Oracle Sd-Wan Edge vulnerabilities

25 known vulnerabilities affecting oracle/sd-wan_edge.

Total CVEs
25
CISA KEV
2
actively exploited
Public exploits
2
Exploited in wild
2
Severity breakdown
CRITICAL4HIGH11MEDIUM9LOW1

Vulnerabilities

Page 2 of 2
CVE-2019-10219MEDIUMCVSS 6.1v9.0v9.12019-11-08
CVE-2019-10219 [MEDIUM] CWE-79 CVE-2019-10219: A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properl A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.
nvd
CVE-2019-14821HIGHCVSS 8.8v7.3v8.0+2 more2019-09-19
CVE-2019-14821 [HIGH] CWE-787 CVE-2019-14821: An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Li An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process.
nvd
CVE-2019-15218MEDIUMCVSS 4.6v8.22019-08-19
CVE-2019-15218 [MEDIUM] CWE-476 CVE-2019-15218: An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/siano/smsusb.c driver.
nvd
CVE-2019-1010238CRITICALCVSS 9.8v7.3v8.0+2 more2019-07-19
CVE-2019-1010238 [CRITICAL] CWE-787 CVE-2019-1010238: Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer ove Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pango_log2vis_get_embedding_levels, assignment of nchars and the loop condition. The attack vector is: Bug can be used when application pass invalid utf-8 strings to funct
nvd
CVE-2019-3900HIGHCVSS 7.7v8.22019-04-25
CVE-2019-3900 [HIGH] CWE-835 CVE-2019-3900: An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could use this flaw to stall the vhost_net kernel thread, resulting in a DoS scena
nvd
← Previous2 / 2