cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-21890,https://securityvulnerability.io/vulnerability/CVE-2023-21890,Critical Network Vulnerability in Oracle Communications Converged Application Server,"A serious vulnerability exists in the Oracle Communications Converged Application Server, where an unauthenticated attacker can exploit the server via UDP network access. This flaw affects versions 7.1.0 and 8.0.0, allowing attackers to potentially take control of the system. If successfully exploited, the vulnerability can significantly compromise the confidentiality, integrity, and availability of the server, posing a major risk to organizations utilizing Oracle's communication products.",Oracle,Communications Converged Application Server,9.8,CRITICAL,0.003860000055283308,false,false,false,false,,false,false,2023-01-18T00:15:00.000Z,0
CVE-2018-2904,https://securityvulnerability.io/vulnerability/CVE-2018-2904,,"Vulnerability in the Oracle Communications EAGLE LNP Application Processor component of Oracle Communications Applications (subcomponent: GUI). The supported version that is affected is 10.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications EAGLE LNP Application Processor. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications EAGLE LNP Application Processor accessible data as well as unauthorized read access to a subset of Oracle Communications EAGLE LNP Application Processor accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N).",Oracle,Communications Eagle Lnp Application Processor,6.5,MEDIUM,0.0014700000174343586,false,false,false,false,,false,false,2018-07-18T13:00:00.000Z,0
CVE-2016-5458,https://securityvulnerability.io/vulnerability/CVE-2016-5458,,Unspecified vulnerability in the Oracle Communications EAGLE Application Processor component in Oracle Communications Applications 16.0 allows remote authenticated users to affect confidentiality and integrity via vectors related to APPL.,Oracle,Communications Eagle Application Processor,6.4,MEDIUM,0.001129999989643693,false,false,false,false,,false,false,2016-07-21T10:00:00.000Z,0
CVE-2015-2608,https://securityvulnerability.io/vulnerability/CVE-2015-2608,,"Unspecified vulnerability in (1) the Oracle Communications Diameter Signaling Router (DSR) component in Oracle Communications Applications 4.1.6 and earlier, 5.1.0 and earlier, 6.0.2 and earlier, and 7.1.0 and earlier; (2) the Oracle Communications Performance Intelligence Center Software component in Oracle Communications Applications 9.0.3 and earlier and 10.1.5 and earlier; (3) the Oracle Communications Policy Management component in Oracle Communications Applications 9.9.0 and earlier, 10.5.0 and earlier, 11.5.0 and earlier, and 12.1.0 and earlier; and (4) the Oracle Communications Tekelec HLR Router component in Oracle Communications Applications 4.0.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to PMAC.",Oracle,Communications Applications,,,0.00773000018671155,false,false,false,false,,false,false,2015-10-21T21:00:00.000Z,0
CVE-2015-4793,https://securityvulnerability.io/vulnerability/CVE-2015-4793,,Unspecified vulnerability in the Oracle Communications Convergence component in Oracle Communications Applications 2.0 and 3.0.1 allows remote attackers to affect confidentiality via unknown vectors related to Mail Proxy.,Oracle,Communications Applications,,,0.0018100000452250242,false,false,false,false,,false,false,2015-10-21T21:00:00.000Z,0
CVE-2015-2808,https://securityvulnerability.io/vulnerability/CVE-2015-2808,,"The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the ""Bar Mitzvah"" issue.",Oracle,"Http Server,Integrated Lights Out Manager Firmware,Communications Application Session Controller,Communications Policy Management",,,0.004379999823868275,false,false,false,false,,false,false,2015-04-01T00:00:00.000Z,0
CVE-2014-6598,https://securityvulnerability.io/vulnerability/CVE-2014-6598,,"Unspecified vulnerability in the Oracle Communications Diameter Signaling Router component in Oracle Communications Applications 3.x, 4.x, and 5.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Signaling - DPI.",Oracle,Communications Applications,,,0.004780000075697899,false,false,false,true,true,false,false,2015-01-21T18:00:00.000Z,0
CVE-2014-6465,https://securityvulnerability.io/vulnerability/CVE-2014-6465,,Unspecified vulnerability in the Oracle Communications Session Border Controller component in Oracle Communications Applications SCX640m5 allows remote authenticated users to affect availability via unknown vectors related to Lawful Intercept.,Oracle,Communications Applications,,,0.0015300000086426735,false,false,false,false,,false,false,2014-10-15T15:15:00.000Z,0
CVE-2013-2566,https://securityvulnerability.io/vulnerability/CVE-2013-2566,,"The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext.",Oracle,"Http Server,Integrated Lights Out Manager Firmware,Communications Application Session Controller",5.9,MEDIUM,0.007939999923110008,false,false,false,false,,false,false,2013-03-15T21:55:00.000Z,0
CVE-2011-3559,https://securityvulnerability.io/vulnerability/CVE-2011-3559,,"Unspecified vulnerability in Oracle Communications Server 2.0; GlassFish Enterprise Server 2.1.1, 3.0.1, and 3.1.1; and Sun Java System App Server 8.1 and 8.2 allows remote attackers to affect availability via unknown vectors related to Web Container.",Oracle,"Java System Application Server,Communications Server,Glassfish Server",,,0.013399999588727951,false,false,false,false,,false,false,2011-10-18T22:00:00.000Z,0