Vulnerabilities > Oracle > Communications Cloud Native Core Network Slice Selection Function > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-12-18 CVE-2021-45105 Uncontrolled Recursion vulnerability in multiple products
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups.
network
high complexity
apache netapp debian sonicwall oracle CWE-674
5.9
2021-12-09 CVE-2021-43797 Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients.
network
low complexity
netty quarkus netapp oracle debian
6.5
2021-09-29 CVE-2021-22947 Insufficient Verification of Data Authenticity vulnerability in multiple products
When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches.
5.9
2021-08-23 CVE-2021-37750 NULL Pointer Dereference vulnerability in multiple products
The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field.
6.5
2021-06-11 CVE-2021-22897 Exposure of Resource to Wrong Sphere vulnerability in multiple products
curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library.
network
low complexity
haxx oracle netapp siemens splunk CWE-668
5.3
2021-02-03 CVE-2020-29582 Incorrect Default Permissions vulnerability in multiple products
In JetBrains Kotlin before 1.4.21, a vulnerable Java API was used for temporary file and folder creation.
network
low complexity
jetbrains oracle CWE-276
5.3
2021-01-25 CVE-2021-21275 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
The MediaWiki "Report" extension has a Cross-Site Request Forgery (CSRF) vulnerability.
network
low complexity
report-project oracle CWE-352
4.3
2021-01-21 CVE-2020-8554 Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address.
network
high complexity
kubernetes oracle
5.0