Communications_cloud_native_core_policy - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Communications_cloud_native_core_policy
(Oracle)

Repositories	Unknown: This might be proprietary software.
#Vulnerabilities	125

Date	Id	Summary	Products	Score	Patch	Annotated
2021-05-27	CVE-2021-22118	In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFlux application, or overwrite arbitrary files with multipart request data.	Hci, Management_services_for_element_software, Commerce_guided_search, Communications_brm_\-_elastic_charging_engine, Communications_cloud_native_core_binding_support_function, Communications_cloud_native_core_policy, Communications_cloud_native_core_security_edge_protection_proxy, Communications_cloud_native_core_service_communication_proxy, Communications_cloud_native_core_unified_data_repository, Communications_diameter_intelligence_hub, Communications_element_manager, Communications_interactive_session_recorder, Communications_network_integrity, Communications_session_report_manager, Communications_session_route_manager, Communications_unified_inventory_management, Documaker, Enterprise_data_quality, Financial_services_analytical_applications_infrastructure, Healthcare_data_repository, Insurance_policy_administration, Insurance_rules_palette, Mysql_enterprise_monitor, Retail_assortment_planning, Retail_customer_management_and_segmentation_foundation, Retail_financial_integration, Retail_integration_bus, Retail_merchandising_system, Retail_order_broker, Retail_predictive_application_server, Utilities_testing_accelerator, Spring_framework	7.8
2021-12-18	CVE-2021-45105	Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.	Log4j, Debian_linux, Cloud_manager, Agile_engineering_data_management, Agile_plm, Agile_plm_mcad_connector, Autovue_for_agile_product_lifecycle_management, Banking_deposits_and_lines_of_credit_servicing, Banking_enterprise_default_management, Banking_loans_servicing, Banking_party_management, Banking_payments, Banking_platform, Banking_trade_finance, Banking_treasury_management, Business_intelligence, Communications_asap, Communications_billing_and_revenue_management, Communications_cloud_native_core_console, Communications_cloud_native_core_network_function_cloud_native_environment, Communications_cloud_native_core_network_repository_function, Communications_cloud_native_core_network_slice_selection_function, Communications_cloud_native_core_policy, Communications_cloud_native_core_security_edge_protection_proxy, Communications_cloud_native_core_service_communication_proxy, Communications_cloud_native_core_unified_data_repository, Communications_convergence, Communications_convergent_charging_controller, Communications_diameter_signaling_router, Communications_eagle_element_management_system, Communications_eagle_ftp_table_base_retrieval, Communications_element_manager, Communications_evolved_communications_application_server, Communications_interactive_session_recorder, Communications_ip_service_activator, Communications_messaging_server, Communications_network_charging_and_control, Communications_network_integrity, Communications