Vulnerabilities > Oracle > Communications Cloud Native Core Binding Support Function
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-04 | CVE-2021-3743 | An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel. | 7.1 |
| 2022-03-04 | CVE-2021-3744 | A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption). | 5.5 |
| 2022-03-04 | CVE-2022-22946 | Improper Certificate Validation vulnerability in multiple products In spring cloud gateway versions prior to 3.1.1+ , applications that are configured to enable HTTP2 and no key store or trusted certificates are set will be configured to use an insecure TrustManager. | 5.5 |
| 2022-03-03 | CVE-2021-4002 | Memory Leak vulnerability in multiple products A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the memory pages. | 4.4 |
| 2022-03-03 | CVE-2022-22947 | Expression Language Injection vulnerability in multiple products In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. | 10.0 |
| 2022-03-02 | CVE-2021-3772 | A flaw was found in the Linux SCTP stack. | 6.5 |
| 2022-02-26 | CVE-2022-23308 | Use After Free vulnerability in multiple products valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. | 7.5 |
| 2022-02-25 | CVE-2022-24329 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in multiple products In JetBrains Kotlin before 1.6.0, it was not possible to lock dependencies for Multiplatform Gradle Projects. | 5.3 |
| 2022-02-24 | CVE-2022-25636 | Improper Privilege Management vulnerability in multiple products net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 allows local users to gain privileges because of a heap out-of-bounds write. | 7.8 |
| 2022-02-18 | CVE-2021-20322 | Use of Insufficiently Random Values vulnerability in multiple products A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. | 7.4 |