Oracle Communications Eagle Lnp Application Processor vulnerabilities

6 known vulnerabilities affecting oracle/communications_eagle_lnp_application_processor.

Total CVEs
6
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH4

Vulnerabilities

Page 1 of 1
CVE-2021-21783CRITICALCVSS 9.8v46.7v46.8+1 more2021-03-25
CVE-2021-21783 [CRITICAL] CWE-680 CVE-2021-21783: A code execution vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8 A code execution vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability.
nvd
CVE-2020-12723HIGHCVSS 7.5v10.1v10.22020-06-05
CVE-2020-12723 [HIGH] CWE-120 CVE-2020-12723: regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.
nvd
CVE-2020-10543HIGHCVSS 8.2v10.1v10.2+3 more2020-06-05
CVE-2020-10543 [HIGH] CWE-190 CVE-2020-10543: Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular ex Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.
nvd
CVE-2020-10878HIGHCVSS 8.6v10.1v10.2+3 more2020-06-05
CVE-2020-10878 [HIGH] CWE-190 CVE-2020-10878: Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.
nvd
CVE-2017-3730HIGHCVSS 7.5PoCv10.0v10.1+1 more2017-05-04
CVE-2017-3730 [HIGH] CWE-476 CVE-2017-3730: In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash. This could be exploited in a Denial of Service attack.
nvd
CVE-2015-0235CRITICALCVSS 10.0PoCv10.02015-01-28
CVE-2015-0235 [CRITICAL] CWE-787 CVE-2015-0235: Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x ve Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST."
nvd