_performance_intelligence_center, Communications_pricing_design_center, Communications_service_broker, Communications_services_gatekeeper, Communications_session_report_manager, Communications_session_route_manager, Communications_unified_inventory_management, Communications_user_data_repository, Communications_webrtc_session_controller, Data_integrator, E\-Business_suite, Enterprise_manager_base_platform, Enterprise_manager_for_peoplesoft, Enterprise_manager_ops_center, Financial_services_analytical_applications_infrastructure, Financial_services_model_management_and_governance, Flexcube_universal_banking, Health_sciences_empirica_signal, Health_sciences_inform, Health_sciences_information_manager, Healthcare_data_repository, Healthcare_foundation, Healthcare_master_person_index, Healthcare_translational_research, Hospitality_suite8, Hospitality_token_proxy_service, Hyperion_bi\+, Hyperion_data_relationship_management, Hyperion_infrastructure_technology, Hyperion_planning, Hyperion_profitability_and_cost_management, Hyperion_tax_provision, Identity_management_suite, Identity_manager_connector, Instantis_enterprisetrack, Insurance_data_gateway, Insurance_insbridge_rating_and_underwriting, Jdeveloper, Managed_file_transfer, Management_cloud_engine, Mysql_enterprise_monitor, Payment_interface, Peoplesoft_enterprise_peopletools, Primavera_gateway, Primavera_p6_enterprise_project_portfolio_management, Primavera_unifier, Retail_back_office, Retail_central_office, Retail_customer_insights, Retail_data_extractor_for_merchandising, Retail_eftlink, Retail_financial_integration, Retail_integration_bus, Retail_invoice_matching, Retail_merchandising_system, Retail_order_broker, Retail_order_management_system, Retail_point\-Of\-Service, Retail_predictive_application_server, Retail_price_management, Retail_returns_management, Retail_service_backbone, Retail_store_inventory_management, Siebel_ui_framework, Sql_developer, Taleo_platform, Utilities_framework, Webcenter_portal, Webcenter_sites, Weblogic_server, 6bk1602\-0aa12\-0tp0_firmware, 6bk1602\-0aa22\-0tp0_firmware, 6bk1602\-0aa32\-0tp0_firmware, 6bk1602\-0aa42\-0tp0_firmware, 6bk1602\-0aa52\-0tp0_firmware, Email_security, Network_security_manager, Web_application_firewall	5.9
2021-11-10	CVE-2021-3572	A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip version 21.1.	Agile_plm, Communications_cloud_native_core_network_function_cloud_native_environment, Communications_cloud_native_core_policy, Pip	5.7
2021-02-15	CVE-2020-28500	Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions.	Lodash, Banking_corporate_lending_process_management, Banking_credit_facilities_process_management, Banking_extensibility_workbench, Banking_supply_chain_finance, Banking_trade_finance_process_management, Communications_cloud_native_core_policy, Communications_design_studio, Communications_services_gatekeeper, Communications_session_border_controller, Enterprise_communications_broker, Financial_services_crime_and_compliance_management_studio, Health_sciences_data_management_workbench, Jd_edwards_enterpriseone_tools, Peoplesoft_enterprise_peopletools, Primavera_gateway, Primavera_unifier, Retail_customer_management_and_segmentation_foundation, Sinec_ins	5.3
