Vulnerabilities > Oracle > Communications Cloud Native Core Policy

DATE CVE VULNERABILITY TITLE RISK
2020-12-03 CVE-2020-17527 Information Exposure vulnerability in multiple products
While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream.
network
low complexity
apache netapp debian oracle CWE-200
7.5
2020-11-20 CVE-2020-4788 IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances.
local
high complexity
ibm fedoraproject oracle
4.7
2020-11-06 CVE-2020-28196 Uncontrolled Recursion vulnerability in multiple products
MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite lengths lacks a recursion limit.
network
low complexity
mit fedoraproject netapp oracle CWE-674
7.5
2020-10-12 CVE-2020-15250 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
In JUnit4 from version 4.7 and before 4.13.1, the test rule TemporaryFolder contains a local information disclosure vulnerability.
local
low complexity
junit debian apache oracle CWE-732
5.5
2020-09-17 CVE-2020-0404 Improper Privilege Management vulnerability in multiple products
In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause.
local
low complexity
google oracle CWE-269
5.5
2020-09-04 CVE-2019-20916 Path Traversal vulnerability in multiple products
The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file.
network
low complexity
pypa opensuse debian oracle CWE-22
7.5
2020-09-02 CVE-2020-24553 Cross-site Scripting vulnerability in multiple products
Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header.
network
low complexity
golang fedoraproject opensuse oracle CWE-79
6.1
2020-08-08 CVE-2020-15824 Improper Privilege Management vulnerability in multiple products
In JetBrains Kotlin from 1.4-M1 to 1.4-RC (as Kotlin 1.3.7x is not affected by the issue.
network
low complexity
jetbrains oracle CWE-269
8.8
2020-07-29 CVE-2020-16135 NULL Pointer Dereference vulnerability in multiple products
libssh 0.9.4 has a NULL pointer dereference in tftpserver.c if ssh_buffer_new returns NULL.
5.9
2020-07-15 CVE-2020-8203 Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.
network
high complexity
lodash oracle
7.4