Lucene search

K
OracleCommunications Cloud Native Core Binding Support Function

75 matches found

CVE
CVE
added 2021/05/06 1:15 p.m.5032 views

CVE-2021-29921

In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This (in some situations) allows attackers to bypass access control that is based on IP addresses.

9.8CVSS9.3AI score0.02729EPSS
CVE
CVE
added 2022/04/01 11:15 p.m.2245 views

CVE-2022-22965

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is...

9.8CVSS8.7AI score0.9446EPSS
CVE
CVE
added 2022/03/03 10:15 p.m.2060 views

CVE-2022-22947

In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the re...

10CVSS9.7AI score0.94474EPSS
CVE
CVE
added 2021/05/20 1:15 p.m.1735 views

CVE-2021-3426

There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to acces...

5.7CVSS5.6AI score0.00113EPSS
CVE
CVE
added 2020/05/20 7:15 p.m.1333 views

CVE-2020-9484

When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the Persisten...

7CVSS7.5AI score0.93247EPSS
CVE
CVE
added 2022/03/04 7:15 p.m.952 views

CVE-2021-3737

A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability.

7.5CVSS7.6AI score0.00138EPSS
CVE
CVE
added 2022/03/23 8:15 p.m.819 views

CVE-2021-4197

An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 v...

7.8CVSS7.9AI score0.00012EPSS
CVE
CVE
added 2021/08/23 6:15 p.m.771 views

CVE-2021-39144

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who followed the recommendation to ...

8.5CVSS9AI score0.94412EPSS
CVE
CVE
added 2020/12/03 7:15 p.m.703 views

CVE-2020-17527

While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. While this wou...

7.5CVSS7.5AI score0.08457EPSS
CVE
CVE
added 2022/03/11 6:15 p.m.630 views

CVE-2022-0001

Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.

6.5CVSS6.7AI score0.00334EPSS
CVE
CVE
added 2021/12/08 10:15 p.m.622 views

CVE-2021-43527

NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS #7, or PKCS #12 are likely to be impacted. Applications using N...

9.8CVSS9.6AI score0.05243EPSS
CVE
CVE
added 2022/03/11 7:15 a.m.595 views

CVE-2020-36518

jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.

7.5CVSS7.4AI score0.0049EPSS
CVE
CVE
added 2022/02/24 3:15 p.m.552 views

CVE-2022-25636

net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 allows local users to gain privileges because of a heap out-of-bounds write. This is related to nf_tables_offload.

7.8CVSS7.4AI score0.00436EPSS
CVE
CVE
added 2023/04/18 8:15 p.m.552 views

CVE-2023-21971

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.32 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful...

5.3CVSS5.2AI score0.00122EPSS
CVE
CVE
added 2021/07/14 7:15 a.m.549 views

CVE-2021-36374

When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Commonly used derived formats from ZIP archives a...

5.5CVSS6.2AI score0.00172EPSS
CVE
CVE
added 2022/02/16 7:15 p.m.546 views

CVE-2021-3773

A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint information for further use in traditional network attacks.

9.8CVSS8.9AI score0.0048EPSS
CVE
CVE
added 2022/03/18 6:15 p.m.488 views

CVE-2022-1011

A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation.

7.8CVSS7.7AI score0.00193EPSS
CVE
CVE
added 2021/02/15 1:15 p.m.462 views

CVE-2021-23337

Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.

7.2CVSS7.2AI score0.00493EPSS
CVE
CVE
added 2021/09/29 8:15 p.m.446 views

CVE-2021-22947

When curl >= 7.20.0 and

5.9CVSS7AI score0.00087EPSS
CVE
CVE
added 2022/02/16 7:15 p.m.445 views

CVE-2021-3752

A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to con...

7.9CVSS7.2AI score0.00031EPSS
CVE
CVE
added 2022/01/18 5:15 p.m.441 views

CVE-2021-4083

A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. This flaw allows a local user to crash the system or escalate their privileges ...

7CVSS6.9AI score0.00016EPSS
CVE
CVE
added 2020/09/17 4:15 p.m.435 views

CVE-2020-0404

In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions...

5.5CVSS6.4AI score0.00264EPSS
CVE
CVE
added 2022/03/25 7:15 p.m.415 views

CVE-2022-0322

A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more buffer than is allocated triggers a BUG_ON issue, leading to a denial of service (DOS).

5.5CVSS6.2AI score0.00084EPSS
CVE
CVE
added 2022/02/26 5:15 a.m.414 views

CVE-2022-23308

valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.

7.5CVSS7.7AI score0.00044EPSS
CVE
CVE
added 2021/06/08 11:15 a.m.406 views

CVE-2021-33560

Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. This, for example, affects use of ElGamal in OpenPGP.

7.5CVSS7.5AI score0.0053EPSS
CVE
CVE
added 2021/10/19 3:15 p.m.405 views

CVE-2021-37136

The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack

7.5CVSS7.4AI score0.00229EPSS
CVE
CVE
added 2021/12/13 6:15 p.m.395 views

CVE-2021-43818

lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant co...

