Vulnerabilities > Oracle > Enterprise Communications Broker

DATE CVE VULNERABILITY TITLE RISK
2021-08-24 CVE-2021-3711 Classic Buffer Overflow vulnerability in multiple products
In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt().
network
low complexity
openssl debian netapp oracle tenable CWE-120
critical
9.8
2021-08-24 CVE-2021-3712 Out-of-bounds Read vulnerability in multiple products
ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length.
7.4
2021-06-01 CVE-2021-23017 A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.
network
high complexity
f5 openresty fedoraproject netapp oracle
7.7
2021-04-13 CVE-2021-29425 Path Traversal vulnerability in multiple products
In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value.
network
high complexity
apache debian oracle netapp CWE-22
4.8
2021-02-15 CVE-2021-23337 Code Injection vulnerability in multiple products
Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.
network
low complexity
lodash oracle netapp siemens CWE-94
7.2
2021-02-15 CVE-2020-28500 Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions.
network
low complexity
lodash oracle siemens
5.3
2020-12-08 CVE-2020-1971 NULL Pointer Dereference vulnerability in multiple products
The X.509 GeneralName type is a generic type for representing different types of names.
5.9
2020-07-15 CVE-2020-14722 Unspecified vulnerability in Oracle Enterprise Communications Broker 3.0.0/3.1.0/3.2.0
Vulnerability in the Oracle Enterprise Communications Broker product of Oracle Communications Applications (component: WebGUI).
network
high complexity
oracle
5.8
2020-07-15 CVE-2020-14721 Unspecified vulnerability in Oracle Enterprise Communications Broker 3.0.0/3.1.0/3.2.0
Vulnerability in the Oracle Enterprise Communications Broker product of Oracle Communications Applications (component: WebGUI).
network
low complexity
oracle
6.3
2020-07-15 CVE-2020-14563 Cross-site Scripting vulnerability in Oracle Enterprise Communications Broker 3.0.0/3.1.0/3.2.0
Vulnerability in the Oracle Enterprise Communications Broker product of Oracle Communications Applications (component: WebGUI).
network
low complexity
oracle CWE-79
6.1