Communications Cloud Native Core Network Function Cloud Native Environment

DATE	CVE	VULNERABILITY TITLE	RISK
2020-09-04	CVE-2019-20916	Path Traversal vulnerability in multiple products The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. network low complexity pypa opensuse debian oracle CWE-22	7.5
2020-09-04	CVE-2020-24977	Out-of-bounds Read vulnerability in multiple products GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. network low complexity xmlsoft debian fedoraproject opensuse netapp oracle CWE-125	6.5
2020-07-27	CVE-2020-7017	Cross-site Scripting vulnerability in multiple products In Kibana versions before 6.8.11 and 7.8.1 the region map visualization in contains a stored XSS flaw. network high complexity elasticsearch oracle CWE-79	6.7
2020-07-27	CVE-2020-7016	Resource Exhaustion vulnerability in multiple products Kibana versions before 6.8.11 and 7.8.1 contain a denial of service (DoS) flaw in Timelion. network high complexity elasticsearch oracle CWE-400	4.8
2020-03-24	CVE-2020-1747	Improper Input Validation vulnerability in multiple products A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. network low complexity pyyaml fedoraproject opensuse oracle CWE-20 critical	9.8
2020-02-07	CVE-2019-15606	Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons network low complexity nodejs oracle debian redhat opensuse critical	9.8
2020-02-07	CVE-2019-15604	Improper Certificate Validation vulnerability in multiple products Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when sending a crafted X.509 certificate network low complexity nodejs debian opensuse redhat oracle CWE-295	7.5
2020-01-22	CVE-2019-16792	HTTP Request Smuggling vulnerability in multiple products Waitress through version 1.3.1 allows request smuggling by sending the Content-Length header twice. network low complexity agendaless oracle debian CWE-444	7.5
2020-01-21	CVE-2020-7595	Infinite Loop vulnerability in multiple products xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation. network low complexity xmlsoft fedoraproject canonical debian siemens netapp oracle CWE-835	7.5
2020-01-21	CVE-2019-20388	Memory Leak vulnerability in multiple products xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak. network low complexity xmlsoft debian netapp oracle opensuse fedoraproject CWE-401	7.5