Lucene search
+L
OracleEnterprise Session Border Controller

13 matches found

CVE
CVE
added 2020/04/29 12:0 a.m.7696 views

CVE-2020-11022

CVE-2020-11022 affects jQuery versions >=1.2 and =3.5.0 or apply vendor guidance where applicable.

6.9CVSS6.7AI score0.99019EPSS
In wild
CVE
CVE
added 2021/06/01 12:28 p.m.6345 views

CVE-2021-23017

CVE-2021-23017 affects nginx's resolver. A security issue arises from an off-by-one in ngx_resolver_copy when DNS labels are followed by a root-domain pointer, allowing a crafted UDP response to overwrite the least significant byte of the next heap chunk metadata. This can lead to a worker proces...

7.7CVSS6.3AI score0.53461EPSS
CVE
CVE
added 2019/04/19 12:0 a.m.3114 views

CVE-2019-11358

CVE-2019-11358 is a prototype pollution vulnerability in jQuery (before 3.4.0) where mishandling of extend(true, {}, ...) can extend Object.prototype if an unsanitized source object has an enumerable proto property. The Core issue is triggered when a polluted prototype is introduced via nested ob...

6.1CVSS6.4AI score0.87218EPSS
In wild
CVE
CVE
added 2020/12/08 3:30 p.m.1197 views

CVE-2020-1971

CVE-2020-1971 is described across multiple connected sources as a NULL-dereference in OpenSSL’s GENERAL_NAME_cmp when EDIPARTYNAME is present, potentially enabling a denial-of-service crash. Affected OpenSSL versions include all 1.1.1 and 1.0.2 lines; fixes are published in OpenSSL 1.1.1i and Ope...

5.9CVSS5.7AI score0.06968EPSS
CVE
CVE
added 2021/08/24 2:50 p.m.767 views

CVE-2021-3711

CVE-2021-3711 involves a bug in OpenSSL SM2 decryption: the buffer-size calculation during EVP_PKEY_decrypt() first call can under-allocate, enabling a later second call with a too-small buffer and causing a buffer overflow (up to 62 bytes). The issue affects OpenSSL 1.1.1 up to 1.1.1k and is fix...

9.8CVSS9.9AI score0.87816EPSS
CVE
CVE
added 2021/08/24 2:50 p.m.713 views

CVE-2021-3712

The CVE-2021-3712 issue affects OpenSSL where ASN1_STRING data may not be NUL-terminated if constructed directly (or via ASN1_STRING_set0), causing read-buffer overreads when many OpenSSL print/name-constraining paths handle such ASN.1 strings. Exploitation could crash the application (DoS) or di...

7.4CVSS8AI score0.50445EPSS
CVE
CVE
added 2021/04/13 6:50 a.m.637 views

CVE-2021-29425

CVE-2021-29425 affects Apache Commons IO up to version 2.6, specifically FileNameUtils.normalize. With inputs such as "//../foo" or "\..\foo", normalization can yield a value that does not escape to higher directories, potentially enabling access to the parent directory if the resulting path is u...

5.8CVSS6.7AI score0.10608EPSS
In wild
CVE
CVE
added 2019/11/08 2:46 p.m.301 views

CVE-2019-10219

The CVE-2019-10219 entry affects Hibernate Validator: SafeHtml validator annotation fails to sanitize HTML comments/instructions, enabling XSS in affected code paths. Affected CP4S versions are 1.7.2.0, 1.8.0.0, and 1.8.1.0. Remediation is to upgrade to Cloud Pak for Security 1.9.0.0 per IBM guid...

6.5CVSS6AI score0.02167EPSS
CVE
CVE
added 2022/01/19 11:26 a.m.75 views

CVE-2022-21381

The CVE-2022-21381 entry concerns Oracle Communications’ Oracle Enterprise Session Border Controller (ESC) WebUI. Affected versions are 8.4 and 9.0. The vulnerability allows a low-privilege attacker who can reach the device over HTTP to compromise the ESC, potentially leading to unauthorized upda...

6.4CVSS5.7AI score0.0057EPSS
CVE
CVE
added 2022/01/19 11:26 a.m.66 views

CVE-2022-21382

CVE-2022-21382 affects Oracle Communications’ Oracle Enterprise Session Border Controller (WebUI) for the 8.4 and 9.0 ranges. A low-privilege, network-accessible attacker (via HTTP) can compromise the device, potentially enabling unauthorized creation, deletion or modification of data on the ECSB...

7.7CVSS7.1AI score0.00933EPSS
CVE
CVE
added 2022/01/19 11:26 a.m.66 views

CVE-2022-21383

CVE-2022-21383 affects Oracle Communications’ Oracle Enterprise Session Border Controller (E-SBC), specifically the “Log” component. Affected software versions are 8.4 and 9.0. The vulnerability allows a low-privilege, network-authenticated attacker (via HTTP) to compromise the E-SBC and can lead...

4.3CVSS3.7AI score0.00804EPSS
CVE
CVE
added 2023/10/17 9:2 p.m.60 views

CVE-2023-22083

CVE-2023-22083 pertains to Oracle’s Enterprise Session Border Controller (ESBC) Web UI. The issue, affecting ESBC versions 9.0–9.2, arises from insufficient input validation in the Web UI. An unauthenticated attacker who can reach the ESBC over HTTPS can trigger a read access to a subset of data,...

4.3CVSS3.3AI score0.00407EPSS
CVE
CVE
added 2020/07/15 5:34 p.m.43 views

CVE-2020-14630

CVE-2020-14630 is a vulnerability in Oracle Enterprise Session Border Controller (E-SBC) File Upload, affecting 8.1.0/8.2.0/8.3.0. The issue enables a high-privileged attacker who can reach the E-SBC over HTTP to cause a hang/crash (DOS) and unauthorized data modifications/reads. The base CVSS v3...

7.5CVSS7.2AI score0.008EPSS