Filtered by vendor Oracle
Subscribe
Filtered by product Communications Cloud Native Core Network Exposure Function
Subscribe
Total
30 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-0404 | 2 Google, Oracle | 4 Android, Communications Cloud Native Core Binding Support Function, Communications Cloud Native Core Network Exposure Function and 1 more | 2023-02-28 | 4.9 MEDIUM | 5.5 MEDIUM |
In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-111893654References: Upstream kernel | |||||
CVE-2022-25636 | 4 Debian, Linux, Netapp and 1 more | 13 Debian Linux, Linux Kernel, Baseboard Management Controller H300e and 10 more | 2023-02-24 | 6.9 MEDIUM | 7.8 HIGH |
net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 allows local users to gain privileges because of a heap out-of-bounds write. This is related to nf_tables_offload. | |||||
CVE-2021-37159 | 3 Debian, Linux, Oracle | 5 Debian Linux, Linux Kernel, Communications Cloud Native Core Binding Support Function and 2 more | 2023-02-24 | 4.4 MEDIUM | 6.4 MEDIUM |
hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel through 5.13.4 calls unregister_netdev without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free. | |||||
CVE-2021-3743 | 4 Fedoraproject, Linux, Netapp and 1 more | 21 Fedora, Linux Kernel, Baseboard Management Controller H300e and 18 more | 2023-02-24 | 3.6 LOW | 7.1 HIGH |
An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel. A missing sanity check allows a local attacker to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability. | |||||
CVE-2021-4083 | 4 Debian, Linux, Netapp and 1 more | 23 Debian Linux, Linux Kernel, H300e and 20 more | 2023-02-24 | 6.9 MEDIUM | 7.0 HIGH |
A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. This flaw allows a local user to crash the system or escalate their privileges on the system. This flaw affects Linux kernel versions prior to 5.16-rc4. | |||||
CVE-2021-43389 | 4 Debian, Linux, Oracle and 1 more | 6 Debian Linux, Linux Kernel, Communications Cloud Native Core Binding Support Function and 3 more | 2023-02-24 | 2.1 LOW | 5.5 MEDIUM |
An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c. | |||||
CVE-2021-43976 | 5 Debian, Fedoraproject, Linux and 2 more | 23 Debian Linux, Fedora, Linux Kernel and 20 more | 2023-02-24 | 2.1 LOW | 4.6 MEDIUM |
In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic). | |||||
CVE-2021-45485 | 3 Linux, Netapp, Oracle | 44 Linux Kernel, Aff A400, Aff A400 Firmware and 41 more | 2023-02-24 | 5.0 MEDIUM | 7.5 HIGH |
In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses. | |||||
CVE-2021-45486 | 2 Linux, Oracle | 4 Linux Kernel, Communications Cloud Native Core Binding Support Function, Communications Cloud Native Core Network Exposure Function and 1 more | 2023-02-24 | 2.7 LOW | 3.5 LOW |
In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak because the hash table is very small. | |||||
CVE-2021-3752 | 6 Debian, Fedoraproject, Linux and 3 more | 27 Debian Linux, Fedora, Linux Kernel and 24 more | 2023-02-24 | 7.9 HIGH | 7.1 HIGH |
A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | |||||
CVE-2021-3773 | 4 Fedoraproject, Linux, Oracle and 1 more | 6 Fedora, Linux Kernel, Communications Cloud Native Core Binding Support Function and 3 more | 2023-02-24 | 7.5 HIGH | 9.8 CRITICAL |
A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint information for further use in traditional network attacks. | |||||
CVE-2021-4002 | 4 Debian, Fedoraproject, Linux and 1 more | 6 Debian Linux, Fedora, Linux Kernel and 3 more | 2023-02-22 | 3.6 LOW | 4.4 MEDIUM |
A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the memory pages. A local user could use this flaw to get unauthorized access to some data. | |||||
CVE-2021-3744 | 5 Debian, Fedoraproject, Linux and 2 more | 24 Debian Linux, Fedora, Linux Kernel and 21 more | 2023-02-12 | 2.1 LOW | 5.5 MEDIUM |
A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption). This vulnerability is similar with the older CVE-2019-18808. | |||||
CVE-2021-3772 | 5 Debian, Linux, Netapp and 2 more | 26 Debian Linux, Linux Kernel, E-series Santricity Os Controller and 23 more | 2023-02-12 | 5.8 MEDIUM | 6.5 MEDIUM |
A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses. | |||||
CVE-2022-22965 | 5 Cisco, Oracle, Siemens and 2 more | 38 Cx Cloud Agent, Commerce Platform, Communications Cloud Native Core Automated Test Suite and 35 more | 2023-02-08 | 7.5 HIGH | 9.8 CRITICAL |
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it. | |||||
CVE-2020-4788 | 3 Fedoraproject, Ibm, Oracle | 7 Fedora, Aix, Power9 and 4 more | 2023-02-03 | 1.9 LOW | 4.7 MEDIUM |
IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296. | |||||
CVE-2021-21781 | 2 Linux, Oracle | 4 Linux Kernel, Communications Cloud Native Core Binding Support Function, Communications Cloud Native Core Network Exposure Function and 1 more | 2023-02-03 | 2.1 LOW | 3.3 LOW |
An information disclosure vulnerability exists in the ARM SIGPAGE functionality of Linux Kernel v5.4.66 and v5.4.54. The latest version (5.11-rc4) seems to still be vulnerable. A userland application can read the contents of the sigpage, which can leak kernel memory contents. An attacker can read a process’s memory at a specific offset to trigger this vulnerability. This was fixed in kernel releases: 4.14.222 4.19.177 5.4.99 5.10.17 5.11 | |||||
CVE-2022-0322 | 3 Fedoraproject, Linux, Oracle | 5 Fedora, Linux Kernel, Communications Cloud Native Core Binding Support Function and 2 more | 2023-02-02 | 2.1 LOW | 5.5 MEDIUM |
A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more buffer than is allocated triggers a BUG_ON issue, leading to a denial of service (DOS). | |||||
CVE-2021-3737 | 6 Canonical, Fedoraproject, Netapp and 3 more | 17 Ubuntu Linux, Fedora, Hci and 14 more | 2023-02-02 | 7.1 HIGH | 7.5 HIGH |
A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability. | |||||
CVE-2022-0286 | 2 Linux, Oracle | 4 Linux Kernel, Communications Cloud Native Core Binding Support Function, Communications Cloud Native Core Network Exposure Function and 1 more | 2023-02-02 | 2.1 LOW | 5.5 MEDIUM |
A flaw was found in the Linux kernel. A null pointer dereference in bond_ipsec_add_sa() may lead to local denial of service. |