Communications_cloud_native_core_binding_support_function - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Communications_cloud_native_core_binding_support_function
(Oracle)

Repositories	Unknown: This might be proprietary software.
#Vulnerabilities	75

Date	Id	Summary	Products	Score	Patch	Annotated
2022-03-04	CVE-2022-22946	In spring cloud gateway versions prior to 3.1.1+ , applications that are configured to enable HTTP2 and no key store or trusted certificates are set will be configured to use an insecure TrustManager. This makes the gateway able to connect to remote services with invalid or custom certificates.	Commerce_guided_search, Communications_cloud_native_core_binding_support_function, Communications_cloud_native_core_console, Communications_cloud_native_core_network_repository_function, Communications_cloud_native_core_security_edge_protection_proxy, Spring_cloud_gateway	5.5
2022-03-02	CVE-2021-3772	A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses.	Debian_linux, Linux_kernel, E\-Series_santricity_os_controller, H300s_firmware, H410c_firmware, H410s_firmware, H500s_firmware, H610c_firmware, H610s_firmware, H615c_firmware, H700s_firmware, Hci_compute_node, Solidfire_\&_hci_management_node, Solidfire_\&_hci_storage_node, Communications_cloud_native_core_binding_support_function, Communications_cloud_native_core_network_exposure_function, Communications_cloud_native_core_policy, Enterprise_linux	6.5
2022-03-04	CVE-2021-3744	A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption). This vulnerability is similar with the older CVE-2019-18808.	Debian_linux, Fedora, Linux_kernel, Communications_cloud_native_core_binding_support_function, Communications_cloud_native_core_network_exposure_function, Communications_cloud_native_core_policy, Build_of_quarkus, Codeready_linux_builder, Codeready_linux_builder_eus, Codeready_linux_builder_for_power_little_endian, Codeready_linux_builder_for_power_little_endian_eus, Developer_tools, Enterprise_linux_eus, Enterprise_linux_for_ibm_z_systems_eus, Enterprise_linux_for_power_little_endian_eus, Enterprise_linux_for_real_time, Enterprise_linux_for_real_time_for_nfv, Enterprise_linux_for_real_time_for_nfv_tus, Enterprise_linux_server_eus, Enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions, Enterprise_linux_server_tus, Enterprise_linux_server_update_services_for_sap_solutions, Virtualization_host	5.5
2022-04-01	CVE-2022-22965	A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.	Cx_cloud_agent, Commerce_platform, Communications_cloud_native_core_automated_test_suite, Communications_cloud_native_core_binding_support_function, Communications_cloud_native_core_console, Communications_cloud_native_core_network_exposure_function, Communications_cloud_native_core_network_function_cloud_native_environment, Communications_cloud_native_core_network_repository_function, Communications_cloud_native_core_network_slice_selection_function, Communications_cloud_native_core_policy, Communications_cloud_native_core_security_edge_protection_proxy, Communications_cloud_native_core_unified_data_repository, Communications_policy_management, Communications_unified_inventory_management, Financial_services_analytical_applications_infrastructure, Financial_services_behavior_detection_platform, Financial_services_enterprise_case_management, Mysql_enterprise_monitor, Product_lifecycle_analytics, Retail_bulk_data_integration, Retail_customer_management_and_segmentation_foundation, Retail_financial_integration, Retail_integration_bus, Retail_merchandising_system, Retail_xstore_point_of_service, Sd\-Wan_edge, Weblogic_server, Operation_scheduler, Simatic_speech_assistant_for_machines, Sinec_network_management_system, Sipass_integrated, Siveillance_identity, Access_appliance, Flex_appliance, Netbackup_appliance, Netbackup_flex_scale_appliance, Netbackup_virtual_appliance, Spring_framework	9.8
2021-08-18	CVE-2021-21781	An information disclosure vulnerability exists in the ARM SIGPAGE functionality of Linux Kernel v5.4.66 and v5.4.54. The latest version (5.11-rc4) seems to still be vulnerable. A userland application can read the contents of the sigpage, which can leak kernel memory contents. An attacker can read a process’s memory at a specific offset to trigger this vulnerability. This was fixed in kernel releases: 4.14.222 4.19.177 5.4.99 5.10.17 5.11	Linux_kernel, Communications_cloud_native_core_binding_support_function, Communications_cloud_native_core_network_exposure_function, Communications_cloud_native_core_policy	3.3
2022-01-31	CVE-2022-0286	A flaw was found in the Linux kernel. A null pointer dereference in bond_ipsec_add_sa() may lead to local denial of service.	Linux_kernel, Communications_cloud_native_core_binding_support_function, Communications_cloud_native_core_network_exposure_function, Communications_cloud_native_core_policy	5.5
2022-03-25	CVE-2022-0322	A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more buffer than is allocated triggers a BUG_ON issue, leading to a denial of service (DOS).	Fedora, Linux_kernel, Communications_cloud_native_core_binding_support_function, Communications_cloud_native_core_network_exposure_function, Communications_cloud_native_core_policy	5.5
2023-01-18	CVE-2023-21824	Vulnerability in the Oracle Communications BRM - Elastic Charging Engine product of Oracle Communications Applications (component: Customer, Config, Pricing Manager). Supported versions that are affected are 12.0.0.3.0-12.0.0.7.0. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Communications BRM - Elastic Charging Engine executes to compromise Oracle Communications BRM - Elastic Charging Engine. Successful attacks of this...	Communications_billing_and_revenue_management_elastic_charging_engine, Communications_cloud_native_core_binding_support_function, Communications_cloud_native_core_policy	4.4
2022-03-11	CVE-2020-36518	jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.	Debian_linux, Jackson\-Databind, Active_iq_unified_manager, Cloud_insights_acquisition_unit, Oncommand_insight, Oncommand_workflow_automation, Snap_creator_framework, Big_data_spatial_and_graph, Coherence, Commerce_platform, Communications_billing_and_revenue_management, Communications_cloud_native_core_binding_support_function, Communications_cloud_native_core_console, Communications_cloud_native_core_network_repository_function, Communications_cloud_native_core_network_slice_selection_function, Communications_cloud_native_core_security_edge_protection_proxy, Communications_cloud_native_core_service_communication_proxy, Communications_cloud_native_core_unified_data_repository, Financial_services_analytical_applications_infrastructure, Financial_services_behavior_detection_platform, Financial_services_crime_and_compliance_management_studio, Financial_services_enterprise_case_management, Financial_services_trade\-Based_anti_money_laundering, Global_lifecycle_management_nextgen_oui_framework, Global_lifecycle_management_opatch, Graph_server_and_client, Health_sciences_empirica_signal, Peoplesoft_enterprise_peopletools, Primavera_gateway, Primavera_p6_enterprise_project_portfolio_management, Primavera_unifier, Retail_sales_audit, Sd\-Wan_edge, Spatial_studio, Utilities_framework, Weblogic_server	7.5
2022-01-14	CVE-2022-23219	The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.	Debian_linux, Glibc, Communications_cloud_native_core_binding_support_function, Communications_cloud_native_core_network_function_cloud_native_environment, Communications_cloud_native_core_network_repository_function, Communications_cloud_native_core_security_edge_protection_proxy, Communications_cloud_native_core_unified_data_repository, Enterprise_operations_monitor	9.8