Communications Cloud Native Core Policy

DATE	CVE	VULNERABILITY TITLE	RISK
2022-01-10	CVE-2021-22569	An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be processed out of order. local low complexity google oracle	5.5
2022-01-10	CVE-2021-42392	Deserialization of Untrusted Data vulnerability in multiple products The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. network low complexity h2database debian oracle CWE-502 critical	9.8
2021-12-25	CVE-2021-45485	Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses. network low complexity linux netapp oracle CWE-327	7.5
2021-12-25	CVE-2021-45486	Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak because the hash table is very small. low complexity linux oracle CWE-327	3.5
2021-12-18	CVE-2021-45105	Uncontrolled Recursion vulnerability in multiple products Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. network high complexity apache netapp debian sonicwall oracle CWE-674	5.9
2021-12-17	CVE-2021-34141	Incorrect Comparison vulnerability in multiple products An incomplete string comparison in the numpy.core component in NumPy before 1.22.0 allows attackers to trigger slightly incorrect copying by constructing specific string objects. network low complexity numpy oracle CWE-697	5.3
2021-12-13	CVE-2021-43818	Injection vulnerability in multiple products lxml is a library for processing XML and HTML in the Python language. network low complexity lxml fedoraproject debian netapp oracle CWE-74	7.1
2021-12-09	CVE-2021-43797	HTTP Request Smuggling vulnerability in multiple products Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. network low complexity netty quarkus netapp oracle debian CWE-444	6.5
2021-11-17	CVE-2021-43976	In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic). low complexity linux fedoraproject debian netapp oracle	4.6
2021-11-10	CVE-2021-3572	A flaw was found in python-pip in the way it handled Unicode separators in git references. network low complexity pypa oracle	5.7