Communications_cloud_native_core_network_slice_selection_function - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Communications_cloud_native_core_network_slice_selection_function
(Oracle)

Repositories	Unknown: This might be proprietary software.
#Vulnerabilities	30

Date	Id	Summary	Products	Score	Patch	Annotated
2019-10-29	CVE-2019-0205	In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data. Because the issue had already been partially fixed in version 0.11.0, depending on the installed version it affects only certain language bindings.	Thrift, Communications_cloud_native_core_network_slice_selection_function, Jboss_enterprise_application_platform	7.5
2019-10-29	CVE-2019-0210	In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with invalid input data.	Thrift, Communications_cloud_native_core_network_slice_selection_function, Jboss_enterprise_application_platform	7.5
2020-01-03	CVE-2019-20330	FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking.	Debian_linux, Jackson\-Databind, Active_iq_unified_manager, Oncommand_api_services, Service_level_manager, Snapcenter, Steelstore_cloud_integrated_storage, Banking_platform, Communications_billing_and_revenue_management, Communications_cloud_native_core_network_slice_selection_function, Communications_contacts_server, Communications_evolved_communications_application_server, Communications_instant_messaging_server, Communications_network_charging_and_control, Customer_management_and_segmentation_foundation, Enterprise_manager_base_platform, Global_lifecycle_management_opatch, Goldengate_application_adapters, Goldengate_stream_analytics, Jd_edwards_enterpriseone_orchestrator, Jd_edwards_enterpriseone_tools, Primavera_unifier, Retail_merchandising_system, Retail_sales_audit, Retail_xstore_point_of_service, Siebel_engineering_\-_installer_\&_deployment, Siebel_ui_framework, Trace_file_analyzer, Webcenter_portal, Weblogic_server	9.8
2020-12-18	CVE-2020-28052	An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were different.	Karaf, Legion\-Of\-The\-Bouncy\-Castle\-Java\-Crytography\-Api, Banking_corporate_lending_process_management, Banking_credit_facilities_process_management, Banking_extensibility_workbench, Banking_supply_chain_finance, Banking_virtual_account_management, Blockchain_platform, Commerce_guided_search, Communications_application_session_controller, Communications_cloud_native_core_network_slice_selection_function, Communications_convergence, Communications_messaging_server, Communications_pricing_design_center, Communications_session_report_manager, Communications_session_route_manager, Jd_edwards_enterpriseone_tools, Peoplesoft_enterprise_peopletools, Utilities_framework, Webcenter_portal	8.1
2021-01-21	CVE-2020-8554	Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status (which is considered a privileged operation and should not typically be granted to users) of a LoadBalancer service can set the status.loadBalancer.ingress.ip to similar effect.	Kubernetes, Communications_cloud_native_core_network_slice_selection_function, Communications_cloud_native_core_policy, Communications_cloud_native_core_service_communication_proxy	5.0
2021-02-03	CVE-2020-29582	In JetBrains Kotlin before 1.4.21, a vulnerable Java API was used for temporary file and folder creation. An attacker was able to read data from such files and list directories due to insecure permissions.	Kotlin, Communications_cloud_native_core_network_slice_selection_function, Communications_cloud_native_core_policy, Communications_cloud_native_core_service_communication_proxy	5.3
2021-02-12	CVE-2020-13949	In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service.	Hive, Thrift, Communications_cloud_native_core_network_slice_selection_function, Communications_cloud_native_core_policy	7.5
2021-06-08	CVE-2021-33560	Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. This, for example, affects use of ElGamal in OpenPGP.	Debian_linux, Fedora, Libgcrypt, Communications_cloud_native_core_binding_support_function, Communications_cloud_native_core_network_function_cloud_native_environment, Communications_cloud_native_core_network_repository_function, Communications_cloud_native_core_network_slice_selection_function, Communications_cloud_native_core_service_communication_proxy	7.5
2021-08-23	CVE-2021-37750	The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field.	Debian_linux, Fedora, Kerberos_5, Communications_cloud_native_core_network_slice_selection_function, Starwind_virtual_san	6.5
2021-10-19	CVE-2021-37136	The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack	Debian_linux, Oncommand_insight, Netty, Banking_apis, Banking_digital_experience, Coherence, Commerce_guided_search, Communications_brm_\-_elastic_charging_engine, Communications_cloud_native_core_binding_support_function, Communications_cloud_native_core_network_slice_selection_function, Communications_cloud_native_core_policy, Communications_cloud_native_core_security_edge_protection_proxy, Communications_cloud_native_core_unified_data_repository, Communications_diameter_signaling_router, Communications_instant_messaging_server, Helidon, Peoplesoft_enterprise_peopletools, Webcenter_portal, Quarkus	7.5