Oracle communications messaging server

This hub aggregates every CVE we track for Oracle communications messaging server, a product in the communications space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Oracle communications messaging server.

• CVE-2022-23305SQL injection in JDBC Appender in Apache Log4j V19.8Jan 18, 2022
• CVE-2021-43797HTTP fails to validate against control chars in header names which may lead to HTTP request smuggling6.5Dec 9, 2021
• CVE-2021-37136The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Dec...7.5Oct 19, 2021
• CVE-2021-40690Bypass of the secureValidation property7.5Sep 19, 2021
• CVE-2021-37714Crafted input may cause the jsoup HTML and XML parser to get stuck, timeout, or throw unchecked exceptions7.5Aug 18, 2021
• CVE-2020-25649A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from...7.5Dec 3, 2020
• CVE-2020-13954Apache CXF Reflected XSS in the services listing page via the styleSheetPath6.1Nov 12, 2020
• CVE-2020-24750FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.8.1Sep 17, 2020
• CVE-2020-9489A carefully crafted or corrupt file may trigger a System.exit in Tika's OneNote Parser. Crafted or corrupted files can also cause out of memory errors and/or infinite loops in Tika's ICNSParser, MP...5.5Apr 27, 2020
• CVE-2020-11612The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. An attacker could send a large ZlibEncoded byte stream to the Netty ser...7.5Apr 7, 2020
• CVE-2020-1951A carefully crafted or corrupt PSD file can cause an infinite loop in Apache Tika's PSDParser in versions 1.0-1.23.5.5Mar 23, 2020
• CVE-2020-1950A carefully crafted or corrupt PSD file can cause excessive memory usage in Apache Tika's PSDParser in versions 1.0-1.23.5.5Mar 23, 2020
• CVE-2018-12404A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbach...5.9May 2, 2019
• CVE-2019-0228Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XFDF.9.8Apr 17, 2019
• CVE-2017-5461Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1 allows remote attackers to cause a denial of service (out-...9.8May 11, 2017