Vulnerabilities > Oracle > Communications Cloud Native Core Automated Test Suite

DATE CVE VULNERABILITY TITLE RISK
2021-08-23 CVE-2021-39154 XStream is a simple library to serialize objects to XML and back again. 8.5
2021-07-26 CVE-2021-22144 Uncontrolled Recursion vulnerability in multiple products
In Elasticsearch versions before 7.13.3 and 6.8.17 an uncontrolled recursion vulnerability that could lead to a denial of service attack was identified in the Elasticsearch Grok parser.
network
low complexity
elastic oracle CWE-674
6.5
2021-07-21 CVE-2021-22145 Information Exposure Through an Error Message vulnerability in multiple products
A memory disclosure vulnerability was identified in Elasticsearch 7.10.0 to 7.13.3 error reporting.
network
low complexity
elastic oracle CWE-209
6.5
2021-07-14 CVE-2021-36373 When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs.
local
low complexity
apache oracle
5.5
2021-07-14 CVE-2021-36374 When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs.
local
low complexity
apache oracle
5.5
2021-07-13 CVE-2021-35515 Infinite Loop vulnerability in multiple products
When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop.
network
low complexity
apache netapp oracle CWE-835
7.5
2021-07-13 CVE-2021-35516 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs.
network
low complexity
apache netapp oracle CWE-770
7.5
2021-07-13 CVE-2021-36090 When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs.
network
low complexity
apache oracle netapp
7.5
2021-05-06 CVE-2021-29921 In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string.
network
low complexity
python oracle
critical
9.8
2021-03-08 CVE-2021-22134 Incorrect Authorization vulnerability in multiple products
A document disclosure flaw was found in Elasticsearch versions after 7.6.0 and before 7.11.0 when Document or Field Level Security is used.
network
low complexity
elastic oracle CWE-863
4.3