Vulnerabilities > Oracle > Communications Cloud Native Core Unified Data Repository > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-12-18 | CVE-2021-45105 | Uncontrolled Recursion vulnerability in multiple products Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. | 5.9 |
2021-12-09 | CVE-2021-43797 | Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. | 6.5 |
2021-07-15 | CVE-2021-34429 | For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. | 5.3 |
2021-06-06 | CVE-2021-33880 | Information Exposure Through Discrepancy vulnerability in multiple products The aaugustin websockets library before 9.1 for Python has an Observable Timing Discrepancy on servers when HTTP Basic Authentication is enabled with basic_auth_protocol_factory(credentials=...). | 5.9 |
2021-06-02 | CVE-2020-14340 | A vulnerability was discovered in XNIO where file descriptor leak caused by growing amounts of NIO Selector file handles between garbage collection cycles. | 5.9 |
2021-04-22 | CVE-2021-28168 | Exposure of Resource to Wrong Sphere vulnerability in multiple products Eclipse Jersey 2.28 to 2.33 and Eclipse Jersey 3.0.0 to 3.0.1 contains a local information disclosure vulnerability. | 5.5 |
2021-04-13 | CVE-2021-29425 | Path Traversal vulnerability in multiple products In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value. | 4.8 |
2019-11-08 | CVE-2019-10219 | A vulnerability was found in Hibernate-Validator. | 6.1 |