Enterprise Communications Broker

DATE	CVE	VULNERABILITY TITLE	RISK
2020-07-15	CVE-2020-8203	Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20. network high complexity lodash oracle	7.4
2020-06-03	CVE-2020-11080	Improper Enforcement of Message or Data Structure vulnerability in multiple products In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. network low complexity nghttp2 debian opensuse fedoraproject oracle nodejs CWE-707	7.5
2020-05-20	CVE-2020-10726	Integer Overflow or Wraparound vulnerability in multiple products A vulnerability was found in DPDK versions 19.11 and above. local low complexity dpdk fedoraproject opensuse oracle CWE-190	4.4
2020-05-20	CVE-2020-10725	Improper Initialization vulnerability in multiple products A flaw was found in DPDK version 19.11 and above that allows a malicious guest to cause a segmentation fault of the vhost-user backend application running on the host, which could result in a loss of connectivity for the other guests running on that host. network low complexity dpdk fedoraproject opensuse oracle CWE-665	7.7
2020-05-19	CVE-2020-10723	Integer Overflow or Wraparound vulnerability in multiple products A memory corruption issue was found in DPDK versions 17.05 and above. local low complexity dpdk canonical fedoraproject opensuse oracle CWE-190	6.7
2020-05-19	CVE-2020-10722	Integer Overflow or Wraparound vulnerability in multiple products A vulnerability was found in DPDK versions 18.05 and above. local low complexity dpdk canonical fedoraproject opensuse oracle CWE-190	6.7
2019-11-08	CVE-2019-10219	Cross-site Scripting vulnerability in multiple products A vulnerability was found in Hibernate-Validator. network low complexity redhat netapp oracle CWE-79	6.1
2019-08-13	CVE-2019-9513	Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. network low complexity apple apache canonical debian fedoraproject synology opensuse redhat oracle mcafee f5 nodejs	7.5
2019-08-13	CVE-2019-9511	Allocation of Resources Without Limits or Throttling vulnerability in multiple products Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. network low complexity apple apache canonical debian synology fedoraproject opensuse redhat oracle mcafee f5 nodejs CWE-770	7.5
2019-01-11	CVE-2018-16865	Allocation of Resources Without Limits or Throttling vulnerability in multiple products An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. local low complexity systemd-project redhat debian canonical oracle CWE-770	7.8