Vulnerabilities > Oracle > Communications Cloud Native Core Console > Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2022-03-04	CVE-2022-22946	Improper Certificate Validation vulnerability in multiple products In spring cloud gateway versions prior to 3.1.1+ , applications that are configured to enable HTTP2 and no key store or trusted certificates are set will be configured to use an insecure TrustManager. local low complexity vmware oracle CWE-295	5.5
2022-01-10	CVE-2021-22060	In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. network low complexity vmware oracle	4.3
2022-01-10	CVE-2021-22569	An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be processed out of order. local low complexity google oracle	5.5
2021-12-18	CVE-2021-45105	Uncontrolled Recursion vulnerability in multiple products Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. network high complexity apache netapp debian sonicwall oracle CWE-674	5.9
2021-11-01	CVE-2021-41973	Infinite Loop vulnerability in multiple products In Apache MINA, a specifically crafted, malformed HTTP request may cause the HTTP Header decoder to loop indefinitely. network low complexity apache oracle CWE-835	6.5
2021-10-28	CVE-2021-22096	In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. network low complexity vmware netapp oracle	4.3
2021-10-20	CVE-2021-2471	Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). network high complexity oracle quarkus	5.9
2021-09-29	CVE-2021-22947	Insufficient Verification of Data Authenticity vulnerability in multiple products When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. network high complexity haxx fedoraproject debian netapp oracle siemens apple splunk CWE-345	5.9
2021-07-12	CVE-2021-30129	Missing Release of Resource after Effective Lifetime vulnerability in multiple products A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error. network low complexity apache oracle CWE-772	6.5
2021-06-02	CVE-2020-14340	A vulnerability was discovered in XNIO where file descriptor leak caused by growing amounts of NIO Selector file handles between garbage collection cycles. network high complexity redhat oracle	5.9

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.