Vulnerabilities > Oracle > Communications Cloud Native Core Security Edge Protection Proxy

DATE CVE VULNERABILITY TITLE RISK
2021-10-19 CVE-2021-37136 Resource Exhaustion vulnerability in multiple products
The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression).
network
low complexity
netty quarkus oracle netapp debian CWE-400
7.5
2021-09-29 CVE-2021-22946 Cleartext Transmission of Sensitive Information vulnerability in multiple products
A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl).
7.5
2021-09-29 CVE-2021-22947 Insufficient Verification of Data Authenticity vulnerability in multiple products
When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches.
5.9
2021-08-24 CVE-2021-3711 Classic Buffer Overflow vulnerability in multiple products
In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt().
network
low complexity
openssl debian netapp oracle tenable CWE-120
critical
9.8
2021-08-24 CVE-2021-3712 Out-of-bounds Read vulnerability in multiple products
ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length.
7.4
2021-08-12 CVE-2021-38604 NULL Pointer Dereference vulnerability in multiple products
In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data, leading to a NULL pointer dereference.
network
low complexity
gnu fedoraproject oracle CWE-476
7.5
2021-07-15 CVE-2021-34429 For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints.
network
low complexity
eclipse netapp oracle
5.3
2021-06-06 CVE-2021-33880 Information Exposure Through Discrepancy vulnerability in multiple products
The aaugustin websockets library before 9.1 for Python has an Observable Timing Discrepancy on servers when HTTP Basic Authentication is enabled with basic_auth_protocol_factory(credentials=...).
network
high complexity
websockets-project oracle CWE-203
5.9
2021-06-02 CVE-2020-14340 A vulnerability was discovered in XNIO where file descriptor leak caused by growing amounts of NIO Selector file handles between garbage collection cycles.
network
high complexity
redhat oracle
5.9
2021-05-27 CVE-2021-22118 Exposure of Resource to Wrong Sphere vulnerability in multiple products
In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFlux application, or overwrite arbitrary files with multipart request data.
local
low complexity
vmware oracle netapp CWE-668
7.8