Vulnerabilities > Oracle > Communications Cloud Native Core Policy
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-28 | CVE-2019-18276 | Improper Check for Dropped Privileges vulnerability in multiple products An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. | 7.8 |
| 2019-11-08 | CVE-2019-10219 | Cross-site Scripting vulnerability in multiple products A vulnerability was found in Hibernate-Validator. | 6.1 |
| 2019-08-20 | CVE-2019-10086 | Deserialization of Untrusted Data vulnerability in multiple products In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. | 7.3 |
| 2019-05-06 | CVE-2019-3799 | Path Traversal vulnerability in multiple products Spring Cloud Config, versions 2.1.x prior to 2.1.2, versions 2.0.x prior to 2.0.4, and versions 1.4.x prior to 1.4.6, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. | 6.5 |
| 2017-06-16 | CVE-2017-9735 | Information Exposure Through Discrepancy vulnerability in multiple products Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords. | 7.5 |