Filtered by vendor Oracle Subscriptions
Filtered by product Communications Cloud Native Core Policy Subscriptions
Total 125 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-21971 2 Netapp, Oracle 6 Active Iq Unified Manager, Oncommand Insight, Snapcenter and 3 more 2024-11-21 5.3 Medium
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.32 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors as well as unauthorized update, insert or delete access to some of MySQL Connectors accessible data and unauthorized read access to a subset of MySQL Connectors accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:H).
CVE-2023-21824 1 Oracle 3 Communications Billing And Revenue Management Elastic Charging Engine, Communications Cloud Native Core Binding Support Function, Communications Cloud Native Core Policy 2024-11-21 4.4 Medium
Vulnerability in the Oracle Communications BRM - Elastic Charging Engine product of Oracle Communications Applications (component: Customer, Config, Pricing Manager). Supported versions that are affected are 12.0.0.3.0-12.0.0.7.0. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Communications BRM - Elastic Charging Engine executes to compromise Oracle Communications BRM - Elastic Charging Engine. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications BRM - Elastic Charging Engine accessible data. CVSS 3.1 Base Score 4.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N).
CVE-2022-25636 5 Debian, Linux, Netapp and 2 more 16 Debian Linux, Linux Kernel, H300e and 13 more 2024-11-21 7.8 High
net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 allows local users to gain privileges because of a heap out-of-bounds write. This is related to nf_tables_offload.
CVE-2022-23181 4 Apache, Debian, Oracle and 1 more 10 Tomcat, Debian Linux, Agile Engineering Data Management and 7 more 2024-11-21 7.0 High
The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is using. This issue is only exploitable when Tomcat is configured to persist sessions using the FileStore.
CVE-2022-22965 6 Cisco, Oracle, Redhat and 3 more 45 Cx Cloud Agent, Commerce Platform, Communications Cloud Native Core Automated Test Suite and 42 more 2024-11-21 9.8 Critical
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
CVE-2022-22963 3 Oracle, Redhat, Vmware 29 Banking Branch, Banking Cash Management, Banking Corporate Lending Process Management and 26 more 2024-11-21 9.8 Critical
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.
CVE-2022-0322 4 Fedoraproject, Linux, Oracle and 1 more 6 Fedora, Linux Kernel, Communications Cloud Native Core Binding Support Function and 3 more 2024-11-21 5.5 Medium
A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more buffer than is allocated triggers a BUG_ON issue, leading to a denial of service (DOS).
CVE-2022-0286 3 Linux, Oracle, Redhat 5 Linux Kernel, Communications Cloud Native Core Binding Support Function, Communications Cloud Native Core Network Exposure Function and 2 more 2024-11-21 5.5 Medium
A flaw was found in the Linux kernel. A null pointer dereference in bond_ipsec_add_sa() may lead to local denial of service.
CVE-2022-0002 3 Intel, Oracle, Redhat 505 Atom C3308, Atom C3336, Atom C3338 and 502 more 2024-11-21 6.5 Medium
Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.
CVE-2022-0001 3 Intel, Oracle, Redhat 459 Atom P5921b, Atom P5931b, Atom P5942b and 456 more 2024-11-21 6.5 Medium
Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.
CVE-2021-4203 4 Linux, Netapp, Oracle and 1 more 25 Linux Kernel, A700s, A700s Firmware and 22 more 2024-11-21 6.8 Medium
A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information.
CVE-2021-4083 5 Debian, Linux, Netapp and 2 more 30 Debian Linux, Linux Kernel, H300e and 27 more 2024-11-21 7.0 High
A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. This flaw allows a local user to crash the system or escalate their privileges on the system. This flaw affects Linux kernel versions prior to 5.16-rc4.
CVE-2021-4002 5 Debian, Fedoraproject, Linux and 2 more 7 Debian Linux, Fedora, Linux Kernel and 4 more 2024-11-21 4.4 Medium
A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the memory pages. A local user could use this flaw to get unauthorized access to some data.
CVE-2021-45486 3 Linux, Oracle, Redhat 6 Linux Kernel, Communications Cloud Native Core Binding Support Function, Communications Cloud Native Core Network Exposure Function and 3 more 2024-11-21 3.5 Low
In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak because the hash table is very small.
CVE-2021-45485 4 Linux, Netapp, Oracle and 1 more 46 Linux Kernel, Aff A400, Aff A400 Firmware and 43 more 2024-11-21 7.5 High
In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses.
CVE-2021-45105 6 Apache, Debian, Netapp and 3 more 131 Log4j, Debian Linux, Cloud Manager and 128 more 2024-11-21 5.9 Medium
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.
CVE-2021-43976 6 Debian, Fedoraproject, Linux and 3 more 24 Debian Linux, Fedora, Linux Kernel and 21 more 2024-11-21 4.6 Medium
In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic).
CVE-2021-43818 6 Debian, Fedoraproject, Lxml and 3 more 16 Debian Linux, Fedora, Lxml and 13 more 2024-11-21 8.2 High
lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant context should upgrade to lxml 4.6.5 to receive a patch. There are no known workarounds available.
CVE-2021-43797 6 Debian, Netapp, Netty and 3 more 28 Debian Linux, Oncommand Workflow Automation, Snapcenter and 25 more 2024-11-21 6.5 Medium
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. Netty prior to version 4.1.71.Final skips control chars when they are present at the beginning / end of the header name. It should instead fail fast as these are not allowed by the spec and could lead to HTTP request smuggling. Failing to do the validation might cause netty to "sanitize" header names before it forward these to another remote system when used as proxy. This remote system can't see the invalid usage anymore, and therefore does not do the validation itself. Users should upgrade to version 4.1.71.Final.
CVE-2021-43389 4 Debian, Linux, Oracle and 1 more 6 Debian Linux, Linux Kernel, Communications Cloud Native Core Binding Support Function and 3 more 2024-11-21 5.5 Medium
An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c.