Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Oracle Subscribe
Filtered by product Communications Cloud Native Core Binding Support Function
Total 73 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-0404 2 Google, Oracle 4 Android, Communications Cloud Native Core Binding Support Function, Communications Cloud Native Core Network Exposure Function and 1 more 2023-02-28 4.9 MEDIUM 5.5 MEDIUM
In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-111893654References: Upstream kernel
CVE-2021-36373 2 Apache, Oracle 32 Ant, Agile Plm, Banking Trade Finance and 29 more 2023-02-28 4.3 MEDIUM 5.5 MEDIUM
When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Apache Ant prior to 1.9.16 and 1.10.11 were affected.
CVE-2021-36374 2 Apache, Oracle 36 Ant, Agile Engineering Data Management, Agile Plm and 33 more 2023-02-28 4.3 MEDIUM 5.5 MEDIUM
When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Commonly used derived formats from ZIP archives are for instance JAR files and many office files. Apache Ant prior to 1.9.16 and 1.10.11 were affected.
CVE-2021-37136 5 Debian, Netapp, Netty and 2 more 19 Debian Linux, Oncommand Insight, Netty and 16 more 2023-02-24 5.0 MEDIUM 7.5 HIGH
The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack
CVE-2021-37137 5 Debian, Netapp, Netty and 2 more 12 Debian Linux, Oncommand Insight, Netty and 9 more 2023-02-24 5.0 MEDIUM 7.5 HIGH
The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which may lead to excessive memory usage as well. This vulnerability can be triggered by supplying malicious input that decompresses to a very big size (via a network stream or a file) or by sending a huge skippable chunk.
CVE-2021-43396 2 Gnu, Oracle 7 Glibc, Communications Cloud Native Core Binding Support Function, Communications Cloud Native Core Network Function Cloud Native Environment and 4 more 2023-02-24 5.0 MEDIUM 7.5 HIGH
** DISPUTED ** In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, remote attackers can force iconv() to emit a spurious '\0' character via crafted ISO-2022-JP-3 data that is accompanied by an internal state reset. This may affect data integrity in certain iconv() use cases. NOTE: the vendor states "the bug cannot be invoked through user input and requires iconv to be invoked with a NULL inbuf, which ought to require a separate application bug to do so unintentionally. Hence there's no security impact to the bug."
CVE-2021-43797 5 Debian, Netapp, Netty and 2 more 18 Debian Linux, Oncommand Workflow Automation, Snapcenter and 15 more 2023-02-24 4.3 MEDIUM 6.5 MEDIUM
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. Netty prior to version 4.1.71.Final skips control chars when they are present at the beginning / end of the header name. It should instead fail fast as these are not allowed by the spec and could lead to HTTP request smuggling. Failing to do the validation might cause netty to "sanitize" header names before it forward these to another remote system when used as proxy. This remote system can't see the invalid usage anymore, and therefore does not do the validation itself. Users should upgrade to version 4.1.71.Final.
CVE-2022-25636 4 Debian, Linux, Netapp and 1 more 13 Debian Linux, Linux Kernel, Baseboard Management Controller H300e and 10 more 2023-02-24 6.9 MEDIUM 7.8 HIGH
net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 allows local users to gain privileges because of a heap out-of-bounds write. This is related to nf_tables_offload.
CVE-2021-37159 3 Debian, Linux, Oracle 5 Debian Linux, Linux Kernel, Communications Cloud Native Core Binding Support Function and 2 more 2023-02-24 4.4 MEDIUM 6.4 MEDIUM
hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel through 5.13.4 calls unregister_netdev without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free.
CVE-2021-3743 4 Fedoraproject, Linux, Netapp and 1 more 21 Fedora, Linux Kernel, Baseboard Management Controller H300e and 18 more 2023-02-24 3.6 LOW 7.1 HIGH
An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel. A missing sanity check allows a local attacker to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability.
CVE-2021-4083 4 Debian, Linux, Netapp and 1 more 23 Debian Linux, Linux Kernel, H300e and 20 more 2023-02-24 6.9 MEDIUM 7.0 HIGH
A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. This flaw allows a local user to crash the system or escalate their privileges on the system. This flaw affects Linux kernel versions prior to 5.16-rc4.
CVE-2021-43389 4 Debian, Linux, Oracle and 1 more 6 Debian Linux, Linux Kernel, Communications Cloud Native Core Binding Support Function and 3 more 2023-02-24 2.1 LOW 5.5 MEDIUM
An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c.
CVE-2021-43976 5 Debian, Fedoraproject, Linux and 2 more 23 Debian Linux, Fedora, Linux Kernel and 20 more 2023-02-24 2.1 LOW 4.6 MEDIUM
In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic).
CVE-2021-45485 3 Linux, Netapp, Oracle 44 Linux Kernel, Aff A400, Aff A400 Firmware and 41 more 2023-02-24 5.0 MEDIUM 7.5 HIGH
In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses.
CVE-2021-45486 2 Linux, Oracle 4 Linux Kernel, Communications Cloud Native Core Binding Support Function, Communications Cloud Native Core Network Exposure Function and 1 more 2023-02-24 2.7 LOW 3.5 LOW
In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak because the hash table is very small.
CVE-2021-3752 6 Debian, Fedoraproject, Linux and 3 more 27 Debian Linux, Fedora, Linux Kernel and 24 more 2023-02-24 7.9 HIGH 7.1 HIGH
A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
CVE-2021-3773 4 Fedoraproject, Linux, Oracle and 1 more 6 Fedora, Linux Kernel, Communications Cloud Native Core Binding Support Function and 3 more 2023-02-24 7.5 HIGH 9.8 CRITICAL
A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint information for further use in traditional network attacks.
CVE-2021-43527 4 Mozilla, Netapp, Oracle and 1 more 10 Nss, Nss Esr, Cloud Backup and 7 more 2023-02-22 7.5 HIGH 9.8 CRITICAL
NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS \#7, or PKCS \#12 are likely to be impacted. Applications using NSS for certificate validation or other TLS, X.509, OCSP or CRL functionality may be impacted, depending on how they configure NSS. *Note: This vulnerability does NOT impact Mozilla Firefox.* However, email clients and PDF viewers that use NSS for signature verification, such as Thunderbird, LibreOffice, Evolution and Evince are believed to be impacted. This vulnerability affects NSS < 3.73 and NSS < 3.68.1.
CVE-2022-24329 2 Jetbrains, Oracle 3 Kotlin, Communications Cloud Native Core Binding Support Function, Communications Pricing Design Center 2023-02-22 5.0 MEDIUM 5.3 MEDIUM
In JetBrains Kotlin before 1.6.0, it was not possible to lock dependencies for Multiplatform Gradle Projects.
CVE-2022-22946 2 Oracle, Vmware 6 Commerce Guided Search, Communications Cloud Native Core Binding Support Function, Communications Cloud Native Core Console and 3 more 2023-02-22 2.1 LOW 5.5 MEDIUM
In spring cloud gateway versions prior to 3.1.1+ , applications that are configured to enable HTTP2 and no key store or trusted certificates are set will be configured to use an insecure TrustManager. This makes the gateway able to connect to remote services with invalid or custom certificates.