Communications Cloud Native Core Automated Test Suite

DATE	CVE	VULNERABILITY TITLE	RISK
2021-08-23	CVE-2021-39154	Unrestricted Upload of File with Dangerous Type vulnerability in multiple products XStream is a simple library to serialize objects to XML and back again. network high complexity xstream-project fedoraproject debian netapp oracle CWE-434	8.5
2021-07-26	CVE-2021-22144	Uncontrolled Recursion vulnerability in multiple products In Elasticsearch versions before 7.13.3 and 6.8.17 an uncontrolled recursion vulnerability that could lead to a denial of service attack was identified in the Elasticsearch Grok parser. network low complexity elastic oracle CWE-674	4.0
2021-07-21	CVE-2021-22145	Information Exposure Through an Error Message vulnerability in multiple products A memory disclosure vulnerability was identified in Elasticsearch 7.10.0 to 7.13.3 error reporting. network low complexity elastic oracle CWE-209	4.0
2021-07-14	CVE-2021-36373	When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. local low complexity apache oracle	5.5
2021-07-14	CVE-2021-36374	When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. local low complexity apache oracle	5.5
2021-07-13	CVE-2021-35515	Infinite Loop vulnerability in multiple products When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. network low complexity apache netapp oracle CWE-835	7.5
2021-07-13	CVE-2021-35516	Allocation of Resources Without Limits or Throttling vulnerability in multiple products When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. network low complexity apache netapp oracle CWE-770	7.5
2021-07-13	CVE-2021-36090	When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. network low complexity apache oracle netapp	7.5
2021-05-06	CVE-2021-29921	In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. network low complexity python oracle critical	9.8
2021-03-08	CVE-2021-22134	Incorrect Authorization vulnerability in multiple products A document disclosure flaw was found in Elasticsearch versions after 7.6.0 and before 7.11.0 when Document or Field Level Security is used. network low complexity elastic oracle CWE-863	4.3