Vulnerabilities (CVE)

Filtered by vendor Oracle Subscribe
Filtered by product Communications Cloud Native Core Security Edge Protection Proxy
Total 26 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-22946 8 Apple, Debian, Fedoraproject and 5 more 37 Macos, Debian Linux, Fedora and 34 more 2024-03-27 5.0 MEDIUM 7.5 HIGH
A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl). This requirement could be bypassed if the server would return a properly crafted but perfectly legitimate response.This flaw would then make curl silently continue its operations **withoutTLS** contrary to the instructions and expectations, exposing possibly sensitive data in clear text over the network.
CVE-2021-22947 8 Apple, Debian, Fedoraproject and 5 more 34 Macos, Debian Linux, Fedora and 31 more 2024-03-27 4.3 MEDIUM 5.9 MEDIUM
When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. curl would then upgrade to TLS but not flush the in-queue of cached responses but instead continue using and trustingthe responses it got *before* the TLS handshake as if they were authenticated.Using this flaw, it allows a Man-In-The-Middle attacker to first inject the fake responses, then pass-through the TLS traffic from the legitimate server and trick curl into sending data back to the user thinking the attacker's injected data comes from the TLS-protected server.
CVE-2021-43396 2 Gnu, Oracle 7 Glibc, Communications Cloud Native Core Binding Support Function, Communications Cloud Native Core Network Function Cloud Native Environment and 4 more 2024-03-21 5.0 MEDIUM 7.5 HIGH
In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, remote attackers can force iconv() to emit a spurious '\0' character via crafted ISO-2022-JP-3 data that is accompanied by an internal state reset. This may affect data integrity in certain iconv() use cases. NOTE: the vendor states "the bug cannot be invoked through user input and requires iconv to be invoked with a NULL inbuf, which ought to require a separate application bug to do so unintentionally. Hence there's no security impact to the bug.
CVE-2022-24407 5 Cyrusimap, Debian, Fedoraproject and 2 more 8 Cyrus-sasl, Debian Linux, Fedora and 5 more 2023-12-10 6.5 MEDIUM 8.8 HIGH
In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement.
CVE-2022-22965 5 Cisco, Oracle, Siemens and 2 more 38 Cx Cloud Agent, Commerce Platform, Communications Cloud Native Core Automated Test Suite and 35 more 2023-12-10 7.5 HIGH 9.8 CRITICAL
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
CVE-2022-22947 2 Oracle, Vmware 10 Commerce Guided Search, Communications Cloud Native Core Binding Support Function, Communications Cloud Native Core Console and 7 more 2023-12-10 6.8 MEDIUM 10.0 CRITICAL
In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host.
CVE-2022-22946 2 Oracle, Vmware 6 Commerce Guided Search, Communications Cloud Native Core Binding Support Function, Communications Cloud Native Core Console and 3 more 2023-12-10 2.1 LOW 5.5 MEDIUM
In spring cloud gateway versions prior to 3.1.1+ , applications that are configured to enable HTTP2 and no key store or trusted certificates are set will be configured to use an insecure TrustManager. This makes the gateway able to connect to remote services with invalid or custom certificates.
CVE-2020-36518 4 Debian, Fasterxml, Netapp and 1 more 36 Debian Linux, Jackson-databind, Active Iq Unified Manager and 33 more 2023-12-10 5.0 MEDIUM 7.5 HIGH
jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.
CVE-2022-22963 2 Oracle, Vmware 28 Banking Branch, Banking Cash Management, Banking Corporate Lending Process Management and 25 more 2023-12-10 7.5 HIGH 9.8 CRITICAL
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.
CVE-2021-45105 5 Apache, Debian, Netapp and 2 more 121 Log4j, Debian Linux, Cloud Manager and 118 more 2023-12-10 4.3 MEDIUM 5.9 MEDIUM
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.
