Vulnerabilities > Oracle > Enterprise Communications Broker
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-24 | CVE-2021-3711 | Classic Buffer Overflow vulnerability in multiple products In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). | 9.8 |
| 2021-08-24 | CVE-2021-3712 | Out-of-bounds Read vulnerability in multiple products ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. | 7.4 |
| 2021-06-01 | CVE-2021-23017 | Off-by-one Error vulnerability in multiple products A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact. | 7.7 |
| 2021-04-13 | CVE-2021-29425 | Path Traversal vulnerability in multiple products In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value. | 4.8 |
| 2021-02-15 | CVE-2021-23337 | Code Injection vulnerability in multiple products Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function. | 6.5 |
| 2021-02-15 | CVE-2020-28500 | Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions. | 5.0 |
| 2020-12-08 | CVE-2020-1971 | NULL Pointer Dereference vulnerability in multiple products The X.509 GeneralName type is a generic type for representing different types of names. | 5.9 |
| 2020-07-15 | CVE-2020-14722 | Unspecified vulnerability in Oracle Enterprise Communications Broker 3.0.0/3.1.0/3.2.0 Vulnerability in the Oracle Enterprise Communications Broker product of Oracle Communications Applications (component: WebGUI). | 5.1 |
| 2020-07-15 | CVE-2020-14721 | Unspecified vulnerability in Oracle Enterprise Communications Broker 3.0.0/3.1.0/3.2.0 Vulnerability in the Oracle Enterprise Communications Broker product of Oracle Communications Applications (component: WebGUI). | 6.5 |
| 2020-07-15 | CVE-2020-14563 | Cross-site Scripting vulnerability in Oracle Enterprise Communications Broker 3.0.0/3.1.0/3.2.0 Vulnerability in the Oracle Enterprise Communications Broker product of Oracle Communications Applications (component: WebGUI). | 4.3 |