Latest oracle enterprise communications broker Vulnerabilities

CVE-2021-3712
OpenSSL could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read when processing ASN.1 strings. By sending specially crafted data, an attacker could exploit this ...
redhat/jbcs-httpd24-apr<0:1.6.3-107.el8
redhat/jbcs-httpd24-apr-util<0:1.6.1-84.el8
redhat/jbcs-httpd24-curl<0:7.78.0-2.el8
redhat/jbcs-httpd24-httpd<0:2.4.37-78.el8
redhat/jbcs-httpd24-nghttp2<0:1.39.2-39.el8
redhat/jbcs-httpd24-openssl<1:1.1.1g-8.el8
and 79 more
CVE-2021-3711
OpenSSL is vulnerable to a buffer overflow, caused by improper bounds checking by the EVP_PKEY_decrypt() function within implementation of the SM2 decryption. By sending specially crafted SM2 content,...
debian/openssl
redhat/openssl<1.1.1
IBM Cognos Analytics<=12.0.0-12.0.1
IBM Cognos Analytics<=11.2.0-11.2.4 FP2
IBM Cognos Analytics<=11.1.1-11.1.7 FP7
OpenSSL OpenSSL>=1.1.1<1.1.1l
and 41 more
CVE-2021-23017
A flaw was found in nginx. An off-by-one error while processing DNS responses allows a network attacker to write a dot character out of bounds in a heap allocated buffer which can allow overwriting th...
F5 Nginx>=0.6.18<1.20.1
Openresty Openresty<1.19.3.2
Fedoraproject Fedora=33
Fedoraproject Fedora=34
NetApp ONTAP Select Deploy administration utility
Oracle Blockchain Platform<21.1.2
and 27 more
CVE-2021-29425
Apache Commons IO could allow a remote attacker to traverse directories on the system, caused by improper input validation by the FileNameUtils.normalize method. An attacker could send a specially-cra...
redhat/eap7-apache-commons-io<0:2.10.0-1.redhat_00001.1.el6ea
redhat/eap7-hal-console<0:3.2.16-1.Final_redhat_00001.1.el6ea
redhat/eap7-hibernate<0:5.3.20-4.SP2_redhat_00001.1.el6ea
redhat/eap7-ironjacamar<0:1.4.35-1.Final_redhat_00001.1.el6ea
redhat/eap7-jakarta-el<0:3.0.3-2.redhat_00006.1.el6ea
redhat/eap7-jberet<0:1.3.9-1.Final_redhat_00001.1.el6ea
and 185 more
CVE-2021-23337
`lodash` versions prior to 4.17.21 are vulnerable to Command Injection via the template function.
redhat/cockpit-ovirt<0:0.15.1-2.el8e
redhat/ovirt-engine-ui-extensions<0:1.2.6-1.el8e
redhat/ovirt-web-ui<0:1.6.9-1.el8e
redhat/nodejs-lodash<4.17.21
npm/lodash-template<=1.0.0
npm/lodash.template<=4.5.0
and 50 more
CVE-2020-28500
A flaw was found in nodejs-lodash. A Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions is possible.
redhat/cockpit-ovirt<0:0.15.1-2.el8e
redhat/ovirt-engine-ui-extensions<0:1.2.6-1.el8e
redhat/ovirt-web-ui<0:1.6.9-1.el8e
npm/lodash.trim<=4.5.1
npm/lodash.trimend<=4.5.1
npm/lodash-es<4.17.21
and 44 more
CVE-2020-1971
A null pointer dereference flaw was found in openssl. A remote attacker, able to control the arguments of the GENERAL_NAME_cmp function, could cause the application, compiled with openssl to crash res...
redhat/jbcs-httpd24-brotli<0:1.0.6-40.jbcs.el7
redhat/jbcs-httpd24-httpd<0:2.4.37-66.jbcs.el7
redhat/jbcs-httpd24-nghttp2<0:1.39.2-35.jbcs.el7
redhat/jbcs-httpd24-openssl<1:1.1.1g-3.jbcs.el7
redhat/jbcs-httpd24-openssl-chil<0:1.0.0-3.jbcs.el7
redhat/jbcs-httpd24-openssl-pkcs11<0:0.4.10-18.jbcs.el7
and 95 more
CVE-2020-14721
Vulnerability in the Oracle Enterprise Communications Broker product of Oracle Communications Applications (component: WebGUI). Supported versions that are affected are 3.0.0-3.2.0. Easily exploitable...
