Vulnerabilities > Oracle > Enterprise Session Border Controller
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-17 | CVE-2023-22083 | Unspecified vulnerability in Oracle Enterprise Session Border Controller 9.0 Vulnerability in the Oracle Enterprise Session Border Controller product of Oracle Communications (component: Web UI). | 4.3 |
| 2022-01-19 | CVE-2022-21382 | Unspecified vulnerability in Oracle Enterprise Session Border Controller 8.4/9.0 Vulnerability in the Oracle Enterprise Session Border Controller product of Oracle Communications (component: WebUI). | 7.7 |
| 2022-01-19 | CVE-2022-21383 | Unspecified vulnerability in Oracle Enterprise Session Border Controller 8.4/9.0 Vulnerability in the Oracle Enterprise Session Border Controller product of Oracle Communications (component: Log). | 4.3 |
| 2021-08-24 | CVE-2021-3711 | Classic Buffer Overflow vulnerability in multiple products In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). | 9.8 |
| 2021-08-24 | CVE-2021-3712 | Out-of-bounds Read vulnerability in multiple products ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. | 7.4 |
| 2021-06-01 | CVE-2021-23017 | Off-by-one Error vulnerability in multiple products A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact. | 7.7 |
| 2021-04-13 | CVE-2021-29425 | Path Traversal vulnerability in multiple products In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value. | 4.8 |
| 2020-12-08 | CVE-2020-1971 | NULL Pointer Dereference vulnerability in multiple products The X.509 GeneralName type is a generic type for representing different types of names. | 5.9 |
| 2020-07-15 | CVE-2020-14630 | Improper Resource Shutdown or Release vulnerability in Oracle Enterprise Session Border Controller 8.1.0/8.2.0/8.3.0 Vulnerability in the Oracle Enterprise Session Border Controller product of Oracle Communications Applications (component: File Upload). | 7.5 |
| 2020-04-29 | CVE-2020-11022 | Cross-site Scripting vulnerability in multiple products In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. | 6.1 |