Oracle Enterprise Communications Broker — known CVE vulnerabilities
Every CVE whose affected-product data names Oracle Enterprise Communications Broker, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (28)
CVE-2018-6485 — CVSS 9.8 (critical): An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and…
CVE-2021-3711 — CVSS 9.8 (critical): In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application…
CVE-2018-11236 — CVSS 9.8 (critical): stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the…
CVE-2018-16865 — CVSS 7.8 (high): An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in…
CVE-2018-11237 — CVSS 7.8 (high): An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data…
CVE-2018-16864 — CVSS 7.8 (high): An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in…
CVE-2021-23017 — CVSS 7.7 (high): A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to…
CVE-2020-10725 — CVSS 7.7 (high): A flaw was found in DPDK version 19.11 and above that allows a malicious guest to cause a segmentation fault of the vhost-user backend…
CVE-2019-9511 — CVSS 7.5 (high): Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a…
CVE-2016-3515 — CVSS 7.5 (high): Unspecified vulnerability in the Oracle Enterprise Communications Broker component in Oracle Communications Applications before PCz…
CVE-2019-9513 — CVSS 7.5 (high): Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple…
CVE-2021-3712 — CVSS 7.4 (high): ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a…
CVE-2021-23337 — CVSS 7.2 (high): Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.
CVE-2016-3514 — CVSS 6.5 (medium): Unspecified vulnerability in the Oracle Enterprise Communications Broker component in Oracle Communications Applications before PCz…
CVE-2020-14721 — CVSS 6.3 (medium): Vulnerability in the Oracle Enterprise Communications Broker product of Oracle Communications Applications (component: WebGUI). Supported…
CVE-2020-14563 — CVSS 6.1 (medium): Vulnerability in the Oracle Enterprise Communications Broker product of Oracle Communications Applications (component: WebGUI). Supported…
CVE-2019-10219 — CVSS 6.1 (medium): A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of…
CVE-2020-10726 — CVSS 6.0 (medium): A vulnerability was found in DPDK versions 19.11 and above. A malicious container that has direct access to the vhost-user socket can keep…
CVE-2020-1971 — CVSS 5.9 (medium): The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName…
CVE-2020-14722 — CVSS 5.8 (medium): Vulnerability in the Oracle Enterprise Communications Broker product of Oracle Communications Applications (component: WebGUI). Supported…
CVE-2020-28500 — CVSS 5.3 (medium): Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd…
CVE-2020-10722 — CVSS 5.1 (medium): A vulnerability was found in DPDK versions 18.05 and above. A missing check for an integer overflow in vhost_user_set_log_base() could…
CVE-2020-10723 — CVSS 5.1 (medium): A memory corruption issue was found in DPDK versions 17.05 and above. This flaw is caused by an integer truncation on the index of a…
CVE-2014-9708 — CVSS 5.0 (medium): Embedthis Appweb before 4.6.6 and 5.x before 5.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a…
CVE-2021-29425 — CVSS 4.8 (medium): In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or…
CVE-2020-11080 — CVSS 3.7 (low): In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack…
CVE-2016-3516 — CVSS 3.1 (low): Unspecified vulnerability in the Oracle Enterprise Communications Broker component in Oracle Communications Applications before PCz…