Oracle

Enterprise Communications Broker

28 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.4

CVE-2021-3712

Warnung
  • EPSS 0.82%
  • Veröffentlicht 24.08.2021 15:15:09
  • Zuletzt bearbeitet 21.11.2024 06:22:13

ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the s...

9.8

CVE-2021-3711

  • EPSS 2.75%
  • Veröffentlicht 24.08.2021 15:15:09
  • Zuletzt bearbeitet 21.11.2024 06:22:12

In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen...

7.7

CVE-2021-23017

  • EPSS 76.12%
  • Veröffentlicht 01.06.2021 13:15:07
  • Zuletzt bearbeitet 21.11.2024 05:51:09

A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.

5.8

CVE-2021-29425

Exploit
  • EPSS 0.48%
  • Veröffentlicht 13.04.2021 07:15:12
  • Zuletzt bearbeitet 21.11.2024 06:01:04

In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but ...

7.2

CVE-2021-23337

Exploit
  • EPSS 0.86%
  • Veröffentlicht 15.02.2021 13:15:12
  • Zuletzt bearbeitet 21.11.2024 05:51:31

Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.

5.3

CVE-2020-28500

Exploit
  • EPSS 0.2%
  • Veröffentlicht 15.02.2021 11:15:12
  • Zuletzt bearbeitet 21.11.2024 05:22:55

Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions.

5.9

CVE-2020-1971

  • EPSS 0.34%
  • Veröffentlicht 08.12.2020 16:15:11
  • Zuletzt bearbeitet 21.11.2024 05:11:45

The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they...

5.8

CVE-2020-14722

  • EPSS 0.63%
  • Veröffentlicht 15.07.2020 18:15:36
  • Zuletzt bearbeitet 21.11.2024 05:03:58

Vulnerability in the Oracle Enterprise Communications Broker product of Oracle Communications Applications (component: WebGUI). Supported versions that are affected are 3.0.0-3.2.0. Difficult to exploit vulnerability allows unauthenticated attacker w...

6.5

CVE-2020-14721

  • EPSS 0.23%
  • Veröffentlicht 15.07.2020 18:15:36
  • Zuletzt bearbeitet 21.11.2024 05:03:58

Vulnerability in the Oracle Enterprise Communications Broker product of Oracle Communications Applications (component: WebGUI). Supported versions that are affected are 3.0.0-3.2.0. Easily exploitable vulnerability allows low privileged attacker with...

6.1

CVE-2020-14563

  • EPSS 0.83%
  • Veröffentlicht 15.07.2020 18:15:21
  • Zuletzt bearbeitet 21.11.2024 05:03:33

Vulnerability in the Oracle Enterprise Communications Broker product of Oracle Communications Applications (component: WebGUI). Supported versions that are affected are 3.0.0-3.2.0. Easily exploitable vulnerability allows unauthenticated attacker wit...