Vulnerabilities > Oracle > Communications Cloud Native Core Binding Support Function

DATE CVE VULNERABILITY TITLE RISK
2022-02-24 CVE-2022-25636 Improper Privilege Management vulnerability in multiple products
net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 allows local users to gain privileges because of a heap out-of-bounds write.
local
low complexity
linux debian netapp oracle CWE-269
7.8
2022-02-18 CVE-2021-20322 Use of Insufficiently Random Values vulnerability in multiple products
A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports.
network
high complexity
linux fedoraproject debian netapp oracle CWE-330
7.4
2022-02-16 CVE-2021-3752 Race Condition vulnerability in multiple products
A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition.
7.1
2022-02-16 CVE-2021-3773 A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint information for further use in traditional network attacks.
network
low complexity
linux fedoraproject redhat oracle
critical
9.8
2022-01-31 CVE-2022-0286 NULL Pointer Dereference vulnerability in multiple products
A flaw was found in the Linux kernel.
local
low complexity
linux oracle CWE-476
5.5
2022-01-18 CVE-2021-4083 Race Condition vulnerability in multiple products
A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition.
local
high complexity
linux netapp debian oracle CWE-362
7.0
2022-01-14 CVE-2022-23219 Classic Buffer Overflow vulnerability in multiple products
The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.
network
low complexity
gnu oracle debian CWE-120
critical
9.8
2021-12-25 CVE-2021-45485 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses.
network
low complexity
linux netapp oracle CWE-327
7.5
2021-12-25 CVE-2021-45486 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak because the hash table is very small.
low complexity
linux oracle CWE-327
3.5
2021-12-13 CVE-2021-43818 Injection vulnerability in multiple products
lxml is a library for processing XML and HTML in the Python language.
network
low complexity
lxml fedoraproject debian netapp oracle CWE-74
7.1