Vulnerabilities > Oracle > Communications Cloud Native Core Network Function Cloud Native Environment > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-02-26 | CVE-2022-23308 | Use After Free vulnerability in multiple products valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. | 7.5 |
2022-02-24 | CVE-2022-24407 | SQL Injection vulnerability in multiple products In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement. | 8.8 |
2021-11-04 | CVE-2021-43396 | In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, remote attackers can force iconv() to emit a spurious '\0' character via crafted ISO-2022-JP-3 data that is accompanied by an internal state reset. | 7.5 |
2021-09-29 | CVE-2021-22946 | Cleartext Transmission of Sensitive Information vulnerability in multiple products A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl). | 7.5 |
2021-09-16 | CVE-2021-34798 | NULL Pointer Dereference vulnerability in multiple products Malformed requests may cause the server to dereference a NULL pointer. | 7.5 |
2021-09-16 | CVE-2021-36160 | Out-of-bounds Read vulnerability in multiple products A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). | 7.5 |
2021-08-12 | CVE-2021-38604 | NULL Pointer Dereference vulnerability in multiple products In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data, leading to a NULL pointer dereference. | 7.5 |
2021-06-11 | CVE-2021-22901 | Use After Free vulnerability in multiple products curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection. | 8.1 |
2021-06-08 | CVE-2021-33560 | Information Exposure Through Discrepancy vulnerability in multiple products Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. | 7.5 |
2021-05-19 | CVE-2021-3517 | There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. | 8.6 |