Vulnerabilities > Oracle > Communications Cloud Native Core Console

DATE CVE VULNERABILITY TITLE RISK
2021-11-01 CVE-2021-41973 Infinite Loop vulnerability in multiple products
In Apache MINA, a specifically crafted, malformed HTTP request may cause the HTTP Header decoder to loop indefinitely.
network
low complexity
apache oracle CWE-835
6.5
2021-10-28 CVE-2021-22096 In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries.
network
low complexity
vmware netapp oracle
4.3
2021-09-29 CVE-2021-22946 Cleartext Transmission of Sensitive Information vulnerability in multiple products
A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl).
7.5
2021-09-29 CVE-2021-22947 Insufficient Verification of Data Authenticity vulnerability in multiple products
When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches.
5.9
2021-08-24 CVE-2021-3712 Out-of-bounds Read vulnerability in multiple products
ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length.
7.4
2021-07-12 CVE-2021-30129 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error.
network
low complexity
apache oracle CWE-772
6.5
2021-06-02 CVE-2020-14340 A vulnerability was discovered in XNIO where file descriptor leak caused by growing amounts of NIO Selector file handles between garbage collection cycles.
network
high complexity
redhat oracle
5.9
2021-03-30 CVE-2021-21409 Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients.
network
high complexity
netty debian netapp oracle quarkus
5.9
2021-03-26 CVE-2021-20289 A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final.
network
low complexity
redhat netapp quarkus oracle
5.3
2020-12-02 CVE-2020-25638 A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final.
network
high complexity
hibernate debian quarkus oracle
7.4