Vulnerabilities > Oracle > Communications Cloud Native Core Network Function Cloud Native Environment
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-09-04 | CVE-2019-20916 | Path Traversal vulnerability in multiple products The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. | 7.5 |
2020-09-04 | CVE-2020-24977 | Out-of-bounds Read vulnerability in multiple products GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. | 6.5 |
2020-07-27 | CVE-2020-7017 | Cross-site Scripting vulnerability in multiple products In Kibana versions before 6.8.11 and 7.8.1 the region map visualization in contains a stored XSS flaw. | 6.7 |
2020-07-27 | CVE-2020-7016 | Resource Exhaustion vulnerability in multiple products Kibana versions before 6.8.11 and 7.8.1 contain a denial of service (DoS) flaw in Timelion. | 4.8 |
2020-03-24 | CVE-2020-1747 | A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. | 9.8 |
2020-02-07 | CVE-2019-15606 | Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons | 9.8 |
2020-02-07 | CVE-2019-15604 | Improper Certificate Validation vulnerability in multiple products Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when sending a crafted X.509 certificate | 7.5 |
2020-01-22 | CVE-2019-16792 | HTTP Request Smuggling vulnerability in multiple products Waitress through version 1.3.1 allows request smuggling by sending the Content-Length header twice. | 7.5 |
2020-01-21 | CVE-2020-7595 | Infinite Loop vulnerability in multiple products xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation. | 7.5 |
2020-01-21 | CVE-2019-20388 | Memory Leak vulnerability in multiple products xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak. | 7.5 |