Filtered by vendor Oracle
Subscribe
Filtered by product Communications Cloud Native Core Policy
Subscribe
Total
123 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-0404 | 2 Google, Oracle | 4 Android, Communications Cloud Native Core Binding Support Function, Communications Cloud Native Core Network Exposure Function and 1 more | 2023-02-28 | 4.9 MEDIUM | 5.5 MEDIUM |
| In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-111893654References: Upstream kernel | |||||
| CVE-2021-42392 | 3 Debian, H2database, Oracle | 3 Debian Linux, H2, Communications Cloud Native Core Policy | 2023-02-24 | 10.0 HIGH | 9.8 CRITICAL |
| The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. An attacker may pass a JNDI driver name and a URL leading to a LDAP or RMI servers, causing remote code execution. This can be exploited through various attack vectors, most notably through the H2 Console which leads to unauthenticated remote code execution. | |||||
| CVE-2021-37136 | 5 Debian, Netapp, Netty and 2 more | 19 Debian Linux, Oncommand Insight, Netty and 16 more | 2023-02-24 | 5.0 MEDIUM | 7.5 HIGH |
| The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack | |||||
| CVE-2021-43797 | 5 Debian, Netapp, Netty and 2 more | 18 Debian Linux, Oncommand Workflow Automation, Snapcenter and 15 more | 2023-02-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. Netty prior to version 4.1.71.Final skips control chars when they are present at the beginning / end of the header name. It should instead fail fast as these are not allowed by the spec and could lead to HTTP request smuggling. Failing to do the validation might cause netty to "sanitize" header names before it forward these to another remote system when used as proxy. This remote system can't see the invalid usage anymore, and therefore does not do the validation itself. Users should upgrade to version 4.1.71.Final. | |||||
| CVE-2021-34141 | 2 Numpy, Oracle | 2 Numpy, Communications Cloud Native Core Policy | 2023-02-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| An incomplete string comparison in the numpy.core component in NumPy before 1.22.0 allows attackers to trigger slightly incorrect copying by constructing specific string objects. NOTE: the vendor states that this reported code behavior is "completely harmless." | |||||
| CVE-2022-25636 | 4 Debian, Linux, Netapp and 1 more | 13 Debian Linux, Linux Kernel, Baseboard Management Controller H300e and 10 more | 2023-02-24 | 6.9 MEDIUM | 7.8 HIGH |
| net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 allows local users to gain privileges because of a heap out-of-bounds write. This is related to nf_tables_offload. | |||||
| CVE-2021-37159 | 3 Debian, Linux, Oracle | 5 Debian Linux, Linux Kernel, Communications Cloud Native Core Binding Support Function and 2 more | 2023-02-24 | 4.4 MEDIUM | 6.4 MEDIUM |
| hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel through 5.13.4 calls unregister_netdev without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free. | |||||
| CVE-2021-3743 | 4 Fedoraproject, Linux, Netapp and 1 more | 21 Fedora, Linux Kernel, Baseboard Management Controller H300e and 18 more | 2023-02-24 | 3.6 LOW | 7.1 HIGH |
| An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel. A missing sanity check allows a local attacker to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability. | |||||
| CVE-2021-4083 | 4 Debian, Linux, Netapp and 1 more | 23 Debian Linux, Linux Kernel, H300e and 20 more | 2023-02-24 | 6.9 MEDIUM | 7.0 HIGH |
| A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. This flaw allows a local user to crash the system or escalate their privileges on the system. This flaw affects Linux kernel versions prior to 5.16-rc4. | |||||
| CVE-2021-43389 | 4 Debian, Linux, Oracle and 1 more | 6 Debian Linux, Linux Kernel, Communications Cloud Native Core Binding Support Function and 3 more | 2023-02-24 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c. | |||||
| CVE-2021-43976 | 5 Debian, Fedoraproject, Linux and 2 more | 23 Debian Linux, Fedora, Linux Kernel and 20 more | 2023-02-24 | 2.1 LOW | 4.6 MEDIUM |
| In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic). | |||||
| CVE-2021-45485 | 3 Linux, Netapp, Oracle | 44 Linux Kernel, Aff A400, Aff A400 Firmware and 41 more | 2023-02-24 | 5.0 MEDIUM | 7.5 HIGH |
| In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses. | |||||
| CVE-2021-45486 | 2 Linux, Oracle | 4 Linux Kernel, Communications Cloud Native Core Binding Support Function, Communications Cloud Native Core Network Exposure Function and 1 more | 2023-02-24 | 2.7 LOW | 3.5 LOW |
| In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak because the hash table is very small. | |||||
| CVE-2021-3752 | 6 Debian, Fedoraproject, Linux and 3 more | 27 Debian Linux, Fedora, Linux Kernel and 24 more | 2023-02-24 | 7.9 HIGH | 7.1 HIGH |
| A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | |||||
| CVE-2021-3773 | 4 Fedoraproject, Linux, Oracle and 1 more | 6 Fedora, Linux Kernel, Communications Cloud Native Core Binding Support Function and 3 more | 2023-02-24 | 7.5 HIGH | 9.8 CRITICAL |
| A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint information for further use in traditional network attacks. | |||||
| CVE-2021-4002 | 4 Debian, Fedoraproject, Linux and 1 more | 6 Debian Linux, Fedora, Linux Kernel and 3 more | 2023-02-22 | 3.6 LOW | 4.4 MEDIUM |
| A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the memory pages. A local user could use this flaw to get unauthorized access to some data. | |||||
| CVE-2021-27568 | 2 Json-smart Project, Oracle | 7 Json-smart-v1, Json-smart-v2, Communications Cloud Native Core Policy and 4 more | 2023-02-15 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue was discovered in netplex json-smart-v1 through 2015-10-23 and json-smart-v2 through 2.4. An exception is thrown from a function, but it is not caught, as demonstrated by NumberFormatException. When it is not caught, it may cause programs using the library to crash or expose sensitive information. | |||||
| CVE-2021-3744 | 5 Debian, Fedoraproject, Linux and 2 more | 24 Debian Linux, Fedora, Linux Kernel and 21 more | 2023-02-12 | 2.1 LOW | 5.5 MEDIUM |
| A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption). This vulnerability is similar with the older CVE-2019-18808. | |||||
| CVE-2021-3772 | 5 Debian, Linux, Netapp and 2 more | 26 Debian Linux, Linux Kernel, E-series Santricity Os Controller and 23 more | 2023-02-12 | 5.8 MEDIUM | 6.5 MEDIUM |
| A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses. | |||||
| CVE-2021-3520 | 3 Lz4 Project, Netapp, Oracle | 5 Lz4, Active Iq Unified Manager, Ontap Select Deploy Administration Utility and 2 more | 2023-02-12 | 7.5 HIGH | 9.8 CRITICAL |
| There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash. The greatest impact of this flaw is to availability, with some potential impact to confidentiality and integrity as well. | |||||