8.2CVSS7.6AI score0.03013EPSS
CVE
CVE
added 2022/03/11 6:15 p.m.394 views

CVE-2022-0002

Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.

6.5CVSS6.6AI score0.00695EPSS
CVE
CVE
added 2021/07/21 3:16 p.m.380 views

CVE-2021-37159

hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel through 5.13.4 calls unregister_netdev without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free.

6.4CVSS6.7AI score0.00033EPSS
CVE
CVE
added 2021/09/29 8:15 p.m.368 views

CVE-2021-22946

A user can tell curl >= 7.20.0 and

7.5CVSS7.6AI score0.00069EPSS
CVE
CVE
added 2021/06/11 4:15 p.m.366 views

CVE-2021-22898

curl 7.7 through 7.76.1 suffers from an information disclosure when the -t command line option, known as CURLOPT_TELNETOPTIONS in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uni...

3.1CVSS5.3AI score0.00113EPSS
CVE
CVE
added 2021/10/19 3:15 p.m.364 views

CVE-2021-37137

The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which may lead to excessive memory usage as well. This vulnerability can be triggered by supplyin...

7.5CVSS7.4AI score0.00715EPSS
CVE
CVE
added 2021/07/09 11:15 a.m.359 views

CVE-2021-3612

An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to crash the system or possibly escalate their privileges on the system. The highest threat from this...

7.8CVSS7.8AI score0.00088EPSS
CVE
CVE
added 2021/08/18 3:15 p.m.353 views

CVE-2021-21781

An information disclosure vulnerability exists in the ARM SIGPAGE functionality of Linux Kernel v5.4.66 and v5.4.54. The latest version (5.11-rc4) seems to still be vulnerable. A userland application can read the contents of the sigpage, which can leak kernel memory contents. An attacker can read a...

4CVSS4.7AI score0.00015EPSS
CVE
CVE
added 2022/02/25 3:15 p.m.349 views

CVE-2022-24329

In JetBrains Kotlin before 1.6.0, it was not possible to lock dependencies for Multiplatform Gradle Projects.

5.3CVSS5.4AI score0.00002EPSS
CVE
CVE
added 2021/12/25 2:15 a.m.328 views

CVE-2021-45485

In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses.

7.5CVSS7.2AI score0.00518EPSS
CVE
CVE
added 2021/08/23 6:15 p.m.324 views

CVE-2021-39139

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. A user is only affected if using the version out of the ...

8.8CVSS8.8AI score0.00673EPSS
CVE
CVE
added 2021/07/15 5:15 p.m.323 views

CVE-2021-34429

For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc5.

5.3CVSS5.4AI score0.93799EPSS
CVE
CVE
added 2020/11/20 4:15 a.m.319 views

CVE-2020-4788

IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296.

5.1CVSS5.7AI score0.00198EPSS
CVE
CVE
added 2021/10/20 7:15 a.m.316 views

CVE-2021-42739

The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandles bounds checking.

6.7CVSS7.1AI score0.0003EPSS
CVE
CVE
added 2021/11/17 5:15 p.m.313 views

CVE-2021-43976

In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic).

4.6CVSS6AI score0.00017EPSS
CVE
CVE
added 2021/08/23 7:15 p.m.310 views

CVE-2021-39152

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime version 14 to 8. No...

8.5CVSS8.6AI score0.67834EPSS
CVE
CVE
added 2022/03/25 7:15 p.m.309 views

CVE-2021-4203

A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information.

6.8CVSS6.8AI score0.00058EPSS
CVE
CVE
added 2021/08/23 6:15 p.m.306 views

CVE-2021-39151

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to ...

8.5CVSS8.8AI score0.00569EPSS
CVE
CVE
added 2021/11/04 7:15 p.m.300 views

CVE-2021-43389

An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c.

5.5CVSS6.2AI score0.00008EPSS
CVE
CVE
added 2021/12/09 7:15 p.m.298 views

CVE-2021-43797

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. Netty prior to version 4.1.71.Final skips control chars when they are present at the beginning / end of the header name. It should instead fail fast...

6.5CVSS7.8AI score0.00147EPSS
CVE
CVE
added 2021/08/23 6:15 p.m.294 views

CVE-2021-39141

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to ...

8.5CVSS8.8AI score0.81843EPSS
CVE
CVE
added 2021/08/23 7:15 p.m.293 views

CVE-2021-39140

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulat...

6.5CVSS7.3AI score0.00118EPSS
CVE
CVE
added 2021/08/23 7:15 p.m.293 views

CVE-2021-39150

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime version 14 to 8. No...

8.5CVSS8.6AI score0.01952EPSS
CVE
CVE
added 2021/11/03 12:15 a.m.291 views

CVE-2020-27820

A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could happen if removing device (that is not common to remove video card physically without power-off, but same happens if "unbind" the driver).

4.7CVSS6.1AI score0.00019EPSS
Total number of security vulnerabilities75