threat
engine
.sh
Back
·
··:··
Home
/
Product
/
oracle enterprise communications broker
Product
oracle enterprise communications broker
28 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2021-3712
all versions
ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string dat
7.4
HIGH
CVE-2021-3711
all versions
In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an applic
9.8
CRITICAL
CVE-2021-23017
all versions
A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS ser
7.7
HIGH
CVE-2021-29425
all versions
In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo",
4.8
MEDIUM
CVE-2021-23337
all versions
Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.
7.2
HIGH
CVE-2020-28500
all versions
Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd
5.3
MEDIUM
CVE-2020-1971
all versions
The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPar
5.9
MEDIUM
CVE-2020-14722
>= 3.0.0 and <= 3.2.0
Vulnerability in the Oracle Enterprise Communications Broker product of Oracle Communications Applications (component: WebGUI). Su
5.8
MEDIUM
CVE-2020-14721
>= 3.0.0 and <= 3.2.0
Vulnerability in the Oracle Enterprise Communications Broker product of Oracle Communications Applications (component: WebGUI). Su
6.3
MEDIUM
CVE-2020-14563
>= 3.0.0 and <= 3.2.0
Vulnerability in the Oracle Enterprise Communications Broker product of Oracle Communications Applications (component: WebGUI). Su
6.1
MEDIUM
CVE-2020-8203
all versions
Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.
7.4
HIGH
CVE-2020-11080
all versions
In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept at
3.7
LOW
CVE-2020-10726
all versions
A vulnerability was found in DPDK versions 19.11 and above. A malicious container that has direct access to the vhost-user socket
6.0
MEDIUM
CVE-2020-10725
all versions
A flaw was found in DPDK version 19.11 and above that allows a malicious guest to cause a segmentation fault of the vhost-user bac
7.7
HIGH
CVE-2020-10723
all versions
A memory corruption issue was found in DPDK versions 17.05 and above. This flaw is caused by an integer truncation on the index of
5.1
MEDIUM
CVE-2020-10722
all versions
A vulnerability was found in DPDK versions 18.05 and above. A missing check for an integer overflow in vhost_user_set_log_base() c
5.1
MEDIUM
CVE-2019-10219
all versions
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting
6.1
MEDIUM
CVE-2019-9513
all versions
Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates mul
7.5
HIGH
CVE-2019-9511
all versions
Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading
7.5
HIGH
CVE-2018-16865
all versions
An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in syst
7.8
HIGH
CVE-2018-16864
all versions
An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in syst
7.8
HIGH
CVE-2018-11237
all versions
An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write d
7.8
HIGH
CVE-2018-11236
all versions
stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to
9.8
CRITICAL
CVE-2018-6485
all versions
An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.
9.8
CRITICAL
CVE-2016-3516
<= 2.0.041
Unspecified vulnerability in the Oracle Enterprise Communications Broker component in Oracle Communications Applications before PC
3.1
LOW
CVE-2016-3515
<= 2.0.041
Unspecified vulnerability in the Oracle Enterprise Communications Broker component in Oracle Communications Applications before PC
7.5
HIGH
CVE-2016-3514
<= 2.0.041
Unspecified vulnerability in the Oracle Enterprise Communications Broker component in Oracle Communications Applications before PC
6.5
MEDIUM
CVE-2014-9708
<= 2.0.0
Embedthis Appweb before 4.6.6 and 5.x before 5.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference)
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin