Vulnerabilities (CVE)

Filtered by vendor Oracle Subscribe
Filtered by product Communications Cloud Native Core Policy
Total 125 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-3520 4 Lz4 Project, Netapp, Oracle and 1 more 6 Lz4, Active Iq Unified Manager, Ontap Select Deploy Administration Utility and 3 more 2024-03-27 7.5 HIGH 9.8 CRITICAL
There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash. The greatest impact of this flaw is to availability, with some potential impact to confidentiality and integrity as well.
CVE-2020-14155 6 Apple, Gitlab, Netapp and 3 more 20 Macos, Gitlab, Active Iq Unified Manager and 17 more 2024-03-27 5.0 MEDIUM 5.3 MEDIUM
libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.
CVE-2020-8231 5 Debian, Haxx, Oracle and 2 more 5 Debian Linux, Libcurl, Communications Cloud Native Core Policy and 2 more 2024-03-27 5.0 MEDIUM 7.5 HIGH
Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data.
CVE-2020-8284 9 Apple, Debian, Fedoraproject and 6 more 29 Mac Os X, Macos, Debian Linux and 26 more 2024-03-27 4.3 MEDIUM 3.7 LOW
A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions.
CVE-2020-8285 9 Apple, Debian, Fedoraproject and 6 more 30 Mac Os X, Macos, Debian Linux and 27 more 2024-03-27 5.0 MEDIUM 7.5 HIGH
curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing.
CVE-2020-8286 8 Apple, Debian, Fedoraproject and 5 more 20 Mac Os X, Macos, Debian Linux and 17 more 2024-03-27 5.0 MEDIUM 7.5 HIGH
curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response.
CVE-2021-43976 5 Debian, Fedoraproject, Linux and 2 more 23 Debian Linux, Fedora, Linux Kernel and 20 more 2024-03-25 2.1 LOW 4.6 MEDIUM
In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic).
CVE-2021-37159 3 Debian, Linux, Oracle 5 Debian Linux, Linux Kernel, Communications Cloud Native Core Binding Support Function and 2 more 2024-03-25 4.4 MEDIUM 6.4 MEDIUM
hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel through 5.13.4 calls unregister_netdev without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free.
CVE-2021-42739 5 Debian, Fedoraproject, Linux and 2 more 8 Debian Linux, Fedora, Linux Kernel and 5 more 2024-03-24 4.6 MEDIUM 6.7 MEDIUM
The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandles bounds checking.
CVE-2019-20916 4 Debian, Opensuse, Oracle and 1 more 5 Debian Linux, Leap, Communications Cloud Native Core Network Function Cloud Native Environment and 2 more 2024-02-08 5.0 MEDIUM 7.5 HIGH
The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _internal/download.py.
CVE-2020-27820 3 Fedoraproject, Linux, Oracle 5 Fedora, Linux Kernel, Communications Cloud Native Core Binding Support Function and 2 more 2024-01-30 4.7 MEDIUM 4.7 MEDIUM
A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could happen if removing device (that is not common to remove video card physically without power-off, but same happens if "unbind" the driver).
CVE-2020-8203 2 Lodash, Oracle 18 Lodash, Banking Corporate Lending Process Management, Banking Credit Facilities Process Management and 15 more 2024-01-21 5.8 MEDIUM 7.4 HIGH
Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.
CVE-2023-21971 2 Netapp, Oracle 6 Active Iq Unified Manager, Oncommand Insight, Snapcenter and 3 more 2023-12-10 N/A 5.3 MEDIUM
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.32 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors as well as unauthorized update, insert or delete access to some of MySQL Connectors accessible data and unauthorized read access to a subset of MySQL Connectors accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:H).
CVE-2023-21824 1 Oracle 3 Communications Billing And Revenue Management Elastic Charging Engine, Communications Cloud Native Core Binding Support Function, Communications Cloud Native Core Policy 2023-12-10 N/A 4.4 MEDIUM
Vulnerability in the Oracle Communications BRM - Elastic Charging Engine product of Oracle Communications Applications (component: Customer, Config, Pricing Manager). Supported versions that are affected are 12.0.0.3.0-12.0.0.7.0. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Communications BRM - Elastic Charging Engine executes to compromise Oracle Communications BRM - Elastic Charging Engine. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications BRM - Elastic Charging Engine accessible data. CVSS 3.1 Base Score 4.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N).
CVE-2021-3752 6 Debian, Fedoraproject, Linux and 3 more 27 Debian Linux, Fedora, Linux Kernel and 24 more 2023-12-10 7.9 HIGH 7.1 HIGH
A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
CVE-2022-0322 3 Fedoraproject, Linux, Oracle 5 Fedora, Linux Kernel, Communications Cloud Native Core Binding Support Function and 2 more 2023-12-10 2.1 LOW 5.5 MEDIUM
A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more buffer than is allocated triggers a BUG_ON issue, leading to a denial of service (DOS).
CVE-2021-4002 4 Debian, Fedoraproject, Linux and 1 more 6 Debian Linux, Fedora, Linux Kernel and 3 more 2023-12-10 3.6 LOW 4.4 MEDIUM
A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the memory pages. A local user could use this flaw to get unauthorized access to some data.
CVE-2022-0001 2 Intel, Oracle 458 Atom P5921b, Atom P5931b, Atom P5942b and 455 more 2023-12-10 2.1 LOW 6.5 MEDIUM
Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.
CVE-2021-3744 5 Debian, Fedoraproject, Linux and 2 more 24 Debian Linux, Fedora, Linux Kernel and 21 more 2023-12-10 2.1 LOW 5.5 MEDIUM
A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption). This vulnerability is similar with the older CVE-2019-18808.
CVE-2022-22965 5 Cisco, Oracle, Siemens and 2 more 38 Cx Cloud Agent, Commerce Platform, Communications Cloud Native Core Automated Test Suite and 35 more 2023-12-10 7.5 HIGH 9.8 CRITICAL
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.