2021-02-15	CVE-2021-23337	Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.	Lodash, Active_iq_unified_manager, Cloud_manager, System_manager, Banking_corporate_lending_process_management, Banking_credit_facilities_process_management, Banking_extensibility_workbench, Banking_supply_chain_finance, Banking_trade_finance_process_management, Communications_cloud_native_core_binding_support_function, Communications_cloud_native_core_policy, Communications_design_studio, Communications_services_gatekeeper, Communications_session_border_controller, Enterprise_communications_broker, Financial_services_crime_and_compliance_management_studio, Health_sciences_data_management_workbench, Jd_edwards_enterpriseone_tools, Peoplesoft_enterprise_peopletools, Primavera_gateway, Primavera_unifier, Retail_customer_management_and_segmentation_foundation, Sinec_ins	7.2
2020-12-17	CVE-2020-35490	FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.	Debian_linux, Jackson\-Databind, Service_level_manager, Agile_plm, Application_testing_suite, Autovue_for_agile_product_lifecycle_management, Banking_platform, Banking_treasury_management, Banking_virtual_account_management, Blockchain_platform, Communications_cloud_native_core_policy, Communications_cloud_native_core_unified_data_repository, Communications_diameter_signaling_router, Communications_evolved_communications_application_server, Communications_instant_messaging_server, Communications_interactive_session_recorder, Communications_offline_mediation_controller, Communications_pricing_design_center, Communications_services_gatekeeper, Communications_unified_inventory_management, Documaker, Insurance_policy_administration_j2ee, Retail_merchandising_system, Retail_xstore_point_of_service, Webcenter_portal	8.1
2020-12-17	CVE-2020-35491	FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.	Debian_linux, Jackson\-Databind, Service_level_manager, Agile_plm, Application_testing_suite, Autovue_for_agile_product_lifecycle_management, Banking_platform, Banking_treasury_management, Banking_virtual_account_management, Blockchain_platform, Communications_cloud_native_core_policy, Communications_cloud_native_core_unified_data_repository, Communications_diameter_signaling_route, Communications_evolved_communications_application_server, Communications_instant_messaging_server, Communications_offline_mediation_controller, Communications_pricing_design_center, Communications_services_gatekeeper, Communications_unified_inventory_management, Documaker, Insurance_policy_administration_j2ee, Retail_customer_management_and_segmentation_foundation, Retail_merchandising_system, Retail_xstore_point_of_service, Sd\-Wan_edge, Webcenter_portal	8.1
