Latest oracle communications cloud native core automated test suite Vulnerabilities

CVE-2022-22963
VMware Tanzu Spring Cloud Function Remote Code Execution Vulnerability
VMware Tanzu Spring Cloud
Vmware Spring Cloud Function<=3.1.6
Vmware Spring Cloud Function>=3.2.0<=3.2.2
Oracle Banking Branch=14.5
Oracle Banking Cash Management=14.5
Oracle Banking Corporate Lending Process Management=14.5
and 42 more
CVE-2022-22965
Spring Framework JDK 9+ Remote Code Execution Vulnerability
VMware Spring Framework
VMware Spring Framework<5.2.20
VMware Spring Framework>=5.3.0<5.3.18
Cisco CX Cloud Agent<2.1.0
Oracle Communications Cloud Native Core Automated Test Suite=1.9.0
Oracle Communications Cloud Native Core Automated Test Suite=22.1.0
and 84 more
CVE-2021-43859
XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU ...
redhat/jenkins<0:2.319.3.1650348949-1.el7
redhat/xstream<1.4.19
Xstream Project Xstream<1.4.19
Fedoraproject Fedora=34
Fedoraproject Fedora=35
Debian Debian Linux=9.0
and 13 more
CVE-2022-20613
A cross-site request forgery (CSRF) vulnerability in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier allows attackers to use the DNS used by the Jenkins instance to resolve an attacker-specifie...
maven/org.jenkins-ci.plugins:mailer<1.34.2
maven/org.jenkins-ci.plugins:mailer>=391.ve4a38c1bcf4b<408.vd726a
Jenkins Mailer Jenkins<1.34.2
Jenkins Mailer=391.ve4a_38c1b_cf4b_
Oracle Communications Cloud Native Core Automated Test Suite=1.9.0
CVE-2022-20614
A missing permission check in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier allows attackers with Overall/Read access to use the DNS used by the Jenkins instance to resolve an attacker-specif...
maven/org.jenkins-ci.plugins:mailer<1.34.2
maven/org.jenkins-ci.plugins:mailer>=391.ve4a38c1bcf4b<408.vd726a
Jenkins Mailer Jenkins<1.34.2
Jenkins Mailer=391.ve4a_38c1b_cf4b_
Oracle Communications Cloud Native Core Automated Test Suite=1.9.0
CVE-2022-20612
A cross-site request forgery (CSRF) vulnerability in Jenkins 2.329 and earlier, LTS 2.319.1 and earlier allows attackers to trigger build of job without parameters when no security realm is set.
maven/org.jenkins-ci.main:jenkins-core>=2.320<2.330
maven/org.jenkins-ci.main:jenkins-core<2.319.2
Jenkins Jenkins<=2.319.1
Jenkins Jenkins<=2.329
Oracle Communications Cloud Native Core Automated Test Suite=1.9.0
CVE-2022-20615
Jenkins Matrix Project Plugin 1.19 and earlier does not escape HTML metacharacters in node and label names, and label descriptions, resulting in a stored cross-site scripting (XSS) vulnerability explo...
maven/org.jenkins-ci.plugins:matrix-project<1.18.1
maven/org.jenkins-ci.plugins:matrix-project=1.19
Jenkins Matrix Project Jenkins<=1.19
Oracle Communications Cloud Native Core Automated Test Suite=1.9.0
CVE-2021-39139
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only b...
redhat/xstream<0:1.3.1-16.el7_9
debian/libxstream-java
redhat/xstream<1.4.18
Xstream Project Xstream<1.4.18
Debian Debian Linux=9.0
Debian Debian Linux=10.0
and 33 more
CVE-2021-39145
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only b...
redhat/xstream<0:1.3.1-16.el7_9
debian/libxstream-java
redhat/xstream<1.4.18
Xstream Project Xstream<1.4.18
Debian Debian Linux=9.0
Debian Debian Linux=10.0
and 33 more
CVE-2021-39154
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only b...
redhat/xstream<0:1.3.1-16.el7_9
debian/libxstream-java
redhat/xstream<1.4.18
Xstream Project Xstream<1.4.18
Fedoraproject Fedora=33
Fedoraproject Fedora=34
and 33 more
CVE-2021-39146
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only b...
redhat/xstream<0:1.3.1-16.el7_9
debian/libxstream-java
redhat/xstream<1.4.18
Xstream Project Xstream<1.4.18
Fedoraproject Fedora=33
Fedoraproject Fedora=34
and 33 more
CVE-2021-39148
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only b...
