Vulnerabilities > Oracle > Communications Cloud Native Core Network Function Cloud Native Environment > 1.4.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-02-07 | CVE-2019-15606 | Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons | 9.8 |
2020-02-07 | CVE-2019-15604 | Improper Certificate Validation vulnerability in multiple products Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when sending a crafted X.509 certificate | 7.5 |
2019-08-23 | CVE-2019-10746 | Argument Injection or Modification vulnerability in multiple products mixin-deep is vulnerable to Prototype Pollution in versions before 1.3.2 and version 2.0.0. | 9.8 |
2018-10-26 | CVE-2018-15686 | Deserialization of Untrusted Data vulnerability in multiple products A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. | 7.8 |