Lucene search
K
OracleCommunications Session Border Controller

22 matches found

CVE
CVE
added 2021/06/01 12:28 p.m.6318 views

CVE-2021-23017

CVE-2021-23017 affects nginx's resolver. A security issue arises from an off-by-one in ngx_resolver_copy when DNS labels are followed by a root-domain pointer, allowing a crafted UDP response to overwrite the least significant byte of the next heap chunk metadata. This can lead to a worker proces...

7.7CVSS6.3AI score0.53461EPSS
CVE
CVE
added 2020/12/08 3:30 p.m.1194 views

CVE-2020-1971

CVE-2020-1971 is described across multiple connected sources as a NULL-dereference in OpenSSL’s GENERAL_NAME_cmp when EDIPARTYNAME is present, potentially enabling a denial-of-service crash. Affected OpenSSL versions include all 1.1.1 and 1.0.2 lines; fixes are published in OpenSSL 1.1.1i and Ope...

5.9CVSS5.7AI score0.06968EPSS
CVE
CVE
added 2019/02/27 11:0 p.m.927 views

CVE-2019-1559

OpenSSL vulnerability CVE-2019-1559 describes a padding-oracle weakness where, if an application encounters a fatal protocol error and then calls SSL_shutdown() twice (to send close_notify and to receive one), the server may respond differently to a 0-byte record with invalid padding versus inval...

5.9CVSS6.3AI score0.17139EPSS
CVE
CVE
added 2021/07/20 6:1 p.m.803 views

CVE-2021-33909

CVE-2021-33909 affects the Linux kernel’s filesystem layer (fs/seq_file.c) across 3.16–5.13.x, with fixed releases in 5.13.4 and via patches noted in downstream advisories. The root cause is a size_t-to-int conversion that permits an integer overflow during seq buffer allocations, enabling an Out...

7.8CVSS7.9AI score0.09729EPSS
CVE
CVE
added 2021/08/24 2:50 p.m.766 views

CVE-2021-3711

CVE-2021-3711 involves a bug in OpenSSL SM2 decryption: the buffer-size calculation during EVP_PKEY_decrypt() first call can under-allocate, enabling a later second call with a too-small buffer and causing a buffer overflow (up to 62 bytes). The issue affects OpenSSL 1.1.1 up to 1.1.1k and is fix...

9.8CVSS9.9AI score0.87816EPSS
CVE
CVE
added 2021/08/24 2:50 p.m.710 views

CVE-2021-3712

The CVE-2021-3712 issue affects OpenSSL where ASN1_STRING data may not be NUL-terminated if constructed directly (or via ASN1_STRING_set0), causing read-buffer overreads when many OpenSSL print/name-constraining paths handle such ASN.1 strings. Exploitation could crash the application (DoS) or di...

7.4CVSS8AI score0.50445EPSS
CVE
CVE
added 2019/09/16 6:6 p.m.695 views

CVE-2019-5482

CVE-2019-5482 is a heap buffer overflow in curl/libcurl’s TFTP handler (tftp_receive_packet) affecting curl versions up to 7.65.3. Public advisories detail that a small TFTP blocksize can trigger overflow, potentially enabling DoS or arbitrary code execution. Public fixes exist across distributio...

9.8CVSS9.7AI score0.17939EPSS
CVE
CVE
added 2015/01/28 7:0 p.m.599 views

CVE-2015-0235

CVE-2015-0235 (GHOST) is a heap-based buffer overflow in glibc’s __nss_hostname_digits_dots() used by gethostbyname/gethostbyname2. Affected glibc versions include 2.2 up to 2.17; patched in glibc-2.18 and later. Exploitation could allow remote or context-dependent arbitrary code execution depend...

10CVSS7.7AI score0.94859EPSS
In wild
CVE
CVE
added 2021/02/15 12:15 p.m.590 views

CVE-2021-23337

CVE-2021-23337 (Lodash) affects Lodash versions prior to 4.17.21, vulnerable to Command Injection via the template function. Affected component: lodash.template; root cause: unsafe template evaluation. Impact per document: potential code execution with privileges of the running environment. Mitig...

7.2CVSS7.2AI score0.2241EPSS
CVE
CVE
added 2019/09/16 6:5 p.m.496 views

CVE-2019-5481

CVE-2019-5481 is a double-free vulnerability in curl’s FTP-Kerberos code, affecting curl 7.52.0 through 7.65.3. Exploitation involves a malicious FTP server sending a very large data block, which can cause memory corruption leading to a crash or denial of service (DoS). Multiple connected advisor...

9.8CVSS9.3AI score0.07266EPSS
CVE
CVE
added 2020/07/15 4:10 p.m.445 views

CVE-2020-8203

CVE-2020-8203 : Prototype pollution via lodash.zipObjectDeep in lodash versions before 4.17.20. The vulnerability allows modification of object prototypes, enabling attacker-controlled properties. IBM X-Force records this as a high-risk issue (CVSS~7.5; I/H, A/H; network driver with no user inter...

