Vulnerabilities > Oracle > Communications Cloud Native Core Policy
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-18 | CVE-2023-21971 | Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). | 5.3 |
| 2023-01-18 | CVE-2023-21824 | Unspecified vulnerability in Oracle products Vulnerability in the Oracle Communications BRM - Elastic Charging Engine product of Oracle Communications Applications (component: Customer, Config, Pricing Manager). | 4.4 |
| 2022-04-01 | CVE-2022-22963 | Expression Language Injection vulnerability in multiple products In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources. | 9.8 |
| 2022-04-01 | CVE-2022-22965 | Code Injection vulnerability in multiple products A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. | 9.8 |
| 2022-03-25 | CVE-2021-4203 | Race Condition vulnerability in multiple products A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. | 6.8 |
| 2022-03-25 | CVE-2022-0322 | Incorrect Type Conversion or Cast vulnerability in multiple products A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. | 5.5 |
| 2022-03-11 | CVE-2022-0001 | Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. | 6.5 |
| 2022-03-11 | CVE-2022-0002 | Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. | 2.1 |
| 2022-03-04 | CVE-2021-3737 | Infinite Loop vulnerability in multiple products A flaw was found in python. | 7.5 |
| 2022-03-04 | CVE-2021-3743 | Out-of-bounds Read vulnerability in multiple products An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel. | 7.1 |