Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

  1. Reconshell
  2. Vulnerabilities (CVE)
Filtered by vendor Oracle Subscribe
Filtered by product Communications Cloud Native Core Network Repository Function
Total 23 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-22569 2 Google, Oracle 7 Google-protobuf, Protobuf-java, Protobuf-kotlin and 4 more 2022-05-10 4.3 MEDIUM 5.5 MEDIUM
An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be processed out of order. A small malicious payload can occupy the parser for several minutes by creating large numbers of short-lived objects that cause frequent, repeated pauses. We recommend upgrading libraries beyond the vulnerable versions.
CVE-2020-8908 4 Google, Netapp, Oracle and 1 more 13 Guava, Active Iq Unified Manager, Commerce Guided Search and 10 more 2022-05-10 2.1 LOW 3.3 LOW
A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the created directory is world-readable (readable by an attacker with access to the system). The method in question has been marked @Deprecated in versions 30.0 and later and should not be used. For Android developers, we recommend choosing a temporary directory API provided by Android, such as context.getCacheDir(). For other Java developers, we recommend migrating to the Java 7 API java.nio.file.Files.createTempDirectory() which explicitly configures permissions of 700, or configuring the Java runtime's java.io.tmpdir system property to point to a location whose permissions are appropriately configured.
CVE-2019-13734 8 Canonical, Debian, Fedoraproject and 5 more 16 Ubuntu Linux, Debian Linux, Fedora and 13 more 2022-03-29 6.8 MEDIUM 8.8 HIGH
Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.