Vulnerabilities > Oracle > Communications Cloud Native Core Service Communication Proxy
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-26 | CVE-2020-27618 | Infinite Loop vulnerability in multiple products The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications, resulting in a denial of service, a different vulnerability from CVE-2016-10228. | 5.5 |
| 2021-02-03 | CVE-2020-29582 | Incorrect Default Permissions vulnerability in multiple products In JetBrains Kotlin before 1.4.21, a vulnerable Java API was used for temporary file and folder creation. | 5.3 |
| 2021-01-21 | CVE-2020-8554 | Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. | 5.0 |
| 2020-12-02 | CVE-2020-13956 | Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution. | 5.3 |
| 2020-04-07 | CVE-2020-11612 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. | 7.5 |
| 2019-11-08 | CVE-2019-10219 | Cross-site Scripting vulnerability in multiple products A vulnerability was found in Hibernate-Validator. | 6.1 |