Filtered by vendor Oracle
Subscribe
Filtered by product Communications Cloud Native Core Policy
Subscribe
Total
123 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-8203 | 2 Lodash, Oracle | 18 Lodash, Banking Corporate Lending Process Management, Banking Credit Facilities Process Management and 15 more | 2022-05-12 | 5.8 MEDIUM | 7.4 HIGH |
| Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20. | |||||
| CVE-2020-16135 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2022-05-12 | 4.3 MEDIUM | 5.9 MEDIUM |
| libssh 0.9.4 has a NULL pointer dereference in tftpserver.c if ssh_buffer_new returns NULL. | |||||
| CVE-2020-13935 | 7 Apache, Canonical, Debian and 4 more | 18 Tomcat, Ubuntu Linux, Debian Linux and 15 more | 2022-05-12 | 5.0 MEDIUM | 7.5 HIGH |
| The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service. | |||||
| CVE-2020-29363 | 3 Debian, Oracle, P11-kit Project | 3 Debian Linux, Communications Cloud Native Core Policy, P11-kit | 2022-05-12 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in p11-kit 0.23.6 through 0.23.21. A heap-based buffer overflow has been discovered in the RPC protocol used by p11-kit server/remote commands and the client library. When the remote entity supplies a serialized byte array in a CK_ATTRIBUTE, the receiving entity may not allocate sufficient length for the buffer to store the deserialized value. | |||||
| CVE-2020-17527 | 4 Apache, Debian, Netapp and 1 more | 12 Tomcat, Debian Linux, Element Plug-in and 9 more | 2022-05-12 | 5.0 MEDIUM | 7.5 HIGH |
| While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. While this would most likely lead to an error and the closure of the HTTP/2 connection, it is possible that information could leak between requests. | |||||
| CVE-2020-28196 | 4 Fedoraproject, Mit, Netapp and 1 more | 11 Fedora, Kerberos 5, Active Iq Unified Manager and 8 more | 2022-05-12 | 5.0 MEDIUM | 7.5 HIGH |
| MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite lengths lacks a recursion limit. | |||||
| CVE-2020-15250 | 4 Apache, Debian, Junit and 1 more | 4 Pluto, Debian Linux, Junit4 and 1 more | 2022-05-12 | 1.9 LOW | 5.5 MEDIUM |
| In JUnit4 from version 4.7 and before 4.13.1, the test rule TemporaryFolder contains a local information disclosure vulnerability. On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability does not allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. This vulnerability impacts you if the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder, and the JUnit tests execute in an environment where the OS has other untrusted users. Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. For Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. For Java 1.6 and lower users: no patch is available, you must use the workaround below. If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. For more information, including an example of vulnerable code, see the referenced GitHub Security Advisory. | |||||
| CVE-2021-21409 | 5 Debian, Netapp, Netty and 2 more | 18 Debian Linux, Oncommand Api Services, Oncommand Workflow Automation and 15 more | 2022-05-12 | 4.3 MEDIUM | 5.9 MEDIUM |
| Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.61.Final there is a vulnerability that enables request smuggling. The content-length header is not correctly validated if the request only uses a single Http2HeaderFrame with the endStream set to to true. This could lead to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. This is a followup of GHSA-wm47-8v5p-wjpj/CVE-2021-21295 which did miss to fix this one case. This was fixed as part of 4.1.61.Final. | |||||
| CVE-2020-13936 | 3 Apache, Debian, Oracle | 16 Velocity Engine, Wss4j, Debian Linux and 13 more | 2022-05-12 | 9.0 HIGH | 8.8 HIGH |
| An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running Apache Velocity Engine versions up to 2.2. | |||||
| CVE-2021-21295 | 6 Apache, Debian, Netapp and 3 more | 8 Kudu, Zookeeper, Debian Linux and 5 more | 2022-05-12 | 2.6 LOW | 5.9 MEDIUM |
| Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.60.Final there is a vulnerability that enables request smuggling. If a Content-Length header is present in the original HTTP/2 request, the field is not validated by `Http2MultiplexHandler` as it is propagated up. This is fine as long as the request is not proxied through as HTTP/1.1. If the request comes in as an HTTP/2 stream, gets converted into the HTTP/1.1 domain objects (`HttpRequest`, `HttpContent`, etc.) via `Http2StreamFrameToHttpObjectCodec `and then sent up to the child channel's pipeline and proxied through a remote peer as HTTP/1.1 this may result in request smuggling. In a proxy case, users may assume the content-length is validated somehow, which is not the case. If