redhat/xstream<0:1.3.1-16.el7_9
debian/libxstream-java
redhat/xstream<1.4.18
Xstream Project Xstream<1.4.18
Fedoraproject Fedora=33
Fedoraproject Fedora=34
and 33 more
CVE-2021-39144
XStream Remote Code Execution Vulnerability
redhat/xstream<0:1.3.1-16.el7_9
debian/libxstream-java
XStream XStream
redhat/xstream<1.4.18
Xstream Project Xstream<1.4.18
Debian Debian Linux=9.0
and 34 more
CVE-2021-39151
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only b...
redhat/xstream<0:1.3.1-16.el7_9
debian/libxstream-java
redhat/xstream<1.4.18
Xstream Project Xstream<1.4.18
Fedoraproject Fedora=33
Fedoraproject Fedora=34
and 33 more
CVE-2021-39152
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicl...
redhat/xstream<0:1.3.1-16.el7_9
debian/libxstream-java
redhat/xstream<1.4.18
Xstream Project Xstream<1.4.18
Fedoraproject Fedora=33
Fedoraproject Fedora=34
and 33 more
CVE-2021-39140
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to allocate 100% CPU time on the target system depending on ...
redhat/xstream<0:1.3.1-16.el7_9
debian/libxstream-java
redhat/xstream<1.4.18
Xstream Project Xstream<1.4.18
Debian Debian Linux=9.0
Debian Debian Linux=10.0
and 33 more
CVE-2021-39150
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicl...
redhat/xstream<0:1.3.1-16.el7_9
debian/libxstream-java
redhat/xstream<1.4.18
Xstream Project Xstream<1.4.18
Fedoraproject Fedora=33
Fedoraproject Fedora=34
and 33 more
CVE-2021-39141
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only b...
redhat/xstream<0:1.3.1-16.el7_9
debian/libxstream-java
redhat/xstream<1.4.18
Xstream Project Xstream<1.4.18
Debian Debian Linux=9.0
Debian Debian Linux=10.0
and 33 more
CVE-2021-39153
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only b...
redhat/xstream<0:1.3.1-16.el7_9
debian/libxstream-java
redhat/xstream<1.4.18
Xstream Project Xstream<1.4.18
Fedoraproject Fedora=33
Fedoraproject Fedora=34
and 27 more
CVE-2021-39147
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only b...
redhat/xstream<0:1.3.1-16.el7_9
debian/libxstream-java
redhat/xstream<1.4.18
Xstream Project Xstream<1.4.18
Fedoraproject Fedora=33
Fedoraproject Fedora=34
and 33 more
CVE-2021-39149
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only b...
redhat/xstream<0:1.3.1-16.el7_9
debian/libxstream-java
redhat/xstream<1.4.18
Xstream Project Xstream<1.4.18
Fedoraproject Fedora=33
Fedoraproject Fedora=34
and 33 more
CVE-2021-22144
In Elasticsearch versions before 7.13.3 and 6.8.17 an uncontrolled recursion vulnerability that could lead to a denial of service attack was identified in the Elasticsearch Grok parser. A user with th...
Elastic Elasticsearch<6.8.17
Elastic Elasticsearch>=7.0.0<7.13.3
Oracle Communications Cloud Native Core Automated Test Suite=1.8.0
CVE-2021-22145
A memory disclosure vulnerability was identified in Elasticsearch 7.10.0 to 7.13.3 error reporting. A user with the ability to submit arbitrary queries to Elasticsearch could submit a malformed query ...
Elastic Elasticsearch>=7.10.0<=7.13.3
Oracle Communications Cloud Native Core Automated Test Suite=1.8.0
CVE-2021-36374
Apache Ant is vulnerable to a denial of service, caused by an out-of-memory error when large amounts of memory are allocated. By persuading a victim to open a specially-crafted ZIP archive, a remote a...
maven/org.apache.ant:ant>=1.9.0<1.9.16
maven/org.apache.ant:ant>=1.10.0<1.10.11
Apache Ant>=1.9.0<1.9.16
Apache Ant>=1.10.0<1.10.11
Oracle Agile Engineering Data Management=6.2.1.0
Oracle Agile PLM=9.3.6
and 75 more
CVE-2021-36373
Apache Ant is vulnerable to a denial of service, caused by an out-of-memory error when large amounts of memory are allocated. By persuading a victim to open a specially-crafted TAR archive, a remote a...
redhat/Apache Ant<1.9.16
redhat/Ant<1.10.11
Apache Ant>=1.9.0<1.9.16
Apache Ant>=1.10.0<1.10.11
Oracle Agile PLM=9.3.6
Oracle Banking Trade Finance=14.5
and 69 more
CVE-2021-35516
A flaw was found in apache-commons-compress. When reading a specially crafted 7Z archive, Compress can allocate large amounts of memory that leads to an out-of-memory error for very small inputs. This...