2022-03-11	CVE-2022-0002	Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.	Atom_c3308, Atom_c3336, Atom_c3338, Atom_c3338r, Atom_c3436l, Atom_c3508, Atom_c3538, Atom_c3558, Atom_c3558r, Atom_c3558rc, Atom_c3708, Atom_c3750, Atom_c3758, Atom_c3758r, Atom_c3808, Atom_c3830, Atom_c3850, Atom_c3858, Atom_c3950, Atom_c3955, Atom_c3958, Atom_p5921b, Atom_p5931b, Atom_p5942b, Atom_p5962b, Atom_x5\-A3930, Atom_x5\-A3940, Atom_x5\-A3950, Atom_x5\-A3960, Atom_x5\-E3930, Atom_x5\-E3940, Atom_x5\-Z8300, Atom_x5\-Z8330, Atom_x5\-Z8350, Atom_x5\-Z8500, Atom_x5\-Z8550, Atom_x6200fe, Atom_x6211e, Atom_x6212re, Atom_x6413e, Atom_x6425e, Atom_x6425re, Atom_x6427fe, Atom_x7\-E3950, Atom_x7\-Z8700, Atom_x7\-Z8750, Celeron_5305u, Celeron_6305, Celeron_6305e, Celeron_6600he, Celeron_g5205u, Celeron_g5305u, Celeron_g5900, Celeron_g5900t, Celeron_g5905, Celeron_g5905t, Celeron_g5920, Celeron_g5925, Celeron_g6900, Celeron_g6900t, Celeron_j3355, Celeron_j3355e, Celeron_j3455, Celeron_j3455e, Celeron_j4005, Celeron_j4025, Celeron_j4105, Celeron_j4125, Celeron_j6413, Celeron_n3350, Celeron_n3350e, Celeron_n3450, Celeron_n4000, Celeron_n4020, Celeron_n4100, Celeron_n4120, Celeron_n4500, Celeron_n4504, Celeron_n5100, Celeron_n5105, Celeron_n6211, Core_i3\-1000g1, Core_i3\-1000g4, Core_i3\-1005g1, Core_i3\-10100, Core_i3\-10100f, Core_i3\-10100t, Core_i3\-10100te, Core_i3\-10105, Core_i3\-10105f, Core_i3\-10105t, Core_i3\-10110u, Core_i3\-10300, Core_i3\-10300t, Core_i3\-10305, Core_i3\-10305t, Core_i3\-10320, Core_i3\-10325, Core_i3\-11100he, Core_i3\-1110g4, Core_i3\-1115g4, Core_i3\-1115g4e, Core_i3\-1115gre, Core_i3\-1120g4, Core_i3\-1125g4, Core_i3\-12100, Core_i3\-12100f, Core_i3\-12100t, Core_i3\-1220p, Core_i3\-12300, Core_i3\-12300t, Core_i3\-L13g4, Core_i5\-10110y, Core_i5\-10200h, Core_i5\-10210u, Core_i5\-10210y, Core_i5\-10300h, Core_i5\-1030g4, Core_i5\-1030g7, Core_i5\-10310y, Core_i5\-1035g1, Core_i5\-1035g4, Core_i5\-1035g7, Core_i5\-10400, Core_i5\-10400f, Core_i5\-10400h, Core_i5\-10400t, Core_i5\-10500, Core_i5\-10500t, Core_i5\-10500te, Core_i5\-10505, Core_i5\-10600, Core_i5\-10600k, Core_i5\-10600kf, Core_i5\-10600t, Core_i5\-11260h, Core_i5\-11300h, Core_i5\-1130g7, Core_i5\-11320h, Core_i5\-1135g7, Core_i5\-11400, Core_i5\-11400f, Core_i5\-11400h, Core_i5\-11400t, Core_i5\-1140g7, Core_i5\-1145g7, Core_i5\-1145g7e, Core_i5\-1145gre, Core_i5\-11500, Core_i5\-11500h, Core_i5\-11500t, Core_i5\-1155g7, Core_i5\-11600, Core_i5\-11600k, Core_i5\-11600kf, Core_i5\-11600t, Core_i5\-12400, Core_i5\-12400f, Core_i5\-12400t, Core_i5\-1240p, Core_i5\-12450h, Core_i5\-12500, Core_i5\-12500h, Core_i5\-12500t, Core_i5\-1250p, Core_i5\-12600, Core_i5\-12600h, Core_i5\-12600k, Core_i5\-12600kf, Core_i5\-12600t, Core_i5\-8200y, Core_i5\-8210y, Core_i5\-8265u, Core_i5\-8310y, Core_i5\-8365u, Core_i5\-9300h, Core_i5\-9400, Core_i5\-9400f, Core_i5\-9400h, Core_i5\-9600k, Core_i5\-9600kf, Core_i5\-L16g7, Core_i7\-10510u, Core_i7\-10510y, Core_i7\-1060g7, Core_i7\-10610u, Core_i7\-1065g7, Core_i7\-10700, Core_i7\-10700e, Core_i7\-10700f, Core_i7\-10700k, Core_i7\-10700kf, Core_i7\-10700t, Core_i7\-10700te, Core_i7\-10710u, Core_i7\-10750h, Core_i7\-10810u, Core_i7\-10850h, Core_i7\-10870h, Core_i7\-10875h, Core_i7\-11370h, Core_i7\-11375h, Core_i7\-11390h, Core_i7\-1160g7, Core_i7\-1165g7, Core_i7\-11700, Core_i7\-11700f, Core_i7\-11700k, Core_i7\-11700kf, Core_i7\-11700t, Core_i7\-11800h