En Apache Commons IO versiones anteriores a 2.7, Cuando se invoca el método FileNameUtils.normalize con una cadena de entrada inapropiada, como... • https://github.com/arsalanraja987/java-cve-2021-29425-tika-xxe • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.3EPSS: 0%CPEs: 16EXPL: 1CVE-2021-22876 – curl: Leak of authentication credentials in URL via automatic Referer
https://notcve.org/view.php?id=CVE-2021-22876
28 Mar 2021 — curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and therefore risks leaking sensitive data to the server that is the target of the second HTTP request. curl versiones 7.1.1 hasta 7.75.0 incluyéndola, es vulnerable a una "Exposure of... • https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-359: Exposure of Private Personal Information to an Unauthorized Actor •