Vulnerabilities > Oracle > Communications Cloud Native Core Network Slice Selection Function > Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2021-12-18	CVE-2021-45105	Uncontrolled Recursion vulnerability in multiple products Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. network high complexity apache netapp debian sonicwall oracle CWE-674	5.9
2021-12-09	CVE-2021-43797	HTTP Request Smuggling vulnerability in multiple products Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. network low complexity netty quarkus netapp oracle debian CWE-444	6.5
2021-10-20	CVE-2021-2471	Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). network high complexity oracle quarkus	5.9
2021-09-29	CVE-2021-22947	Insufficient Verification of Data Authenticity vulnerability in multiple products When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. network high complexity haxx fedoraproject debian netapp oracle siemens apple splunk CWE-345	5.9
2021-08-23	CVE-2021-37750	NULL Pointer Dereference vulnerability in multiple products The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field. network low complexity mit fedoraproject debian starwindsoftware oracle CWE-476	6.5
2021-06-11	CVE-2021-22897	Exposure of Resource to Wrong Sphere vulnerability in multiple products curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library. network low complexity haxx oracle netapp siemens splunk CWE-668	5.3
2021-02-03	CVE-2020-29582	Incorrect Default Permissions vulnerability in multiple products In JetBrains Kotlin before 1.4.21, a vulnerable Java API was used for temporary file and folder creation. network low complexity jetbrains oracle CWE-276	5.3
2021-01-25	CVE-2021-21275	Cross-Site Request Forgery (CSRF) vulnerability in multiple products The MediaWiki "Report" extension has a Cross-Site Request Forgery (CSRF) vulnerability. network low complexity report-project oracle CWE-352	4.3
2021-01-21	CVE-2020-8554	Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. network high complexity kubernetes oracle	5.0

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.