Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Communications_cloud_native_core_network_function_cloud_native_environment
(Oracle)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 42 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-01-19 | CVE-2021-3177 | Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf is used unsafely. | Debian_linux, Fedora, Active_iq_unified_manager, Ontap_select_deploy_administration_utility, Communications_cloud_native_core_network_function_cloud_native_environment, Communications_offline_mediation_controller, Communications_pricing_design_center, Enterprise_manager_ops_center, Zfs_storage_appliance_kit, Python | 9.8 | ||
| 2021-02-07 | CVE-2020-36242 | In the cryptography package before 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow, as demonstrated by the Fernet class. | Cryptography, Fedora, Communications_cloud_native_core_network_function_cloud_native_environment | 9.1 | ||
| 2021-02-09 | CVE-2020-14343 | A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. This flaw allows an attacker to execute arbitrary code on the system by abusing the python/object/new constructor. This flaw is due to an incomplete fix for CVE-2020-1747. | Communications_cloud_native_core_network_function_cloud_native_environment, Pyyaml | 9.8 | ||
| 2021-06-08 | CVE-2021-33560 | Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. This, for example, affects use of ElGamal in OpenPGP. | Debian_linux, Fedora, Libgcrypt, Communications_cloud_native_core_binding_support_function, Communications_cloud_native_core_network_function_cloud_native_environment, Communications_cloud_native_core_network_repository_function, Communications_cloud_native_core_network_slice_selection_function, Communications_cloud_native_core_service_communication_proxy | 7.5 | ||
| 2020-02-07 | CVE-2019-15604 | Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when sending a crafted X.509 certificate | Debian_linux, Node\.js, Leap, Communications_cloud_native_core_network_function_cloud_native_environment, Graalvm, Enterprise_linux, Enterprise_linux_eus, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Software_collections | 7.5 | ||
| 2020-07-27 | CVE-2020-7016 | Kibana versions before 6.8.11 and 7.8.1 contain a denial of service (DoS) flaw in Timelion. An attacker can construct a URL that when viewed by a Kibana user can lead to the Kibana process consuming large amounts of CPU and becoming unresponsive. | Kibana, Communications_billing_and_revenue_management, Communications_cloud_native_core_network_function_cloud_native_environment, Peoplesoft_enterprise_peopletools | 4.8 | ||
| 2022-01-14 | CVE-2022-23219 | The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. | Debian_linux, Glibc, Communications_cloud_native_core_binding_support_function, Communications_cloud_native_core_network_function_cloud_native_environment, Communications_cloud_native_core_network_repository_function, Communications_cloud_native_core_security_edge_protection_proxy, Communications_cloud_native_core_unified_data_repository, Enterprise_operations_monitor | 9.8 | ||
| 2022-02-24 | CVE-2022-24407 | In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement. | Cyrus\-Sasl, Debian_linux, Fedora, Active_iq_unified_manager, Ontap_select_deploy_administration_utility, Communications_cloud_native_core_console, Communications_cloud_native_core_network_function_cloud_native_environment, Communications_cloud_native_core_security_edge_protection_proxy | 8.8 | ||
| 2022-02-26 | CVE-2022-23308 | valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. | Ipados, Iphone_os, Mac_os_x, Macos, Tvos, Watchos, Debian_linux, Fedora, Active_iq_unified_manager, Bootstrap_os, Clustered_data_ontap, Clustered_data_ontap_antivirus_connector, H300e_firmware, H300s_firmware, H410c_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H700e_firmware, H700s_firmware, Manageability_software_development_kit, Ontap_select_deploy_administration_utility, Smi\-S_provider, Snapdrive, Snapmanager, Solidfire\,_enterprise_sds_\&_hci_storage_node, Solidfire_\&_hci_management_node, Communications_cloud_native_core_binding_support_function, Communications_cloud_native_core_network_function_cloud_native_environment, Communications_cloud_native_core_network_repository_function, Communications_cloud_native_core_network_slice_selection_function, Communications_cloud_native_core_unified_data_repository, Mysql_workbench, Zfs_storage_appliance_kit, Libxml2 | 7.5 | ||
| 2019-08-23 | CVE-2019-10746 | mixin-deep is vulnerable to Prototype Pollution in versions before 1.3.2 and version 2.0.0. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using a constructor payload. | Fedora, Mixin\-Deep, Communications_cloud_native_core_network_function_cloud_native_environment | 9.8 |