redhat/apache-commons-compress<0:1.21-1.2.el8e
redhat/apache-commons-compress<1.21
Apache Commons Compress>=1.6<=1.20
Netapp Active Iq Unified Manager Linux
Netapp Active Iq Unified Manager Vmware Vsphere
Netapp Active Iq Unified Manager Windows
and 43 more
CVE-2021-36090
A flaw was found in apache-commons-compress. When reading a specially crafted ZIP archive, Compress can allocate large amounts of memory that leads to an out-of-memory error for small inputs. This fla...
redhat/apache-commons-compress<0:1.21-1.2.el8e
IBM Cloud Pak System<=V2.3.0 - V2.3.3.3 Interim Fix 1
redhat/apache-commons-compress<1.21
Apache Commons Compress>=1.0<1.21
Oracle Banking Apis>=18.1<=18.3
Oracle Banking Apis=19.1
and 69 more
CVE-2021-35515
A flaw was found in apache-commons-compress. When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This flaw allo...
redhat/apache-commons-compress<0:1.21-1.2.el8e
redhat/apache-commons-compress<1.21
Apache Commons Compress>=1.6<=1.20
Netapp Active Iq Unified Manager Linux
Netapp Active Iq Unified Manager Vmware Vsphere
Netapp Active Iq Unified Manager Windows
and 43 more
CVE-2021-29921
A flaw was found in python-ipaddress. Improper input validation of octal strings in stdlib ipaddress allows unauthenticated remote attackers to perform indeterminate SSRF, RFI, and LFI attacks on many...
redhat/rh-python38-babel<0:2.7.0-12.el7
redhat/rh-python38-python<0:3.8.11-2.el7
redhat/rh-python38-python-cryptography<0:2.8-5.el7
redhat/rh-python38-python-jinja2<0:2.10.3-6.el7
redhat/rh-python38-python-lxml<0:4.4.1-7.el7
redhat/rh-python38-python-pip<0:19.3.1-2.el7
and 10 more
CVE-2021-22134
A document disclosure flaw was found in Elasticsearch versions after 7.6.0 and before 7.11.0 when Document or Field Level Security is used. Get requests do not properly apply security permissions when...
Elastic Elasticsearch>=7.6.0<=7.11.0
Oracle Communications Cloud Native Core Automated Test Suite=1.8.0
CVE-2021-22132
Elasticsearch versions 7.7.0 to 7.10.1 contain an information disclosure flaw in the async search API. Users who execute an async search will improperly store the HTTP headers. An Elasticsearch user w...
redhat/elasticsearch<7.10.2
Elastic Elasticsearch>=7.7.0<7.10.2
Oracle Communications Cloud Native Core Automated Test Suite=1.8.0
CVE-2019-10383
A stored cross-site scripting vulnerability in Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed attackers with Overall/Administer permission to configure the update site URL to inject arbitr...
maven/org.jenkins-ci.main:jenkins-core>=2.177<=2.191
maven/org.jenkins-ci.main:jenkins-core<=2.176.2
Jenkins Jenkins<=2.176.2
Jenkins Jenkins<=2.191
Oracle Communications Cloud Native Core Automated Test Suite=1.9.0
Redhat Openshift Container Platform=3.11
and 1 more
CVE-2019-10384
Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed users to obtain CSRF tokens without an associated web session ID, resulting in CSRF tokens that did not expire and could be used to bypass CS...
maven/org.jenkins-ci.main:jenkins-core>=2.177<=2.191
maven/org.jenkins-ci.main:jenkins-core<=2.176.2
Jenkins Jenkins<=2.176.2
Jenkins Jenkins<=2.191
Oracle Communications Cloud Native Core Automated Test Suite=1.9.0
Redhat Openshift Container Platform=3.11
and 1 more
CVE-2019-10219
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This...
redhat/eap7-apache-cxf<0:3.2.11-1.redhat_00001.1.el6ea
redhat/eap7-glassfish-jsf<0:2.3.5-6.SP3_redhat_00004.1.el6ea
redhat/eap7-hal-console<0:3.0.19-1.Final_redhat_00001.1.el6ea
redhat/eap7-hibernate<0:5.3.14-1.Final_redhat_00001.1.el6ea
redhat/eap7-hibernate-validator<0:6.0.18-1.Final_redhat_00001.1.el6ea
redhat/eap7-jackson-annotations<0:2.9.10-1.redhat_00003.1.el6ea
and 779 more
CVE-2019-1003050
The f:validateButton form control for the Jenkins UI did not properly escape job URLs in Jenkins 2.171 and earlier and Jenkins LTS 2.164.1 and earlier, resulting in a cross-site scripting (XSS) vulner...
maven/org.jenkins-ci.main:jenkins-core>=2.165<=2.171
maven/org.jenkins-ci.main:jenkins-core<=2.164.1
Jenkins Jenkins<=2.164.1
Jenkins Jenkins<=2.171
Oracle Communications Cloud Native Core Automated Test Suite=1.9.0
Redhat Openshift Container Platform=3.11
CVE-2019-1003049
Users who cached their CLI authentication before Jenkins was updated to 2.150.2 and newer, or 2.160 and newer, would remain authenticated in Jenkins 2.171 and earlier and Jenkins LTS 2.164.1 and earli...