, Core_i7\-1180g7, Core_i7\-11850h, Core_i7\-11850he, Core_i7\-1185g7, Core_i7\-1185g7e, Core_i7\-1185gre, Core_i7\-1195g7, Core_i7\-1260p, Core_i7\-12650h, Core_i7\-12700, Core_i7\-12700f, Core_i7\-12700h, Core_i7\-12700k, Core_i7\-12700kf, Core_i7\-12700t, Core_i7\-1270p, Core_i7\-12800h, Core_i7\-1280p, Core_i7\-7640x, Core_i7\-7740x, Core_i7\-7800x, Core_i7\-7820x, Core_i7\-8500y, Core_i7\-8565u, Core_i7\-8665u, Core_i7\-9700k, Core_i7\-9700kf, Core_i7\-9750hf, Core_i7\-9850h, Core_i9\-10850h, Core_i9\-10850k, Core_i9\-10885h, Core_i9\-10900, Core_i9\-10900e, Core_i9\-10900f, Core_i9\-10900k, Core_i9\-10900kf, Core_i9\-10900t, Core_i9\-10900te, Core_i9\-10900x, Core_i9\-10920x, Core_i9\-10940x, Core_i9\-10980hk, Core_i9\-11900, Core_i9\-11900f, Core_i9\-11900h, Core_i9\-11900k, Core_i9\-11900kf, Core_i9\-11900t, Core_i9\-11950h, Core_i9\-11980hk, Core_i9\-12900, Core_i9\-12900f, Core_i9\-12900h, Core_i9\-12900hk, Core_i9\-12900k, Core_i9\-12900kf, Core_i9\-12900t, Core_i9\-7900x, Core_i9\-7920x, Core_i9\-7940x, Core_i9\-7960x, Core_i9\-9800x, Core_i9\-9820x, Core_i9\-9880h, Core_i9\-9900k, Core_i9\-9900kf, Core_i9\-9900x, Core_i9\-9920x, Core_i9\-9940x, Core_i9\-9960x, Core_i9\-9980hk, Core_m3\-8100y, Pentium_gold_7505, Pentium_gold_g6400, Pentium_gold_g6400t, Pentium_gold_g6405, Pentium_gold_g6405t, Pentium_gold_g6405u, Pentium_gold_g6500, Pentium_gold_g6500t, Pentium_gold_g6505, Pentium_gold_g6505t, Pentium_gold_g6600, Pentium_gold_g6605, Pentium_gold_g7400, Pentium_gold_g7400t, Pentium_j4205, Pentium_j6425, Pentium_n4200, Pentium_n4200e, Pentium_n6415, Pentium_silver_j5005, Pentium_silver_j5040, Pentium_silver_n5000, Pentium_silver_n5030, Pentium_silver_n6000, Pentium_silver_n6005, Puma_7, Xeon_bronze_3204, Xeon_bronze_3206r, Xeon_d1700, Xeon_d2700, Xeon_e\-2278g, Xeon_e\-2278ge, Xeon_e\-2278gel, Xeon_e\-2286m, Xeon_e\-2288g, Xeon_e\-2314, Xeon_e\-2324g, Xeon_e\-2334, Xeon_e\-2336, Xeon_e\-2356g, Xeon_e\-2374g, Xeon_e\-2378, Xeon_e\-2378g, Xeon_e\-2386g, Xeon_e\-2388g, Xeon_gold_5215, Xeon_gold_5215l, Xeon_gold_5217, Xeon_gold_5218, Xeon_gold_5218b, Xeon_gold_5218n, Xeon_gold_5218r, Xeon_gold_5218t, Xeon_gold_5220, Xeon_gold_5220r, Xeon_gold_5220s, Xeon_gold_5220t, Xeon_gold_5222, Xeon_gold_5315y, Xeon_gold_5317, Xeon_gold_5318h, Xeon_gold_5318n, Xeon_gold_5318s, Xeon_gold_5318y, Xeon_gold_5320, Xeon_gold_5320h, Xeon_gold_5320t, Xeon_gold_6208u, Xeon_gold_6209u, Xeon_gold_6210u, Xeon_gold_6212u, Xeon_gold_6222v, Xeon_gold_6226, Xeon_gold_6226r, Xeon_gold_6230, Xeon_gold_6230n, Xeon_gold_6230r, Xeon_gold_6230t, Xeon_gold_6234, Xeon_gold_6238, Xeon_gold_6238l, Xeon_gold_6238r, Xeon_gold_6238t, Xeon_gold_6240, Xeon_gold_6240l, Xeon_gold_6240r, Xeon_gold_6240y, Xeon_gold_6242, Xeon_gold_6242r, Xeon_gold_6244, Xeon_gold_6246, Xeon_gold_6246r, Xeon_gold_6248, Xeon_gold_6248r, Xeon_gold_6250, Xeon_gold_6250l, Xeon_gold_6252, Xeon_gold_6252n, Xeon_gold_6254, Xeon_gold_6256, Xeon_gold_6258r, Xeon_gold_6262v, Xeon_gold_6312u, Xeon_gold_6314u, Xeon_gold_6326, Xeon_gold_6328h, Xeon_gold_6328hl, Xeon_gold_6330, Xeon_gold_6330h, Xeon_gold_6330n, Xeon_gold_6334, Xeon_gold_6336