Oracle Enterprise_communications_broker
28 CVEs affecting Oracle Enterprise_communications_broker. Latest disclosed: 2021-08-24. Critical: 3, High: 11.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2021-3711 | Critical | 9.8 | 2021-08-24 | In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function… |
CVE-2018-11236 | Critical | 9.8 | 2018-05-18 | stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could… |
CVE-2018-6485 | Critical | 9.8 | 2018-02-01 | An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause th… |
CVE-2018-16865 | High | 7.8 | 2019-01-11 | An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entrie… |
CVE-2018-16864 | High | 7.8 | 2019-01-11 | An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program w… |
CVE-2018-11237 | High | 7.8 | 2018-05-18 | An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer… |
CVE-2021-23017 | High | 7.7 | 2021-06-01 | A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory ov… |
CVE-2020-10725 | High | 7.7 | 2020-05-20 | A flaw was found in DPDK version 19.11 and above that allows a malicious guest to cause a segmentation fault of the vhost-user backend application running on t… |
CVE-2019-9513 | High | 7.5 | 2019-08-13 | Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and con… |
CVE-2019-9511 | High | 7.5 | 2019-08-13 | Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The… |
CVE-2016-3515 | High | 7.5 | 2016-07-21 | Unspecified vulnerability in the Oracle Enterprise Communications Broker component in Oracle Communications Applications before PCz 2.0.0m4p1 allows remote att… |
CVE-2021-3712 | High | 7.4 | 2021-08-24 | ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buf… |
CVE-2020-8203 | High | 7.4 | 2020-07-15 | Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20. |
CVE-2021-23337 | High | 7.2 | 2021-02-15 | Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function. |
CVE-2016-3514 | Medium | 6.5 | 2016-07-21 | Unspecified vulnerability in the Oracle Enterprise Communications Broker component in Oracle Communications Applications before PCz 2.0.0m4p1 allows remote aut… |
CVE-2020-14721 | Medium | 6.3 | 2020-07-15 | Vulnerability in the Oracle Enterprise Communications Broker product of Oracle Communications Applications (component: WebGUI). Supported versions that are aff… |
CVE-2020-14563 | Medium | 6.1 | 2020-07-15 | Vulnerability in the Oracle Enterprise Communications Broker product of Oracle Communications Applications (component: WebGUI). Supported versions that are aff… |
CVE-2019-10219 | Medium | 6.1 | 2019-11-08 | A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious cod… |
CVE-2020-10726 | Medium | 6.0 | 2020-05-20 | A vulnerability was found in DPDK versions 19.11 and above. A malicious container that has direct access to the vhost-user socket can keep sending VHOST_USER_G… |
CVE-2020-1971 | Medium | 5.9 | 2020-12-08 | The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a fu… |