Oracle

Communications Session Border Controller

22 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.8

CVE-2021-2416

  • EPSS 0.21%
  • Veröffentlicht 20.10.2021 11:16:16
  • Zuletzt bearbeitet 21.11.2024 06:03:04

Vulnerability in the Oracle Communications Session Border Controller product of Oracle Communications (component: Routing). Supported versions that are affected are 8.4 and 9.0. Easily exploitable vulnerability allows high privileged attacker with ne...

6.8

CVE-2021-2414

  • EPSS 0.41%
  • Veröffentlicht 20.10.2021 11:16:16
  • Zuletzt bearbeitet 21.11.2024 06:03:04

Vulnerability in the Oracle Communications Session Border Controller product of Oracle Communications (component: Routing). Supported versions that are affected are 8.4 and 9.0. Easily exploitable vulnerability allows high privileged attacker with ne...

7.4

CVE-2021-3712

Warnung
  • EPSS 0.82%
  • Veröffentlicht 24.08.2021 15:15:09
  • Zuletzt bearbeitet 21.11.2024 06:22:13

ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the s...

9.8

CVE-2021-3711

  • EPSS 2.75%
  • Veröffentlicht 24.08.2021 15:15:09
  • Zuletzt bearbeitet 21.11.2024 06:22:12

In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen...

7.8

CVE-2021-33909

Exploit
  • EPSS 2.47%
  • Veröffentlicht 20.07.2021 19:15:09
  • Zuletzt bearbeitet 21.11.2024 06:09:45

fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05.

7.7

CVE-2021-23017

  • EPSS 76.12%
  • Veröffentlicht 01.06.2021 13:15:07
  • Zuletzt bearbeitet 21.11.2024 05:51:09

A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.

7.2

CVE-2021-23337

Exploit
  • EPSS 0.86%
  • Veröffentlicht 15.02.2021 13:15:12
  • Zuletzt bearbeitet 21.11.2024 05:51:31

Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.

5.3

CVE-2020-28500

Exploit
  • EPSS 0.2%
  • Veröffentlicht 15.02.2021 11:15:12
  • Zuletzt bearbeitet 21.11.2024 05:22:55

Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions.

5.9

CVE-2020-1971

  • EPSS 0.34%
  • Veröffentlicht 08.12.2020 16:15:11
  • Zuletzt bearbeitet 21.11.2024 05:11:45

The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they...

7.4

CVE-2020-8203

Exploit
  • EPSS 2.44%
  • Veröffentlicht 15.07.2020 17:15:11
  • Zuletzt bearbeitet 21.11.2024 05:38:29

Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.