y, Xeon_gold_6338, Xeon_gold_6338n, Xeon_gold_6338t, Xeon_gold_6342, Xeon_gold_6346, Xeon_gold_6348, Xeon_gold_6348h, Xeon_gold_6354, Xeon_platinum_8253, Xeon_platinum_8256, Xeon_platinum_8260, Xeon_platinum_8260l, Xeon_platinum_8260y, Xeon_platinum_8268, Xeon_platinum_8270, Xeon_platinum_8276, Xeon_platinum_8276l, Xeon_platinum_8280, Xeon_platinum_8280l, Xeon_platinum_8351n, Xeon_platinum_8352m, Xeon_platinum_8352s, Xeon_platinum_8352v, Xeon_platinum_8352y, Xeon_platinum_8353h, Xeon_platinum_8354h, Xeon_platinum_8356h, Xeon_platinum_8358, Xeon_platinum_8358p, Xeon_platinum_8360h, Xeon_platinum_8360hl, Xeon_platinum_8360y, Xeon_platinum_8362, Xeon_platinum_8368, Xeon_platinum_8368q, Xeon_platinum_8376h, Xeon_platinum_8376hl, Xeon_platinum_8380, Xeon_platinum_8380h, Xeon_platinum_8380hl, Xeon_platinum_9221, Xeon_platinum_9222, Xeon_platinum_9242, Xeon_platinum_9282, Xeon_silver_4208, Xeon_silver_4209t, Xeon_silver_4210, Xeon_silver_4210r, Xeon_silver_4210t, Xeon_silver_4214, Xeon_silver_4214r, Xeon_silver_4214y, Xeon_silver_4215, Xeon_silver_4215r, Xeon_silver_4216, Xeon_silver_4309y, Xeon_silver_4310, Xeon_silver_4310t, Xeon_silver_4314, Xeon_silver_4316, Xeon_w\-10855, Xeon_w\-10855m, Xeon_w\-10885m, Xeon_w\-11155mle, Xeon_w\-11155mre, Xeon_w\-11555mle, Xeon_w\-11555mre, Xeon_w\-11855m, Xeon_w\-11865mld, Xeon_w\-11865mre, Xeon_w\-11955m, Xeon_w\-1250, Xeon_w\-1250p, Xeon_w\-1270, Xeon_w\-1270p, Xeon_w\-1290, Xeon_w\-1290e, Xeon_w\-1290p, Xeon_w\-1290t, Xeon_w\-1290te, Xeon_w\-1300, Xeon_w\-1350, Xeon_w\-1350p, Xeon_w\-1370, Xeon_w\-1370p, Xeon_w\-1390, Xeon_w\-1390p, Xeon_w\-1390t, Xeon_w\-2223, Xeon_w\-2225, Xeon_w\-2235, Xeon_w\-2245, Xeon_w\-2255, Xeon_w\-2265, Xeon_w\-2275, Xeon_w\-2295, Xeon_w\-3223, Xeon_w\-3225, Xeon_w\-3235, Xeon_w\-3245, Xeon_w\-3245m, Xeon_w\-3265, Xeon_w\-3265m, Xeon_w\-3275, Xeon_w\-3275m, Communications_cloud_native_core_binding_support_function, Communications_cloud_native_core_network_exposure_function, Communications_cloud_native_core_policy	6.5
2021-05-18	CVE-2021-3200	Buffer overflow vulnerability in libsolv 2020-12-13 via the Solver * testcase_read(Pool pool, FILE fp, const char testcase, Queue job, char *resultp, int resultflagsp function at src/testcase.c: line 2334, which could cause a denial of service	Libsolv, Communications_cloud_native_core_policy	3.3
2021-06-02	CVE-2020-14340	A vulnerability was discovered in XNIO where file descriptor leak caused by growing amounts of NIO Selector file handles between garbage collection cycles. It may allow the attacker to cause a denial of service. It affects XNIO versions 3.6.0.Beta1 through 3.8.1.Final.	Communications_cloud_native_core_console, Communications_cloud_native_core_network_repository_function, Communications_cloud_native_core_policy, Communications_cloud_native_core_security_edge_protection_proxy, Communications_cloud_native_core_service_communication_proxy, Communications_cloud_native_core_unified_data_repository, Jboss_brms, Jboss_data_grid, Jboss_data_virtualization, Jboss_enterprise_application_platform, Jboss_fuse, Jboss_operations_network, Jboss_soa_platform, Xnio	5.9