Communications Cloud Native Core Network Slice Selection Function

DATE	CVE	VULNERABILITY TITLE	RISK
2022-04-01	CVE-2022-22963	Expression Language Injection vulnerability in multiple products In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources. network low complexity vmware oracle CWE-917 critical	9.8
2022-04-01	CVE-2022-22965	Code Injection vulnerability in multiple products A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. network low complexity vmware cisco oracle siemens veritas CWE-94 critical	9.8
2022-03-11	CVE-2020-36518	Out-of-bounds Write vulnerability in multiple products jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects. network low complexity fasterxml oracle debian netapp CWE-787	7.5
2022-03-03	CVE-2022-22947	Expression Language Injection vulnerability in multiple products In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. network low complexity vmware oracle CWE-917 critical	10.0
2022-02-26	CVE-2022-23308	Use After Free vulnerability in multiple products valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. network low complexity xmlsoft fedoraproject debian apple netapp oracle CWE-416	7.5
2021-12-18	CVE-2021-45105	Uncontrolled Recursion vulnerability in multiple products Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. network high complexity apache netapp debian sonicwall oracle CWE-674	5.9
2021-12-09	CVE-2021-43797	HTTP Request Smuggling vulnerability in multiple products Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. network low complexity netty quarkus netapp oracle debian CWE-444	6.5
2021-12-08	CVE-2021-43527	Out-of-bounds Write vulnerability in multiple products NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. network low complexity mozilla netapp oracle starwindsoftware CWE-787 critical	9.8
2021-10-20	CVE-2021-2471	Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). network oracle quarkus	7.9
2021-10-19	CVE-2021-37136	Resource Exhaustion vulnerability in multiple products The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). network low complexity netty quarkus oracle netapp debian CWE-400	7.5