Vulnerabilities > Oracle > Communications Cloud Native Core Policy

DATE CVE VULNERABILITY TITLE RISK
2021-08-18 CVE-2021-21781 Use of Uninitialized Resource vulnerability in multiple products
An information disclosure vulnerability exists in the ARM SIGPAGE functionality of Linux Kernel v5.4.66 and v5.4.54.
local
low complexity
linux oracle CWE-908
3.3
2021-08-16 CVE-2021-32827 Cross-site Scripting vulnerability in multiple products
MockServer is open source software which enables easy mocking of any system you integrate with via HTTP or HTTPS.
network
low complexity
mock-server oracle CWE-79
critical
9.6
2021-07-21 CVE-2021-37159 Use After Free vulnerability in multiple products
hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel through 5.13.4 calls unregister_netdev without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free.
high complexity
linux debian oracle CWE-416
6.4
2021-07-12 CVE-2021-30640 Improper Encoding or Escaping of Output vulnerability in multiple products
A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm.
network
high complexity
apache oracle debian CWE-116
6.5
2021-07-12 CVE-2021-33037 HTTP Request Smuggling vulnerability in multiple products
Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy.
network
low complexity
apache debian oracle mcafee CWE-444
5.3
2021-07-09 CVE-2021-3612 Out-of-bounds Write vulnerability in multiple products
An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP.
7.8
2021-06-29 CVE-2021-22119 Incorrect Authorization vulnerability in multiple products
Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5.3.x prior to 5.3.10 and 5.2.x prior to 5.2.11 are susceptible to a Denial-of-Service (DoS) attack via the initiation of the Authorization Request in an OAuth 2.0 Client Web and WebFlux application.
network
low complexity
vmware oracle CWE-863
7.5
2021-06-09 CVE-2021-28169 For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory.
network
low complexity
eclipse debian oracle netapp
5.3
2021-06-06 CVE-2021-33880 Information Exposure Through Discrepancy vulnerability in multiple products
The aaugustin websockets library before 9.1 for Python has an Observable Timing Discrepancy on servers when HTTP Basic Authentication is enabled with basic_auth_protocol_factory(credentials=...).
network
high complexity
websockets-project oracle CWE-203
5.9
2021-06-03 CVE-2020-28469 Resource Exhaustion vulnerability in multiple products
This affects the package glob-parent before 5.1.2.
network
low complexity
gulpjs oracle CWE-400
7.5