Vulnerabilities > Oracle > Communications Cloud Native Core Policy > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-04-01 CVE-2022-22965 Code Injection vulnerability in multiple products
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding.
network
low complexity
vmware cisco oracle siemens veritas CWE-94
critical
9.8
2022-04-01 CVE-2022-22963 Expression Language Injection vulnerability in multiple products
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.
network
low complexity
vmware oracle CWE-917
critical
9.8
2022-02-16 CVE-2021-3773 A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint information for further use in traditional network attacks.
network
low complexity
linux fedoraproject redhat oracle
critical
9.8
2022-01-10 CVE-2021-42392 Deserialization of Untrusted Data vulnerability in multiple products
The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database.
network
low complexity
h2database debian oracle CWE-502
critical
9.8
2021-09-12 CVE-2021-23440 Type Confusion vulnerability in multiple products
This affects the package set-value before <2.0.1, >=3.0.0 <4.0.1.
network
low complexity
set-value-project oracle CWE-843
critical
9.8
2021-08-16 CVE-2021-32827 Cross-site Scripting vulnerability in multiple products
MockServer is open source software which enables easy mocking of any system you integrate with via HTTP or HTTPS.
network
low complexity
mock-server oracle CWE-79
critical
9.6
2021-06-02 CVE-2021-3520 There's a flaw in lz4.
network
low complexity
lz4-project netapp oracle splunk
critical
9.8