Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

  1. Reconshell
  2. Vulnerabilities (CVE)
Filtered by vendor Oracle Subscribe
Filtered by product Communications Cloud Native Core Network Function Cloud Native Environment
Total 43 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-7595 7 Canonical, Debian, Fedoraproject and 4 more 32 Ubuntu Linux, Debian Linux, Fedora and 29 more 2022-07-25 5.0 MEDIUM 7.5 HIGH
xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.
CVE-2021-22901 4 Haxx, Netapp, Oracle and 1 more 33 Curl, Active Iq Unified Manager, Cloud Backup and 30 more 2022-05-13 6.8 MEDIUM 8.1 HIGH
curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection. A malicious server can use this in rare unfortunate circumstances to potentially reach remote code execution in the client. When libcurl at run-time sets up support for TLS 1.3 session tickets on a connection using OpenSSL, it stores pointers to the transfer in-memory object for later retrieval when a session ticket arrives. If the connection is used by multiple transfers (like with a reused HTTP/1.1 connection or multiplexed HTTP/2 connection) that first transfer object might be freed before the new session is established on that connection and then the function will access a memory buffer that might be freed. When using that memory, libcurl might even call a function pointer in the object, making it possible for a remote code execution if the server could somehow manage to get crafted memory content into the correct place in memory.
CVE-2018-15686 4 Canonical, Debian, Oracle and 1 more 4 Ubuntu Linux, Debian Linux, Communications Cloud Native Core Network Function Cloud Native Environment and 1 more 2022-01-31 7.2 HIGH 7.8 HIGH
A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and including 239.