Oracle Enterprise Communications Broker>=3.0.0<=3.2.0
CVE-2020-14722
Vulnerability in the Oracle Enterprise Communications Broker product of Oracle Communications Applications (component: WebGUI). Supported versions that are affected are 3.0.0-3.2.0. Difficult to explo...
Oracle Enterprise Communications Broker>=3.0.0<=3.2.0
CVE-2020-14563
Vulnerability in the Oracle Enterprise Communications Broker product of Oracle Communications Applications (component: WebGUI). Supported versions that are affected are 3.0.0-3.2.0. Easily exploitable...
Oracle Enterprise Communications Broker>=3.0.0<=3.2.0
CVE-2020-11080
In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a ...
debian/nodejs<=10.20.1~dfsg-1<=10.19.0~dfsg1-1
Nghttp2 Nghttp2<1.41.0
Debian Debian Linux=9.0
Debian Debian Linux=10.0
openSUSE Leap=15.1
Fedoraproject Fedora=31
and 36 more
CVE-2020-10726
A vulnerability was found in DPDK through version 19.11, A malicious container which has direct access to the vhost-user socket can keep sending VHOST_USER_GET_INFLIGHT_FD messages which may cause lea...
redhat/openvswitch2.13<0:2.13.0-25.el8fd
redhat/dpdk<0:19.11.3-1.el8
Dpdk Data Plane Development Kit<=19.11
Fedoraproject Fedora=32
openSUSE Leap=15.1
Oracle Enterprise Communications Broker=3.1.0
and 6 more
CVE-2020-10725
A flaw was found in DPDK version 19.11 and above that allows a malicious guest to cause a segmentation fault of the vhost-user backend application running on the host, which could result in a loss of ...
redhat/openvswitch2.13<0:2.13.0-25.el8fd
redhat/dpdk<0:19.11.3-1.el8
redhat/dpdk<0:19.11-5.el8_2
Dpdk Data Plane Development Kit<=19.11
Fedoraproject Fedora=32
openSUSE Leap=15.1
and 7 more
CVE-2020-10723
A memory corruption issue was found in DPDK versions 17.05 and above. This flaw is caused by an integer truncation on the index of a payload. Under certain circumstances, the index (a UInt) is copied ...
redhat/openvswitch2.11<0:2.11.0-54.20200327gita4efc59.el7fd
redhat/openvswitch<0:2.9.0-130.el7fd
redhat/openvswitch2.13<0:2.13.0-25.el8fd
redhat/openvswitch2.11<0:2.11.0-54.20200327gita4efc59.el8fd
redhat/dpdk<0:18.11.8-1.el7_8
redhat/dpdk<0:19.11.3-1.el8
and 21 more
CVE-2020-10722
A vulnerability was found in DPDK through version 18.11, vhost_user_set_log_base() is a message handler that is called to handle the VHOST_USER_SET_LOG_BASE message. Its payload contains a 64 bit size...
redhat/openvswitch2.11<0:2.11.0-54.20200327gita4efc59.el7fd
redhat/openvswitch<0:2.9.0-130.el7fd
redhat/openvswitch2.13<0:2.13.0-25.el8fd
redhat/openvswitch2.11<0:2.11.0-54.20200327gita4efc59.el8fd
redhat/dpdk<0:18.11.8-1.el7_8
redhat/dpdk<0:19.11.3-1.el8
and 21 more
CVE-2020-8203
A flaw was found in nodejs-lodash in versions 4.17.15 and earlier. A prototype pollution attack is possible which can lead to arbitrary code execution. The primary threat from this vulnerability is to...