7.4CVSS6.9AI score0.05213EPSS
CVE
CVE
added 2019/01/11 9:0 p.m.426 views

CVE-2018-16865

CVE-2018-16865 affects systemd-journald (journald) and was described across multiple sources as a memory-allocation/stack-clash vulnerability. The issue occurs when many entries are sent to the journal socket (or via remote journald-remote) and can allow crash or code execution. Affected versions...

7.8CVSS7.8AI score0.02958EPSS
CVE
CVE
added 2021/02/15 11:10 a.m.419 views

CVE-2020-28500

CVE-2020-28500 affects Lodash prior to 4.17.21, vulnerability is Regular Expression Denial of Service (ReDoS) via toNumber, trim and trimEnd. Connected IBM bulletin confirms the issue and enumerates the affected versions; the remediation is to upgrade Lodash to 4.17.21 or later. No exploitation d...

5.3CVSS6AI score0.07336EPSS
CVE
CVE
added 2019/01/11 8:0 p.m.403 views

CVE-2018-16864

CVE-2018-16864 affects systemd-journald. The connected advisories confirm a memory-management issue in journald (and a backport memory leak in journald-server.c) that can crash journald or enable privilege escalation on local hosts. Root cause: memory allocations for command-line/state data not p...

7.8CVSS6.2AI score0.00717EPSS
CVE
CVE
added 2018/02/01 2:0 p.m.308 views

CVE-2018-6485

CVE-2018-6485 is an integer overflow in posix_memalign within glibc (memalign implementation) for versions 2.26 and earlier, which could cause a heap area to be too small and lead to heap corruption. The NVD CVSSv3/base score is 9.8 (CRITICAL) with network attack vector, no user interaction. Affe...

9.8CVSS8.4AI score0.04778EPSS
CVE
CVE
added 2019/11/08 2:46 p.m.296 views

CVE-2019-10219

The CVE-2019-10219 entry affects Hibernate Validator: SafeHtml validator annotation fails to sanitize HTML comments/instructions, enabling XSS in affected code paths. Affected CP4S versions are 1.7.2.0, 1.8.0.0, and 1.8.1.0. Remediation is to upgrade to Cloud Pak for Security 1.9.0.0 per IBM guid...

6.5CVSS6AI score0.02167EPSS
CVE
CVE
added 2018/05/18 4:0 p.m.254 views

CVE-2018-11236

Summary (CVE-2018-11236) : In glibc, the realpath path processing path can trigger an integer overflow in 32-bit builds within stdlib/canonicalize.c when handling very long pathname arguments, producing a stack-based buffer overflow and potentially arbitrary code execution. The vulnerability affe...

9.8CVSS8.8AI score0.074EPSS
CVE
CVE
added 2020/05/19 6:4 p.m.251 views

CVE-2020-10722

CVE-2020-10722 affects the DPDK vhost code, where a missing check for an integer overflow in vhost_user_set_log_base() could lead to a smaller memory map than requested and memory corruption. The vulnerability is present in DPDK 18.05 and later. Multiple connected advisories confirm impact and pr...

6.7CVSS7AI score0.00378EPSS
CVE
CVE
added 2020/05/19 6:2 p.m.248 views

CVE-2020-10723

CVE-2020-10723 describes a memory corruption in DPDK (versions 17.05 and above) caused by an integer truncation when copying a payload index from UInt to uint16, which can lead to out-of-bounds access. Publicly reported updates fix the vulnerability in various distributions: AlmaLinux 19.11.3 onw...

6.7CVSS6.8AI score0.00378EPSS
CVE
CVE
added 2018/05/18 4:0 p.m.191 views

CVE-2018-11237

CVE-2018-11237: A buffer overflow in the AVX-512-optimized mempcpy implementation (__mempcpy_avx512_no_vzeroupper) of glibc (2.27 and earlier). The overflow occurs when copying data beyond the target buffer, as demonstrated by vulnerable mempcpy paths described in public advisories and exploits. ...

7.8CVSS7.7AI score0.00858EPSS
CVE
CVE
added 2021/10/20 10:49 a.m.54 views

CVE-2021-2416

The CVE-2021-2416 issue affects Oracle Communications Session Border Controller (Routing) with affected versions 8.4 and 9.0. The vulnerability allows a high-privilege attacker who can reach the device over HTTP to cause a hang or frequently repeatable crash (complete DoS) on the SBC. The CVSSv3....

6.8CVSS4.7AI score0.00898EPSS
CVE
CVE
added 2021/10/20 10:49 a.m.49 views

CVE-2021-2414

CVE-2021-2414 is an Oracle Communications Session Border Controller (OC-SBC) routing component vulnerability. Affected products/versions: Oracle Communications Session Border Controller, routing component, with affected versions 8.4 and 9.0. Root cause and impact: vulnerability allows a high-priv...

6.8CVSS6.2AI score0.0112EPSS