Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Communications_operations_monitor
(Oracle)Repositories |
• https://github.com/antirez/redis
• https://github.com/openssl/openssl |
#Vulnerabilities | 46 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2019-07-11 | CVE-2019-10193 | A stack-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By corrupting a hyperloglog using the SETRANGE command, an attacker could cause Redis to perform controlled increments of up to 12 bytes past the end of a stack-allocated buffer. | Ubuntu_linux, Debian_linux, Communications_operations_monitor, Enterprise_linux, Enterprise_linux_eus, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Openstack, Redis | 7.2 | ||
2018-06-17 | CVE-2018-11219 | An Integer Overflow issue was discovered in the struct library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2, leading to a failure of bounds checking. | Debian_linux, Communications_operations_monitor, Openstack, Redis | 9.8 | ||
2018-06-17 | CVE-2018-11218 | Memory Corruption was discovered in the cmsgpack library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2 because of stack-based buffer overflows. | Debian_linux, Communications_operations_monitor, Openstack, Redis | 9.8 | ||
2019-02-06 | CVE-2018-16890 | libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds. | Ubuntu_linux, Debian_linux, Libcurl, Clustered_data_ontap, Communications_operations_monitor, Http_server, Secure_global_desktop, Sinema_remote_connect_client | 7.5 | ||
2016-07-21 | CVE-2016-3513 | Unspecified vulnerability in the Oracle Communications Operations Monitor component in Oracle Communications Applications before 3.3.92.0.0 allows remote authenticated users to affect confidentiality via vectors related to Infrastructure. | Communications_operations_monitor | 6.5 | ||
2017-05-04 | CVE-2017-3730 | In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash. This could be exploited in a Denial of Service attack. | Openssl, Agile_engineering_data_management, Communications_application_session_controller, Communications_eagle_lnp_application_processor, Communications_operations_monitor, Jd_edwards_enterpriseone_tools, Jd_edwards_world_security | 7.5 |