redhat/kiali<0:v1.12.10.redhat2-1.el7
redhat/ior<0:1.1.6-1.el8
redhat/servicemesh<0:1.1.6-1.el8
redhat/servicemesh-cni<0:1.1.6-1.el8
redhat/servicemesh-grafana<0:6.4.3-13.el8
redhat/servicemesh-operator<0:1.1.6-2.el8
and 54 more
CVE-2019-9511
Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data ...
redhat/jbcs-httpd24-httpd<0:2.4.29-41.jbcs.el6
redhat/jbcs-httpd24-nghttp2<0:1.39.2-1.jbcs.el6
redhat/jbcs-httpd24-apr<0:1.6.3-63.jbcs.el6
redhat/jbcs-httpd24-apr-util<0:1.6.1-48.jbcs.el6
redhat/jbcs-httpd24-brotli<0:1.0.6-7.jbcs.el6
redhat/jbcs-httpd24-curl<0:7.64.1-14.jbcs.el6
and 168 more
CVE-2019-10219
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This...
redhat/eap7-apache-cxf<0:3.2.11-1.redhat_00001.1.el6ea
redhat/eap7-glassfish-jsf<0:2.3.5-6.SP3_redhat_00004.1.el6ea
redhat/eap7-hal-console<0:3.0.19-1.Final_redhat_00001.1.el6ea
redhat/eap7-hibernate<0:5.3.14-1.Final_redhat_00001.1.el6ea
redhat/eap7-hibernate-validator<0:6.0.18-1.Final_redhat_00001.1.el6ea
redhat/eap7-jackson-annotations<0:2.9.10-1.redhat_00003.1.el6ea
and 795 more
CVE-2019-9513
Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the str...
redhat/jbcs-httpd24-httpd<0:2.4.29-41.jbcs.el6
redhat/jbcs-httpd24-nghttp2<0:1.39.2-1.jbcs.el6
redhat/jbcs-httpd24-apr<0:1.6.3-63.jbcs.el6
redhat/jbcs-httpd24-apr-util<0:1.6.1-48.jbcs.el6
redhat/jbcs-httpd24-brotli<0:1.0.6-7.jbcs.el6
redhat/jbcs-httpd24-curl<0:7.64.1-14.jbcs.el6
and 104 more
CVE-2018-16865
A flaw was found in systemd-journald. An uncontrolled alloca() by writing a crafted message to /run/systemd/journal/socket that results in a stack buffer overflow. This can lead to a denial of service...
Systemd Project Systemd<=240
Redhat Enterprise Linux Desktop=7.0
Redhat Enterprise Linux Server=7.0
Redhat Enterprise Linux Server Aus=7.3
Redhat Enterprise Linux Server Aus=7.6
Redhat Enterprise Linux Server Eus=7.5
and 19 more
CVE-2018-16864
A flaw was found in systemd-journald. A stack buffer overflow when passing several MB of arguments to a program calling syslog function. This can lead to a denial of service attack or arbitrary code e...
Systemd Project Systemd<=240
Redhat Enterprise Linux Desktop=7.0
Redhat Enterprise Linux Server=7.0
Redhat Enterprise Linux Server=7.4
Redhat Enterprise Linux Server=7.5
Redhat Enterprise Linux Server=7.6
and 22 more
CVE-2018-11236
stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit a...
redhat/glibc<2.28
ubuntu/glibc<2.27-3ubuntu1.2
ubuntu/glibc<2.28
ubuntu/glibc<2.23-0ubuntu11.2
debian/glibc
GNU glibc<=2.27
and 11 more
CVE-2018-11237
An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcp...
redhat/glibc<2.28
ubuntu/glibc<2.27-3ubuntu1.2
ubuntu/glibc<2.28
ubuntu/glibc<2.23-0ubuntu11.2
GNU glibc<=2.27
Redhat Virtualization Host=4.0
and 14 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203