Communications Cloud Native Core Network Function Cloud Native Environment

DATE	CVE	VULNERABILITY TITLE	RISK
2021-05-14	CVE-2021-3537	NULL Pointer Dereference vulnerability in multiple products A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. network high complexity xmlsoft redhat debian fedoraproject netapp oracle CWE-476	5.9
2021-04-08	CVE-2021-3448	A flaw was found in dnsmasq in versions before 2.85. network high complexity thekelleys redhat fedoraproject oracle	4.0
2021-02-09	CVE-2020-14343	Improper Input Validation vulnerability in multiple products A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. network low complexity pyyaml oracle CWE-20 critical	9.8
2021-02-07	CVE-2020-36242	Integer Overflow or Wraparound vulnerability in multiple products In the cryptography package before 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow, as demonstrated by the Fernet class. network low complexity cryptography-io fedoraproject oracle CWE-190 critical	9.1
2021-01-19	CVE-2021-3177	Classic Buffer Overflow vulnerability in multiple products Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. network low complexity python fedoraproject netapp debian oracle CWE-120 critical	9.8
2021-01-11	CVE-2020-25659	python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5 ciphertext. network high complexity cryptography-io oracle	5.9
2020-12-08	CVE-2020-1971	NULL Pointer Dereference vulnerability in multiple products The X.509 GeneralName type is a generic type for representing different types of names. network high complexity openssl debian fedoraproject oracle netapp tenable siemens nodejs CWE-476	5.9
2020-10-22	CVE-2020-27619	In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP. network low complexity python fedoraproject oracle critical	9.8
2020-09-30	CVE-2020-26137	Injection vulnerability in multiple products urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). network low complexity python canonical debian oracle CWE-74	6.5
2020-09-16	CVE-2020-7733	Resource Exhaustion vulnerability in multiple products The package ua-parser-js before 0.7.22 are vulnerable to Regular Expression Denial of Service (ReDoS) via the regex for Redmi Phones and Mi Pad Tablets UA. network low complexity ua-parser-js-project oracle CWE-400	7.5