Jenkins Jenkins<=2.164.1
Jenkins Jenkins<=2.171
Redhat Openshift Container Platform=3.11
Oracle Communications Cloud Native Core Automated Test Suite=1.9.0
CVE-2018-1999004
A Improper authorization vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in SlaveComputer.java that allows attackers with Overall/Read permission to initiate agent launches, and...
maven/org.jenkins-ci.main:jenkins-core>=2.122<2.132
maven/org.jenkins-ci.main:jenkins-core<2.121.2
Jenkins Jenkins<=2.121.1
Jenkins Jenkins>=2.122<=2.132
Oracle Communications Cloud Native Core Automated Test Suite=1.9.0
CVE-2018-1999007
A cross-site scripting vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers with the ability to ...
maven/org.kohsuke.stapler:stapler-parent<1.250.1
maven/org.jenkins-ci.main:jenkins-core>=2.122<2.132
maven/org.jenkins-ci.main:jenkins-core<2.121.2
Jenkins Jenkins<=2.121.1
Jenkins Jenkins>=2.122<=2.132
Oracle Communications Cloud Native Core Automated Test Suite=1.9.0
CVE-2018-1999002
A arbitrary file read vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers to send crafted HTTP ...
maven/org.jenkins-ci.main:jenkins-core>=2.122<2.132
maven/org.jenkins-ci.main:jenkins-core<2.121.2
Jenkins Jenkins<=2.121.1
Jenkins Jenkins>=2.122<=2.132
Oracle Communications Cloud Native Core Automated Test Suite=1.9.0
CVE-2018-1999005
A cross-site scripting vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in BuildTimelineWidget.java, BuildTimelineWidget/control.jelly that allows attackers with Job/Configure pe...
maven/org.jenkins-ci.main:jenkins-core>=2.122<2.132
maven/org.jenkins-ci.main:jenkins-core<2.121.2
Jenkins Jenkins<=2.121.1
Jenkins Jenkins>=2.122<=2.132
Oracle Communications Cloud Native Core Automated Test Suite=1.9.0
CVE-2018-1999001
A unauthorized modification of configuration vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in User.java that allows attackers to provide crafted login credentials that cause J...
maven/org.jenkins-ci.main:jenkins-core>=2.122<2.132
maven/org.jenkins-ci.main:jenkins-core<2.121.2
Jenkins Jenkins<=2.121.1
Jenkins Jenkins>=2.122<=2.132
Oracle Communications Cloud Native Core Automated Test Suite=1.9.0
CVE-2018-1999003
A Improper authorization vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in Queue.java that allows attackers with Overall/Read permission to cancel queued builds.
maven/org.jenkins-ci.main:jenkins-core>=2.122<=2.132
maven/org.jenkins-ci.main:jenkins-core<2.121.2
Jenkins Jenkins<=2.121.1
Jenkins Jenkins>=2.122<=2.132
Oracle Communications Cloud Native Core Automated Test Suite=1.9.0
CVE-2018-1000193
A improper neutralization of control sequences vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in HudsonPrivateSecurityRealm.java that allows users to sign up using user names c...
Jenkins Jenkins<=2.120
Jenkins Jenkins<=2.107.2
Oracle Communications Cloud Native Core Automated Test Suite=1.9.0
CVE-2018-1000194
A path traversal vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in FilePath.java, SoloFilePathFilter.java that allows malicious agents to read and write arbitrary files on the ...
Jenkins Jenkins<=2.120
Jenkins Jenkins<=2.107.2
Oracle Communications Cloud Native Core Automated Test Suite=1.9.0
CVE-2018-1000195
A server-side request forgery vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in ZipExtractionInstaller.java that allows users with Overall/Read permission to have Jenkins submi...
Jenkins Jenkins<=2.120
Jenkins Jenkins<=2.107.2
Oracle Communications Cloud Native Core Automated Test Suite=1.9.0
CVE-2018-1000192
A information exposure vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in AboutJenkins.java, ListPluginsCommand.java that allows users with Overall/Read access to enumerate all ...
Jenkins Jenkins<=2.120
Jenkins Jenkins<=2.107.2
Oracle Communications Cloud Native Core Automated Test Suite=1.9.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203