Communications Cloud Native Core Network Exposure Function

communications_cloud_native_core_network_exposure_function

Vendor: Oracle • 31 CVEs

CVEs (31)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-22965 5Cisco OracleSiemens+2 more 38Access Appliance Commerce PlatformCommunications Cloud Native Core Automated Test Suite+35 more Oct 30, 2025 Apr 1, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the a...Show more A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.Show less
CVE-2022-22963 2Oracle Vmware 28Banking Branch Banking Cash ManagementBanking Corporate Lending Process Management+25 more Oct 30, 2025 Apr 1, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in rem...Show more In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.Show less
CVE-2022-1154 4Debian FedoraprojectOracle+1 more 4Communications Cloud Native Core Network Exposure Function Debian LinuxFedora+1 more Nov 21, 2024 Mar 30, 2022 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8.2.4646.
CVE-2022-0322 3Fedoraproject LinuxOracle 5Communications Cloud Native Core Binding Support Function Communications Cloud Native Core Network Exposure FunctionCommunications Cloud Native Core Policy+2 more Nov 21, 2024 Mar 25, 2022 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more buffer than is...Show more A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more buffer than is allocated triggers a BUG_ON issue, leading to a denial of service (DOS).Show less
CVE-2021-4203 3Linux NetappOracle 16A700s Firmware Active Iq Unified ManagerBootstrap Os+13 more Nov 21, 2024 Mar 25, 2022 N/A· v4 6.8 MEDIUM· v3 4.9 MEDIUM· v2 A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges m...Show more A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information.Show less
CVE-2022-0002 2Intel Oracle 504Atom C3308 Atom C3336Atom C3338+501 more May 5, 2025 Mar 11, 2022 N/A· v4 6.5 MEDIUM· v3 2.1 LOW· v2 Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.
CVE-2022-0001 2Intel Oracle 458Atom P5921b Atom P5931bAtom P5942b+455 more May 5, 2025 Mar 11, 2022 N/A· v4 6.5 MEDIUM· v3 2.1 LOW· v2 Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.
CVE-2021-3737 6Canonical FedoraprojectNetapp+3 more 17Codeready Linux Builder Codeready Linux Builder For Ibm Z SystemsCodeready Linux Builder For Power Little Endian+14 more Dec 17, 2025 Mar 4, 2022 N/A· v4 7.5 HIGH· v3 7.1 HIGH· v2 A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU...Show more A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability.Show less
CVE-2021-3744 5Debian FedoraprojectLinux+2 more 23Build Of Quarkus Codeready Linux BuilderCodeready Linux Builder Eus+20 more Nov 21, 2024 Mar 4, 2022 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption). This vulnerability is simi...Show more A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption). This vulnerability is similar with the older CVE-2019-18808.Show less
CVE-2021-3743 4Fedoraproject LinuxNetapp+1 more 13Communications Cloud Native Core Binding Support Function Communications Cloud Native Core Network Exposure FunctionCommunications Cloud Native Core Policy+10 more Nov 21, 2024 Mar 4, 2022 N/A· v4 7.1 HIGH· v3 3.6 LOW· v2 An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel. A missing sanity check allows a local attacker to gain access to out-of-bounds memory, leading to a system crash...Show more An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel. A missing sanity check allows a local attacker to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability.Show less
CVE-2022-22947 2Oracle Vmware 10Commerce Guided Search Communications Cloud Native Core Binding Support FunctionCommunications Cloud Native Core Console+7 more Oct 30, 2025 Mar 3, 2022 N/A· v4 10.0 CRITICAL· v3 6.8 MEDIUM· v2 In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a ma...Show more In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host.Show less
CVE-2021-4002 4Debian FedoraprojectLinux+1 more 6Communications Cloud Native Core Binding Support Function Communications Cloud Native Core Network Exposure FunctionCommunications Cloud Native Core Policy+3 more Nov 21, 2024 Mar 3, 2022 N/A· v4 4.4 MEDIUM· v3 3.6 LOW· v2 A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the memory pages...Show more A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the memory pages. A local user could use this flaw to get unauthorized access to some data.Show less
CVE-2021-3772 5Debian LinuxNetapp+2 more 18Communications Cloud Native Core Binding Support Function Communications Cloud Native Core Network Exposure FunctionCommunications Cloud Native Core Policy+15 more Nov 21, 2024 Mar 2, 2022 N/A· v4 6.5 MEDIUM· v3 5.8 MEDIUM· v2 A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can s...Show more A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses.Show less
CVE-2022-25636 4Debian LinuxNetapp+1 more 13Communications Cloud Native Core Binding Support Function Communications Cloud Native Core Network Exposure FunctionCommunications Cloud Native Core Policy+10 more Nov 21, 2024 Feb 24, 2022 N/A· v4 7.8 HIGH· v3 6.9 MEDIUM· v2 net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 allows local users to gain privileges because of a heap out-of-bounds write. This is related to nf_tables_offload.
CVE-2021-20322 5Debian FedoraprojectLinux+2 more 21Active Iq Unified Manager Aff A700s FirmwareAff Baseboard Management Controller Firmware+18 more Nov 21, 2024 Feb 18, 2022 N/A· v4 7.4 HIGH· v3 5.8 MEDIUM· v2 A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remo...Show more A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well.Show less
CVE-2021-3773 4Fedoraproject LinuxOracle+1 more 6Communications Cloud Native Core Binding Support Function Communications Cloud Native Core Network Exposure FunctionCommunications Cloud Native Core Policy+3 more Mar 28, 2025 Feb 16, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint information for further use in traditional network attacks.
CVE-2021-3752 6Debian FedoraprojectLinux+3 more 193scale Communications Cloud Native Core Binding Support FunctionCommunications Cloud Native Core Network Exposure Function+16 more Nov 21, 2024 Feb 16, 2022 N/A· v4 7.1 HIGH· v3 7.9 HIGH· v2 A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or...Show more A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.Show less
CVE-2022-0286 2Linux Oracle 4Communications Cloud Native Core Binding Support Function Communications Cloud Native Core Network Exposure FunctionCommunications Cloud Native Core Policy+1 more Nov 21, 2024 Jan 31, 2022 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 A flaw was found in the Linux kernel. A null pointer dereference in bond_ipsec_add_sa() may lead to local denial of service.
CVE-2021-4083 4Debian LinuxNetapp+1 more 15Communications Cloud Native Core Binding Support Function Communications Cloud Native Core Network Exposure FunctionCommunications Cloud Native Core Policy+12 more Nov 21, 2024 Jan 18, 2022 N/A· v4 7.0 HIGH· v3 6.9 MEDIUM· v2 A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition....Show more A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. This flaw allows a local user to crash the system or escalate their privileges on the system. This flaw affects Linux kernel versions prior to 5.16-rc4.Show less
CVE-2021-45486 2Linux Oracle 4Communications Cloud Native Core Binding Support Function Communications Cloud Native Core Network Exposure FunctionCommunications Cloud Native Core Policy+1 more Nov 21, 2024 Dec 25, 2021 N/A· v4 3.5 LOW· v3 2.7 LOW· v2 In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak because the hash table is very small.

12 Next