This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Oracle First view 2017-04-17
Product Communications Webrtc Session Controller Last view 2018-10-16
Version 7.1 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:oracle:communications_webrtc_session_controller

Activity : Overall

Related : CVE

  Date Alert Description
7.5 2018-10-16 CVE-2018-3246

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). Supported versions that are affected are 12.1.3.0 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

7.5 2018-06-05 CVE-2018-1000180

Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected. This appears to be fixed in versions BC 1.60 beta 4 and later, BC-FJA 1.0.2 and later.

9.8 2018-05-24 CVE-2018-8013

In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization.

9.1 2018-05-24 CVE-2018-1000301

curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content.. This vulnerability appears to have been fixed in curl < 7.20.0 and curl >= 7.60.0.

9.1 2018-03-14 CVE-2018-1000122

A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage

7.5 2018-03-14 CVE-2018-1000121

A NULL pointer dereference exists in curl 7.21.0 to and including curl 7.58.0 in the LDAP code that allows an attacker to cause a denial of service

9.8 2018-03-14 CVE-2018-1000120

A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 in the FTP URL handling that allows an attacker to cause a denial of service or worse.

6.1 2018-01-18 CVE-2015-9251

jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.

6.3 2017-10-19 CVE-2017-10153

Vulnerability in the Oracle Communications WebRTC Session Controller component of Oracle Communications Applications (subcomponent: Security (Gson)). Supported versions that are affected are 7.0, 7.1 and 7.2. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise Oracle Communications WebRTC Session Controller. While the vulnerability is in Oracle Communications WebRTC Session Controller, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications WebRTC Session Controller. CVSS 3.0 Base Score 6.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H).

9.8 2017-04-17 CVE-2017-5645

In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.

CWE : Common Weakness Enumeration

%idName
25% (2) CWE-502 Deserialization of Untrusted Data
25% (2) CWE-125 Out-of-bounds Read
12% (1) CWE-787 Out-of-bounds Write
12% (1) CWE-476 NULL Pointer Dereference
12% (1) CWE-327 Use of a Broken or Risky Cryptographic Algorithm
12% (1) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-10 Name: The remote Amazon Linux 2 host is missing a security update.
File: al2_ALAS-2019-1139.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-fa01002d7e.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-ceced55c5e.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-bc65ab5014.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-168af81706.nasl - Type: ACT_GATHER_INFO
2018-11-16 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2018-3157.nasl - Type: ACT_GATHER_INFO
2018-10-26 Name: The remote EulerOS Virtualization host is missing multiple security updates.
File: EulerOS_SA-2018-1330.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2018-2_0-0068.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2018-1_0-0158.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2018-1_0-0124.nasl - Type: ACT_GATHER_INFO
2018-08-08 Name: A web application running on the remote host is affected by multiple vulnerab...
File: mysql_enterprise_monitor_3_4_8.nasl - Type: ACT_GATHER_INFO
2018-07-16 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_fe93803c883f11e89f0c001b216d295b.nasl - Type: ACT_GATHER_INFO
2018-07-03 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2018-1202.nasl - Type: ACT_GATHER_INFO
2018-07-03 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2018-1203.nasl - Type: ACT_GATHER_INFO
2018-06-25 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4233.nasl - Type: ACT_GATHER_INFO
2018-06-20 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201806-05.nasl - Type: ACT_GATHER_INFO
2018-06-19 Name: The remote Fedora host is missing a security update.
File: fedora_2018-da9fe79871.nasl - Type: ACT_GATHER_INFO
2018-06-12 Name: The remote Amazon Linux 2 host is missing a security update.
File: al2_ALAS-2018-1029.nasl - Type: ACT_GATHER_INFO
2018-06-11 Name: The remote Fedora host is missing a security update.
File: fedora_2018-79792e0c64.nasl - Type: ACT_GATHER_INFO
2018-06-05 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4215.nasl - Type: ACT_GATHER_INFO
2018-05-29 Name: The remote Debian host is missing a security update.
File: debian_DLA-1385.nasl - Type: ACT_GATHER_INFO
2018-05-24 Name: The remote Fedora host is missing a security update.
File: fedora_2018-9dc7338487.nasl - Type: ACT_GATHER_INFO
2018-05-18 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4202.nasl - Type: ACT_GATHER_INFO
2018-05-17 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_04fe6c8d2a344009a81ee7a7e759b5d2.nasl - Type: ACT_GATHER_INFO
2018-05-17 Name: The remote Debian host is missing a security update.
File: debian_DLA-1379.nasl - Type: ACT_GATHER_INFO