the request is forwarded to a backend channel that is a HTTP/1.1 connection, the Content-Length now has meaning and needs to be checked. An attacker can smuggle requests inside the body as it gets downgraded from HTTP/2 to HTTP/1.1. For an example attack refer to the linked GitHub Advisory. Users are only affected if all of this is true: `HTTP2MultiplexCodec` or `Http2FrameCodec` is used, `Http2StreamFrameToHttpObjectCodec` is used to convert to HTTP/1.1 objects, and these HTTP/1.1 objects are forwarded to another remote peer. This has been patched in 4.1.60.Final As a workaround, the user can do the validation by themselves by implementing a custom `ChannelInboundHandler` that is put in the `ChannelPipeline` behind `Http2StreamFrameToHttpObjectCodec`. | |||||
| CVE-2020-8554 | 2 Kubernetes, Oracle | 4 Kubernetes, Communications Cloud Native Core Network Slice Selection Function, Communications Cloud Native Core Policy and 1 more | 2022-05-12 | 6.0 MEDIUM | 5.0 MEDIUM |
| Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status (which is considered a privileged operation and should not typically be granted to users) of a LoadBalancer service can set the status.loadBalancer.ingress.ip to similar effect. | |||||
| CVE-2020-29582 | 2 Jetbrains, Oracle | 4 Kotlin, Communications Cloud Native Core Network Slice Selection Function, Communications Cloud Native Core Policy and 1 more | 2022-05-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains Kotlin before 1.4.21, a vulnerable Java API was used for temporary file and folder creation. An attacker was able to read data from such files and list directories due to insecure permissions. | |||||
| CVE-2021-33880 | 2 Oracle, Websockets Project | 5 Communications Cloud Native Core Policy, Communications Cloud Native Core Security Edge Protection Proxy, Communications Cloud Native Core Service Communication Proxy and 2 more | 2022-05-12 | 2.6 LOW | 5.9 MEDIUM |
| The aaugustin websockets library before 9.1 for Python has an Observable Timing Discrepancy on servers when HTTP Basic Authentication is enabled with basic_auth_protocol_factory(credentials=...). An attacker may be able to guess a password via a timing attack. | |||||
| CVE-2021-22569 | 2 Google, Oracle | 7 Google-protobuf, Protobuf-java, Protobuf-kotlin and 4 more | 2022-05-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be processed out of order. A small malicious payload can occupy the parser for several minutes by creating large numbers of short-lived objects that cause frequent, repeated pauses. We recommend upgrading libraries beyond the vulnerable versions. | |||||
| CVE-2021-2471 | 2 Oracle, Quarkus | 6 Communications Cloud Native Core Console, Communications Cloud Native Core Network Slice Selection Function, Communications Cloud Native Core Policy and 3 more | 2022-04-28 | 7.9 HIGH | 5.9 MEDIUM |
| Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Connectors accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors. CVSS 3.1 Base Score 5.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H). | |||||
| CVE-2021-35574 | 1 Oracle | 2 Communications Cloud Native Core Policy, Outside In Technology | 2022-04-28 | 5.0 MEDIUM | 7.5 HIGH |
| Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS Base Score depend on the software that uses Outside In Technology. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology, but if data is not received over a network the CVSS score may be lower. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2021-28170 | 3 Eclipse, Oracle, Quarkus | 4 Jakarta Expression Language, Communications Cloud Native Core Policy, Weblogic Server and 1 more | 2022-04-25 | 5.0 MEDIUM | 5.3 MEDIUM |
| In the Jakarta Expression Language implementation 3.0.3 and earlier, a bug in the ELParserTokenManager enables invalid EL expressions to be evaluated as if they were valid. | |||||
| CVE-2020-13949 | 2 Apache, Oracle | 4 Hive, Thrift, Communications Cloud Native Core Network Slice Selection Function and 1 more | 2022-04-04 | 5.0 MEDIUM | 7.5 HIGH |
| In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. | |||||
| CVE-2021-23440 | 2 Oracle, Set-value Project | 2 Communications Cloud Native Core Policy, Set-value | 2022-03-29 | 7.5 HIGH | 9.8 CRITICAL |
| This affects the package set-value before <2.0.1, >=3.0.0 <4.0.1. A type confusion vulnerability can lead to a bypass of CVE-2019-10747 when the user-provided keys used in the path parameter are arrays. | |||||
| CVE-2020-28469 | 2 Gulpjs, Oracle | 2 Glob-parent, Communications Cloud Native Core Policy | 2022-03-29 | 5.0 MEDIUM | 7.5 HIGH |
| This affects the package glob-parent before 5.1.2. The enclosure regex used to check for strings ending in enclosure containing path separator. | |||||