Enterprise Communications Broker Security Vulnerabilities and Issues — Enterprise Communications Broker CVE List

Lucene search

OracleEnterprise Communications Broker

10 matches found

CVE•added 2020/12/08 4:15 p.m.•1032 views

CVE-2020-1971

The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrec...

5.9CVSS5.7AI score0.0031EPSS

CVE•added 2020/06/03 11:15 p.m.•661 views

CVE-2020-11080

In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes (2400 individual settings entries) over and over again. The attack causes th...

7.5CVSS6.5AI score0.00566EPSS

CVE•added 2020/07/15 5:15 p.m.•328 views

CVE-2020-8203

Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.

7.4CVSS6.9AI score0.02439EPSS

CVE•added 2020/05/19 7:15 p.m.•227 views

CVE-2020-10723

A memory corruption issue was found in DPDK versions 17.05 and above. This flaw is caused by an integer truncation on the index of a payload. Under certain circumstances, the index (a UInt) is copied and truncated into a uint16, which can lead to out of bound indexing and possible memory corruption...

6.7CVSS6.8AI score0.00198EPSS

CVE•added 2020/05/19 7:15 p.m.•216 views

CVE-2020-10722

A vulnerability was found in DPDK versions 18.05 and above. A missing check for an integer overflow in vhost_user_set_log_base() could result in a smaller memory map than requested, possibly allowing memory corruption.

6.7CVSS7AI score0.00198EPSS

CVE•added 2020/05/20 2:15 p.m.•171 views

CVE-2020-10725

A flaw was found in DPDK version 19.11 and above that allows a malicious guest to cause a segmentation fault of the vhost-user backend application running on the host, which could result in a loss of connectivity for the other guests running on that host. This is caused by a missing validity check ...

7.7CVSS7.3AI score0.00683EPSS

CVE•added 2020/05/20 2:15 p.m.•165 views

CVE-2020-10726

A vulnerability was found in DPDK versions 19.11 and above. A malicious container that has direct access to the vhost-user socket can keep sending VHOST_USER_GET_INFLIGHT_FD messages, causing a resource leak (file descriptors and virtual memory), which may result in a denial of service.

6CVSS5.4AI score0.00112EPSS

CVE•added 2020/07/15 6:15 p.m.•44 views

CVE-2020-14563

Vulnerability in the Oracle Enterprise Communications Broker product of Oracle Communications Applications (component: WebGUI). Supported versions that are affected are 3.0.0-3.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle En...

6.1CVSS5.8AI score0.00829EPSS

CVE•added 2020/07/15 6:15 p.m.•36 views

CVE-2020-14722

Vulnerability in the Oracle Enterprise Communications Broker product of Oracle Communications Applications (component: WebGUI). Supported versions that are affected are 3.0.0-3.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle ...

5.8CVSS5.8AI score0.00632EPSS

CVE•added 2020/07/15 6:15 p.m.•31 views

CVE-2020-14721

Vulnerability in the Oracle Enterprise Communications Broker product of Oracle Communications Applications (component: WebGUI). Supported versions that are affected are 3.0.0-3.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Ent...

6.5CVSS5.9AI score0.00234EPSS