Oracle Communications Brm - Elastic Charging Engine 12.0.0.5.0
Approved changes feed: RSS · Atom
cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12.0.0.5.0:*:*:*:*:*:*:*
part: a version: 12.0.0.5.0 update: *
| Vendor | Oracle (3509f9eb-d8a0-57da-b153-b8021021b133) |
|---|---|
| Product | Communications Brm Elastic Charging Engine (ad5e1ed6-0886-5606-8de6-558e50d982ff) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2021-44832 |
vulnerable | 2026-06-03 14:45:37.508879 |
Apache Log4j2 vulnerable to RCE via JDBC Appender when attacker controls configuration
Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.
Published: 2021-12-28T19:35:11.000Z
Updated: 2026-05-29T18:53:46.103Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-43859 |
vulnerable | 2026-06-03 14:45:35.147218 |
Denial of Service by injecting highly recursive collections or maps in XStream
HIGH (7.5)
XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. XStream 1.4.19 monitors and accumulates the time it takes to add elements to collections and throws an exception if a set threshold is exceeded. Users are advised to upgrade as soon as possible. Users unable to upgrade may set the NO_REFERENCE mode to prevent recursion. See GHSA-rmr5-cpv2-vgjf for further details on a workaround if an upgrade is not possible.
Published: 2022-02-01T12:08:57.000Z
Updated: 2025-11-03T21:45:34.625Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-38153 |
vulnerable | 2026-06-03 14:45:01.453125 |
Timing Attack Vulnerability for Apache Kafka Connect and Clients
Some components in Apache Kafka use `Arrays.equals` to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful. Users should upgrade to 2.8.1 or higher, or 3.0.0 or higher where this vulnerability has been fixed. The affected versions include Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, 2.2.2, 2.3.0, 2.3.1, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.6.0, 2.6.1, 2.6.2, 2.7.0, 2.7.1, and 2.8.0.
Published: 2021-09-22T09:05:11.000Z
Updated: 2024-08-04T01:37:15.929Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-37137 |
vulnerable | 2026-06-03 14:44:59.953764 |
Details available
The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which may lead to excessive memory usage as well. This vulnerability can be triggered by supplying malicious input that decompresses to a very big size (via a network stream or a file) or by sending a huge skippable chunk.
Published: 2021-10-19T00:00:00.000Z
Updated: 2024-08-04T01:16:02.953Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.