Product:

Communications_session_border_controller

(Oracle)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 23
Date Id Summary Products Score Patch Annotated
2021-07-20 CVE-2021-33909 fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05. Debian_linux, Fedora, Linux_kernel, Hci_management_node, Solidfire, Communications_session_border_controller, Sma1000_firmware 7.8
2019-01-11 CVE-2018-16864 An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate his privileges. Versions through v240 are vulnerable. Ubuntu_linux, Debian_linux, Communications_session_border_controller, Enterprise_communications_broker, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Systemd 7.8
2019-01-11 CVE-2018-16865 An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A local attacker, or a remote one if systemd-journal-remote is used, may use this flaw to crash systemd-journald or execute code with journald privileges. Versions through v240 are vulnerable. Ubuntu_linux, Debian_linux, Communications_session_border_controller, Enterprise_communications_broker, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Systemd 7.8
2018-05-18 CVE-2018-11237 An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper. Ubuntu_linux, Glibc, Data_ontap_edge, Element_software_management, Communications_session_border_controller, Enterprise_communications_broker, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Virtualization_host 7.8
2021-02-15 CVE-2020-28500 Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions. Lodash, Banking_corporate_lending_process_management, Banking_credit_facilities_process_management, Banking_extensibility_workbench, Banking_supply_chain_finance, Banking_trade_finance_process_management, Communications_cloud_native_core_policy, Communications_design_studio, Communications_services_gatekeeper, Communications_session_border_controller, Enterprise_communications_broker, Financial_services_crime_and_compliance_management_studio, Health_sciences_data_management_workbench, Jd_edwards_enterpriseone_tools, Peoplesoft_enterprise_peopletools, Primavera_gateway, Primavera_unifier, Retail_customer_management_and_segmentation_foundation, Sinec_ins 5.3
2021-02-15 CVE-2021-23337 Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function. Lodash, Active_iq_unified_manager, Cloud_manager, System_manager, Banking_corporate_lending_process_management, Banking_credit_facilities_process_management, Banking_extensibility_workbench, Banking_supply_chain_finance, Banking_trade_finance_process_management, Communications_cloud_native_core_binding_support_function, Communications_cloud_native_core_policy, Communications_design_studio, Communications_services_gatekeeper, Communications_session_border_controller, Enterprise_communications_broker, Financial_services_crime_and_compliance_management_studio, Health_sciences_data_management_workbench, Jd_edwards_enterpriseone_tools, Peoplesoft_enterprise_peopletools, Primavera_gateway, Primavera_unifier, Retail_customer_management_and_segmentation_foundation, Sinec_ins 7.2
2021-10-20 CVE-2021-2414 Vulnerability in the Oracle Communications Session Border Controller product of Oracle Communications (component: Routing). Supported versions that are affected are 8.4 and 9.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Communications Session Border Controller. While the vulnerability is in Oracle Communications Session Border Controller, attacks may significantly impact additional products. Successful attacks of this... Communications_session_border_controller 6.8
2021-10-20 CVE-2021-2416 Vulnerability in the Oracle Communications Session Border Controller product of Oracle Communications (component: Routing). Supported versions that are affected are 8.4 and 9.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Communications Session Border Controller. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle... Communications_session_border_controller 4.9
2018-02-01 CVE-2018-6485 An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption. Glibc, Cloud_backup, Data_ontap_edge, Element_software, Element_software_management, Steelstore_cloud_integrated_storage, Storage_replication_adapter, Vasa_provider, Virtual_storage_console, Communications_session_border_controller, Enterprise_communications_broker, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Virtualization_host 9.8
2019-01-11 CVE-2018-16864 An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate his privileges. Versions through v240 are vulnerable. Ubuntu_linux, Debian_linux, Systemd, Communications_session_border_controller, Enterprise_communications_broker, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Virtualization 7.8