2019-10-29
|
CVE-2019-0205
|
In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data. Because the issue had already been partially fixed in version 0.11.0, depending on the installed version it affects only certain language bindings.
|
Thrift, Communications_cloud_native_core_network_slice_selection_function, Jboss_enterprise_application_platform
|
7.5
|
|
|
2019-10-29
|
CVE-2019-0210
|
In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with invalid input data.
|
Thrift, Communications_cloud_native_core_network_slice_selection_function, Jboss_enterprise_application_platform
|
7.5
|
|
|
2020-01-03
|
CVE-2019-20330
|
FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking.
|
Debian_linux, Jackson\-Databind, Active_iq_unified_manager, Oncommand_api_services, Service_level_manager, Snapcenter, Steelstore_cloud_integrated_storage, Banking_platform, Communications_billing_and_revenue_management, Communications_cloud_native_core_network_slice_selection_function, Communications_contacts_server, Communications_evolved_communications_application_server, Communications_instant_messaging_server, Communications_network_charging_and_control, Customer_management_and_segmentation_foundation, Enterprise_manager_base_platform, Global_lifecycle_management_opatch, Goldengate_application_adapters, Goldengate_stream_analytics, Jd_edwards_enterpriseone_orchestrator, Jd_edwards_enterpriseone_tools, Primavera_unifier, Retail_merchandising_system, Retail_sales_audit, Retail_xstore_point_of_service, Siebel_engineering_\-_installer_\&_deployment, Siebel_ui_framework, Trace_file_analyzer, Webcenter_portal, Weblogic_server
|
9.8
|
|
|
2020-12-18
|
CVE-2020-28052
|
An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were different.
|
Karaf, Legion\-Of\-The\-Bouncy\-Castle\-Java\-Crytography\-Api, Banking_corporate_lending_process_management, Banking_credit_facilities_process_management, Banking_extensibility_workbench, Banking_supply_chain_finance, Banking_virtual_account_management, Blockchain_platform, Commerce_guided_search, Communications_application_session_controller, Communications_cloud_native_core_network_slice_selection_function, Communications_convergence, Communications_messaging_server, Communications_pricing_design_center, Communications_session_report_manager, Communications_session_route_manager, Jd_edwards_enterpriseone_tools, Peoplesoft_enterprise_peopletools, Utilities_framework, Webcenter_portal
|
8.1
|
|
|
2021-01-21
|
CVE-2020-8554
|
Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status (which is considered a privileged operation and should not typically be granted to users) of a LoadBalancer service can set the status.loadBalancer.ingress.ip to similar effect.
|
Kubernetes, Communications_cloud_native_core_network_slice_selection_function, Communications_cloud_native_core_policy, Communications_cloud_native_core_service_communication_proxy
|
5.0
|
|
|
2021-02-03
|
CVE-2020-29582
|
In JetBrains Kotlin before 1.4.21, a vulnerable Java API was used for temporary file and folder creation. An attacker was able to read data from such files and list directories due to insecure permissions.
|
Kotlin, Communications_cloud_native_core_network_slice_selection_function, Communications_cloud_native_core_policy, Communications_cloud_native_core_service_communication_proxy
|
5.3
|
|
|
2021-02-12
|
CVE-2020-13949
|
In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service.
|
Hive, Thrift, Communications_cloud_native_core_network_slice_selection_function, Communications_cloud_native_core_policy
|
7.5
|
|
|
2021-06-08
|
CVE-2021-33560
|
Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. This, for example, affects use of ElGamal in OpenPGP.
|
Debian_linux, Fedora, Libgcrypt, Communications_cloud_native_core_binding_support_function, Communications_cloud_native_core_network_function_cloud_native_environment, Communications_cloud_native_core_network_repository_function, Communications_cloud_native_core_network_slice_selection_function, Communications_cloud_native_core_service_communication_proxy
|
7.5
|
|
|
2021-08-23
|
CVE-2021-37750
|
The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field.
|
Debian_linux, Fedora, Kerberos_5, Communications_cloud_native_core_network_slice_selection_function, Starwind_virtual_san
|
6.5
|
|
|
2021-10-19
|
CVE-2021-37136
|
The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack
|
Debian_linux, Oncommand_insight, Netty, Banking_apis, Banking_digital_experience, Coherence, Commerce_guided_search, Communications_brm_\-_elastic_charging_engine, Communications_cloud_native_core_binding_support_function, Communications_cloud_native_core_network_slice_selection_function, Communications_cloud_native_core_policy, Communications_cloud_native_core_security_edge_protection_proxy, Communications_cloud_native_core_unified_data_repository, Communications_diameter_signaling_router, Communications_instant_messaging_server, Helidon, Peoplesoft_enterprise_peopletools, Webcenter_portal, Quarkus
|
7.5
|
|
|