Communications Cloud Native Core Policy

DATE	CVE	VULNERABILITY TITLE	RISK
2021-11-04	CVE-2021-43389	Out-of-bounds Read vulnerability in multiple products An issue was discovered in the Linux kernel before 5.14.15. local low complexity linux redhat debian oracle CWE-125	5.5
2021-11-03	CVE-2020-27820	Use After Free vulnerability in multiple products A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could happen if removing device (that is not common to remove video card physically without power-off, but same happens if "unbind" the driver). local high complexity linux fedoraproject oracle CWE-416	4.7
2021-10-20	CVE-2021-2471	Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). network high complexity oracle quarkus	5.9
2021-10-20	CVE-2021-35574	Unspecified vulnerability in Oracle products Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). network low complexity oracle	7.5
2021-10-20	CVE-2021-42739	Out-of-bounds Write vulnerability in multiple products The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandles bounds checking. local low complexity linux fedoraproject debian starwindsoftware oracle CWE-787	6.7
2021-10-19	CVE-2021-37136	Resource Exhaustion vulnerability in multiple products The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). network low complexity netty quarkus oracle netapp debian CWE-400	7.5
2021-09-22	CVE-2021-38153	Information Exposure Through Discrepancy vulnerability in multiple products Some components in Apache Kafka use `Arrays.equals` to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful. network high complexity apache quarkus oracle CWE-203	5.9
2021-09-17	CVE-2021-3807	ansi-regex is vulnerable to Inefficient Regular Expression Complexity network low complexity ansi-regex-project oracle	7.5
2021-09-12	CVE-2021-23440	Type Confusion vulnerability in multiple products This affects the package set-value before <2.0.1, >=3.0.0 <4.0.1. network low complexity set-value-project oracle CWE-843 critical	9.8
2021-08-23	CVE-2021-39140	Infinite Loop vulnerability in multiple products XStream is a simple library to serialize objects to XML and back again. network high complexity xstream-project debian fedoraproject netapp oracle CWE-835	6.3