Vulnerabilities > Oracle > Communications Cloud Native Core Binding Support Function > High

DATE	CVE	VULNERABILITY TITLE	RISK
2022-01-18	CVE-2021-4083	Race Condition vulnerability in multiple products A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. local high complexity linux netapp debian oracle CWE-362	7.0
2021-12-25	CVE-2021-45485	Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses. network low complexity linux netapp oracle CWE-327	7.5
2021-12-13	CVE-2021-43818	Injection vulnerability in multiple products lxml is a library for processing XML and HTML in the Python language. network low complexity lxml fedoraproject debian netapp oracle CWE-74	7.1
2021-11-04	CVE-2021-43396	In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, remote attackers can force iconv() to emit a spurious '\0' character via crafted ISO-2022-JP-3 data that is accompanied by an internal state reset. network low complexity gnu oracle	7.5
2021-10-19	CVE-2021-37136	Resource Exhaustion vulnerability in multiple products The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). network low complexity netty quarkus oracle netapp debian CWE-400	7.5
2021-10-19	CVE-2021-37137	Resource Exhaustion vulnerability in multiple products The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. network low complexity netty oracle quarkus netapp debian CWE-400	7.5
2021-09-29	CVE-2021-22946	Cleartext Transmission of Sensitive Information vulnerability in multiple products A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl). network low complexity haxx debian fedoraproject netapp oracle apple siemens splunk CWE-319	7.5
2021-08-23	CVE-2021-39150	Deserialization of Untrusted Data vulnerability in multiple products XStream is a simple library to serialize objects to XML and back again. network high complexity xstream-project fedoraproject debian netapp oracle CWE-502	8.5
2021-08-23	CVE-2021-39152	Deserialization of Untrusted Data vulnerability in multiple products XStream is a simple library to serialize objects to XML and back again. network high complexity xstream-project fedoraproject debian netapp oracle CWE-502	8.5
2021-08-23	CVE-2021-39139	Unrestricted Upload of File with Dangerous Type vulnerability in multiple products XStream is a simple library to serialize objects to XML and back again. network low complexity xstream-project debian fedoraproject netapp oracle CWE-434	8.8

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.