Vulnerabilities > Oracle > Communications Cloud Native Core Policy > High

DATE CVE VULNERABILITY TITLE RISK
2021-08-23 CVE-2021-39148 XStream is a simple library to serialize objects to XML and back again. 8.5
2021-08-23 CVE-2021-39149 XStream is a simple library to serialize objects to XML and back again. 8.5
2021-08-23 CVE-2021-39151 XStream is a simple library to serialize objects to XML and back again. 8.5
2021-08-23 CVE-2021-39153 XStream is a simple library to serialize objects to XML and back again. 8.5
2021-08-23 CVE-2021-39154 XStream is a simple library to serialize objects to XML and back again. 8.5
2021-07-09 CVE-2021-3612 Out-of-bounds Write vulnerability in multiple products
An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP.
7.8
2021-06-29 CVE-2021-22119 Incorrect Authorization vulnerability in multiple products
Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5.3.x prior to 5.3.10 and 5.2.x prior to 5.2.11 are susceptible to a Denial-of-Service (DoS) attack via the initiation of the Authorization Request in an OAuth 2.0 Client Web and WebFlux application.
network
low complexity
vmware oracle CWE-863
7.5
2021-06-03 CVE-2020-28469 Resource Exhaustion vulnerability in multiple products
This affects the package glob-parent before 5.1.2.
network
low complexity
gulpjs oracle CWE-400
7.5
2021-05-27 CVE-2021-22118 Exposure of Resource to Wrong Sphere vulnerability in multiple products
In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFlux application, or overwrite arbitrary files with multipart request data.
local
low complexity
vmware oracle netapp CWE-668
7.8
2021-04-01 CVE-2021-28165 Improper Handling of Exceptional Conditions vulnerability in multiple products
In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame.
network
low complexity
eclipse oracle jenkins netapp CWE-755
7.5