Product:

Communications_cloud_native_core_binding_support_function

(Oracle)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 75
Date Id Summary Products Score Patch Annotated
2021-06-11 CVE-2021-22897 curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single "static" variable in the library, which has the surprising side-effect that if an application sets up multiple concurrent transfers, the last one that sets the ciphers will accidentally control the set used by all transfers. In a worst-case scenario, this... Curl, Cloud_backup, H300e_firmware, H300s_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H700e_firmware, H700s_firmware, Hci_compute_node_firmware, Solidfire\,_enterprise_sds_\&_hci_storage_node, Solidfire_\&_hci_management_node, Solidfire_baseboard_management_controller_firmware, Communications_cloud_native_core_binding_support_function, Communications_cloud_native_core_network_function_cloud_native_environment, Communications_cloud_native_core_network_repository_function, Communications_cloud_native_core_network_slice_selection_function, Communications_cloud_native_core_service_communication_proxy, Essbase, Mysql_server, Sinec_infrastructure_network_services, Universal_forwarder 5.3
2021-06-11 CVE-2021-22898 curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol. Debian_linux, Fedora, Curl, Communications_cloud_native_core_binding_support_function, Communications_cloud_native_core_network_function_cloud_native_environment, Communications_cloud_native_core_network_repository_function, Communications_cloud_native_core_network_slice_selection_function, Communications_cloud_native_core_service_communication_proxy, Essbase, Mysql_server, Sinec_infrastructure_network_services, Universal_forwarder 3.1
2021-06-11 CVE-2021-22901 curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection. A malicious server can use this in rare unfortunate circumstances to potentially reach remote code execution in the client. When libcurl at run-time sets up support for TLS 1.3 session tickets on a connection using OpenSSL, it stores pointers to the transfer in-memory object for later retrieval when a session ticket... Curl, Active_iq_unified_manager, Cloud_backup, H300e_firmware, H300s_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H700e_firmware, H700s_firmware, Hci_compute_node_firmware, Oncommand_insight, Oncommand_workflow_automation, Snapcenter, Solidfire\,_enterprise_sds_\&_hci_storage_node, Solidfire_\&_hci_management_node, Solidfire_baseboard_management_controller_firmware, Communications_cloud_native_core_binding_support_function, Communications_cloud_native_core_network_function_cloud_native_environment, Communications_cloud_native_core_network_repository_function, Communications_cloud_native_core_network_slice_selection_function, Communications_cloud_native_core_service_communication_proxy, Essbase, Mysql_server, Sinec_infrastructure_network_services, Universal_forwarder 8.1
2021-09-29 CVE-2021-22946 A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl). This requirement could be bypassed if the server would return a properly crafted but perfectly legitimate response.This flaw would then make curl silently continue its operations **withoutTLS** contrary to the instructions and expectations, exposing... Macos, Debian_linux, Fedora, Curl, Cloud_backup, Clustered_data_ontap, H300e_firmware, H300s_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H700e_firmware, H700s_firmware, Oncommand_insight, Oncommand_workflow_automation, Snapcenter, Solidfire_baseboard_management_controller_firmware, Commerce_guided_search, Communications_cloud_native_core_binding_support_function, Communications_cloud_native_core_console, Communications_cloud_native_core_network_function_cloud_native_environment, Communications_cloud_native_core_network_repository_function, Communications_cloud_native_core_network_slice_selection_function, Communications_cloud_native_core_security_edge_protection_proxy, Communications_cloud_native_core_service_communication_proxy, Mysql_server, Peoplesoft_enterprise_peopletools, Sinec_infrastructure_network_services, Universal_forwarder 7.5
2021-09-29 CVE-2021-22947 When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. curl would then upgrade to TLS but not flush the in-queue of cached responses but instead continue using and trustingthe responses it got *before* the TLS handshake as if they were authenticated.Using this flaw, it allows a Man-In-The-Middle attacker to first inject the fake... Macos, Debian_linux, Fedora, Curl, Cloud_backup, Clustered_data_ontap, H300e_firmware, H300s_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H700e_firmware, H700s_firmware, Solidfire_baseboard_management_controller_firmware, Commerce_guided_search, Communications_cloud_native_core_binding_support_function, Communications_cloud_native_core_console, Communications_cloud_native_core_network_function_cloud_native_environment, Communications_cloud_native_core_network_repository_function, Communications_cloud_native_core_network_slice_selection_function, Communications_cloud_native_core_security_edge_protection_proxy, Communications_cloud_native_core_service_communication_proxy, Mysql_server, Peoplesoft_enterprise_peopletools, Sinec_infrastructure_network_services, Universal_forwarder 5.9
2021-07-21 CVE-2021-37159 hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel through 5.13.4 calls unregister_netdev without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free. Debian_linux, Linux_kernel, Communications_cloud_native_core_binding_support_function, Communications_cloud_native_core_network_exposure_function, Communications_cloud_native_core_policy 6.4
2021-10-20 CVE-2021-42739 The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandles bounds checking. Debian_linux, Fedora, Linux_kernel, Communications_cloud_native_core_binding_support_function, Communications_cloud_native_core_network_exposure_function, Communications_cloud_native_core_policy, Starwind_san_\&_nas, Starwind_virtual_san 6.7
2021-11-17 CVE-2021-43976 In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic). Debian_linux, Fedora, Linux_kernel, Cloud_backup, H300e_firmware, H300s_firmware, H410c_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H700e_firmware, H700s_firmware, Communications_cloud_native_core_binding_support_function, Communications_cloud_native_core_network_exposure_function, Communications_cloud_native_core_policy 4.6
2021-11-04 CVE-2021-43396 In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, remote attackers can force iconv() to emit a spurious '\0' character via crafted ISO-2022-JP-3 data that is accompanied by an internal state reset. This may affect data integrity in certain iconv() use cases. NOTE: the vendor states "the bug cannot be invoked through user input and requires iconv to be invoked with a NULL inbuf, which ought to require a separate application bug to do so unintentionally. Hence there's no... Glibc, Communications_cloud_native_core_binding_support_function, Communications_cloud_native_core_network_function_cloud_native_environment, Communications_cloud_native_core_network_repository_function, Communications_cloud_native_core_security_edge_protection_proxy, Communications_cloud_native_core_unified_data_repository, Enterprise_operations_monitor 7.5
2021-11-03 CVE-2020-27820 A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could happen if removing device (that is not common to remove video card physically without power-off, but same happens if "unbind" the driver). Fedora, Linux_kernel, Communications_cloud_native_core_binding_support_function, Communications_cloud_native_core_network_exposure_function, Communications_cloud_native_core_policy 4.7