CVE-2021-2471 2 Oracle, Quarkus 6 Communications Cloud Native Core Console, Communications Cloud Native Core Network Slice Selection Function, Communications Cloud Native Core Policy and 3 more 2023-12-10 7.9 HIGH 5.9 MEDIUM
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Connectors accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors. CVSS 3.1 Base Score 5.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H).
CVE-2021-43797 5 Debian, Netapp, Netty and 2 more 18 Debian Linux, Oncommand Workflow Automation, Snapcenter and 15 more 2023-12-10 4.3 MEDIUM 6.5 MEDIUM
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. Netty prior to version 4.1.71.Final skips control chars when they are present at the beginning / end of the header name. It should instead fail fast as these are not allowed by the spec and could lead to HTTP request smuggling. Failing to do the validation might cause netty to "sanitize" header names before it forward these to another remote system when used as proxy. This remote system can't see the invalid usage anymore, and therefore does not do the validation itself. Users should upgrade to version 4.1.71.Final.
CVE-2022-23219 3 Debian, Gnu, Oracle 8 Debian Linux, Glibc, Communications Cloud Native Core Binding Support Function and 5 more 2023-12-10 7.5 HIGH 9.8 CRITICAL
The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.
CVE-2021-37136 5 Debian, Netapp, Netty and 2 more 19 Debian Linux, Oncommand Insight, Netty and 16 more 2023-12-10 5.0 MEDIUM 7.5 HIGH
The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack
CVE-2021-34429 3 Eclipse, Netapp, Oracle 18 Jetty, E-series Santricity Os Controller, E-series Santricity Web Services and 15 more 2023-12-10 5.0 MEDIUM 5.3 MEDIUM
For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc5.
CVE-2020-14340 2 Oracle, Redhat 14 Communications Cloud Native Core Console, Communications Cloud Native Core Network Repository Function, Communications Cloud Native Core Policy and 11 more 2023-12-10 4.3 MEDIUM 5.9 MEDIUM
A vulnerability was discovered in XNIO where file descriptor leak caused by growing amounts of NIO Selector file handles between garbage collection cycles. It may allow the attacker to cause a denial of service. It affects XNIO versions 3.6.0.Beta1 through 3.8.1.Final.
CVE-2021-22118 3 Netapp, Oracle, Vmware 32 Hci, Management Services For Element Software, Commerce Guided Search and 29 more 2023-12-10 4.6 MEDIUM 7.8 HIGH
In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFlux application, or overwrite arbitrary files with multipart request data.
CVE-2021-33880 2 Oracle, Websockets Project 5 Communications Cloud Native Core Policy, Communications Cloud Native Core Security Edge Protection Proxy, Communications Cloud Native Core Service Communication Proxy and 2 more 2023-12-10 2.6 LOW 5.9 MEDIUM
The aaugustin websockets library before 9.1 for Python has an Observable Timing Discrepancy on servers when HTTP Basic Authentication is enabled with basic_auth_protocol_factory(credentials=...). An attacker may be able to guess a password via a timing attack.
CVE-2021-38604 3 Fedoraproject, Gnu, Oracle 8 Fedora, Glibc, Communications Cloud Native Core Binding Support Function and 5 more 2023-12-10 5.0 MEDIUM 7.5 HIGH
In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data, leading to a NULL pointer dereference. NOTE: this vulnerability was introduced as a side effect of the CVE-2021-33574 fix.
CVE-2021-3711 5 Debian, Netapp, Openssl and 2 more 31 Debian Linux, Active Iq Unified Manager, Clustered Data Ontap and 28 more 2023-12-10 7.5 HIGH 9.8 CRITICAL
In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the "out" parameter. A bug in the implementation of the SM2 decryption code means that the calculation of the buffer size required to hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size required by the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is called by the application a second time with a buffer that is too small. A malicious attacker who is able present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behaviour or causing the application to crash. The location of the buffer is application dependent but is typically heap allocated. Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k).