Vulnerabilities > Oracle > Communications Cloud Native Core Policy > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-17 | CVE-2020-0404 | Improper Privilege Management vulnerability in multiple products In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. | 5.5 |
| 2020-09-02 | CVE-2020-24553 | Cross-site Scripting vulnerability in multiple products Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header. | 6.1 |
| 2020-07-29 | CVE-2020-16135 | NULL Pointer Dereference vulnerability in multiple products libssh 0.9.4 has a NULL pointer dereference in tftpserver.c if ssh_buffer_new returns NULL. | 5.9 |
| 2020-06-27 | CVE-2020-15358 | Out-of-bounds Write vulnerability in multiple products In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation. | 5.5 |
| 2020-06-15 | CVE-2020-14155 | Integer Overflow or Wraparound vulnerability in multiple products libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring. | 5.3 |
| 2020-05-24 | CVE-2020-13434 | Integer Overflow or Wraparound vulnerability in multiple products SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c. | 5.5 |
| 2019-11-08 | CVE-2019-10219 | Cross-site Scripting vulnerability in multiple products A vulnerability was found in Hibernate-Validator. | 6.1 |
| 2019-05-06 | CVE-2019-3799 | Path Traversal vulnerability in multiple products Spring Cloud Config, versions 2.1.x prior to 2.1.2, versions 2.0.x prior to 2.0.4, and versions 1.4.x prior to 1.4.6, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. | 6.5 |