Vulnerabilities > Oracle > Communications Cloud Native Core Network Function Cloud Native Environment

DATE CVE VULNERABILITY TITLE RISK
2019-12-26 CVE-2019-16789 HTTP Request Smuggling vulnerability in multiple products
In Waitress through version 1.4.0, if a proxy server is used in front of waitress, an invalid request may be sent by an attacker that bypasses the front-end and is parsed differently by waitress leading to a potential for HTTP request smuggling.
8.2
2019-12-20 CVE-2019-16786 HTTP Request Smuggling vulnerability in multiple products
Waitress through version 1.3.1 would parse the Transfer-Encoding header and only look for a single string value, if that value was not chunked it would fall through and use the Content-Length header instead.
7.5
2019-12-20 CVE-2019-16785 HTTP Request Smuggling vulnerability in multiple products
Waitress through version 1.3.1 implemented a "MAY" part of the RFC7230 which states: "Although the line terminator for the start-line and header fields is the sequence CRLF, a recipient MAY recognize a single LF as a line terminator and ignore any preceding CR." Unfortunately if a front-end server does not parse header fields with an LF the same way as it does those with a CRLF it can lead to the front-end and the back-end server parsing the same HTTP message in two different ways.
7.5
2019-11-08 CVE-2019-10219 A vulnerability was found in Hibernate-Validator.
network
low complexity
redhat netapp oracle
6.1
2019-08-23 CVE-2019-10746 Argument Injection or Modification vulnerability in multiple products
mixin-deep is vulnerable to Prototype Pollution in versions before 1.3.2 and version 2.0.0.
network
low complexity
mixin-deep-project fedoraproject oracle CWE-88
critical
9.8
2018-10-26 CVE-2018-15686 Deserialization of Untrusted Data vulnerability in multiple products
A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess.
7.8