Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Communications_cloud_native_core_policy
(Oracle)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 125 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-01-10 | CVE-2021-22569 | An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be processed out of order. A small malicious payload can occupy the parser for several minutes by creating large numbers of short-lived objects that cause frequent, repeated pauses. We recommend upgrading libraries beyond the vulnerable versions. | Google\-Protobuf, Protobuf\-Java, Protobuf\-Kotlin, Communications_cloud_native_core_console, Communications_cloud_native_core_network_repository_function, Communications_cloud_native_core_policy, Spatial_and_graph_mapviewer | 5.5 | ||
| 2020-09-17 | CVE-2020-0404 | In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-111893654References: Upstream kernel | Android, Communications_cloud_native_core_binding_support_function, Communications_cloud_native_core_network_exposure_function, Communications_cloud_native_core_policy | 5.5 | ||
| 2022-01-10 | CVE-2021-42392 | The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. An attacker may pass a JNDI driver name and a URL leading to a LDAP or RMI servers, causing remote code execution. This can be exploited through various attack vectors, most notably through the H2 Console which leads to unauthenticated remote code execution. | Debian_linux, H2, Communications_cloud_native_core_policy | 9.8 | ||
| 2021-12-25 | CVE-2021-45485 | In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses. | Linux_kernel, Aff_a400_firmware, All_flash_fabric\-Attached_storage_8300_firmware, All_flash_fabric\-Attached_storage_8700_firmware, Brocade_fabric_operating_system_firmware, E\-Series_santricity_os_controller, Fabric\-Attached_storage_8300_firmware, Fabric\-Attached_storage_8700_firmware, Fabric\-Attached_storage_a400_firmware, H300e_firmware, H300s_firmware, H410c_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H610c_firmware, H610s_firmware, H615c_firmware, H700e_firmware, H700s_firmware, Hci_compute_node_firmware, Solidfire\,_enterprise_sds_\&_hci_storage_node, Solidfire_\&_hci_management_node, Communications_cloud_native_core_binding_support_function, Communications_cloud_native_core_network_exposure_function, Communications_cloud_native_core_policy | 7.5 | ||
| 2021-12-09 | CVE-2021-43797 | Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. Netty prior to version 4.1.71.Final skips control chars when they are present at the beginning / end of the header name. It should instead fail fast as these are not allowed by the spec and could lead to HTTP request smuggling. Failing to do the validation might cause netty to "sanitize" header names before it forward these to another remote... | Debian_linux, Oncommand_workflow_automation, Snapcenter, Netty, Banking_deposits_and_lines_of_credit_servicing, Banking_party_management, Banking_platform, Coherence, Communications_cloud_native_core_binding_support_function, Communications_cloud_native_core_network_slice_selection_function, Communications_cloud_native_core_policy, Communications_cloud_native_core_security_edge_protection_proxy, Communications_cloud_native_core_unified_data_repository, Communications_design_studio, Communications_instant_messaging_server, Helidon, Peoplesoft_enterprise_peopletools, Quarkus | 6.5 | ||
| 2021-12-17 | CVE-2021-34141 | An incomplete string comparison in the numpy.core component in NumPy before 1.22.0 allows attackers to trigger slightly incorrect copying by constructing specific string objects. NOTE: the vendor states that this reported code behavior is "completely harmless." | Numpy, Communications_cloud_native_core_policy | 5.3 | ||
| 2021-12-25 | CVE-2021-45486 | In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak because the hash table is very small. | Linux_kernel, Communications_cloud_native_core_binding_support_function, Communications_cloud_native_core_network_exposure_function, Communications_cloud_native_core_policy | 3.5 | ||
| 2022-02-16 | CVE-2021-3773 | A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint information for further use in traditional network attacks. | Fedora, Linux_kernel, Communications_cloud_native_core_binding_support_function, Communications_cloud_native_core_network_exposure_function, Communications_cloud_native_core_policy, Enterprise_linux | 9.8 | ||
| 2022-03-03 | CVE-2021-4002 | A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the memory pages. A local user could use this flaw to get unauthorized access to some data. | Debian_linux, Fedora, Linux_kernel, Communications_cloud_native_core_binding_support_function, Communications_cloud_native_core_network_exposure_function, Communications_cloud_native_core_policy | 4.4 | ||
| 2022-03-02 | CVE-2021-3772 | A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses. | Debian_linux, Linux_kernel, E\-Series_santricity_os_controller, H300s_firmware, H410c_firmware, H410s_firmware, H500s_firmware, H610c_firmware, H610s_firmware, H615c_firmware, H700s_firmware, Hci_compute_node, Solidfire_\&_hci_management_node, Solidfire_\&_hci_storage_node, Communications_cloud_native_core_binding_support_function, Communications_cloud_native_core_network_exposure_function, Communications_cloud_native_core_policy, Enterprise_linux | 6.5 |