Latest oracle communications cloud native core binding support function Vulnerabilities

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.32 and prior. Difficult to exploit vulnerability allows high privi...
Oracle Communications Cloud Native Core Binding Support Function=22.4.0
Oracle Communications Cloud Native Core Binding Support Function=23.1.0
Oracle Communications Cloud Native Core Policy=22.4.0
Oracle Communications Cloud Native Core Policy=23.1.0
Oracle Mysql Connectors>=8.0.0<=8.0.32
Netapp Active Iq Unified Manager Linux
and 4 more
Vulnerability in the Oracle Communications BRM - Elastic Charging Engine product of Oracle Communications Applications (component: Customer, Config, Pricing Manager). Supported versions that are affe...
Oracle Communications Billing And Revenue Management Elastic Charging Engine>=12.0.0.3.0<=12.0.0.7.0
Oracle Communications Cloud Native Core Binding Support Function=22.3.0
Oracle Communications Cloud Native Core Policy=22.3.0
Spring Framework JDK 9+ Remote Code Execution Vulnerability
VMware Spring Framework
VMware Spring Framework<5.2.20
VMware Spring Framework>=5.3.0<5.3.18
Cisco CX Cloud Agent<2.1.0
Oracle Communications Cloud Native Core Automated Test Suite=1.9.0
Oracle Communications Cloud Native Core Automated Test Suite=22.1.0
and 84 more
Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.
redhat/kernel-rt<0:4.18.0-372.9.1.rt7.166.el8
redhat/kernel<0:4.18.0-372.9.1.el8
Intel Atom C3308
Intel Atom C3336
Intel Atom C3338
Intel Atom C3338r
and 623 more
Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.
redhat/kernel-rt<0:4.18.0-372.9.1.rt7.166.el8
redhat/kernel<0:4.18.0-372.9.1.el8
Intel Atom P5921b
Intel Atom P5931b
Intel Atom P5942b
Intel Atom P5962b
and 578 more
A flaw in the Linux Kernel found. If unprivileged users can mount FUSE filesystems, then can trigger use after free (UAF) that reads of write() buffers, allowing theft of (partial) /etc/shadow hashes ...
redhat/kernel-rt<0:4.18.0-372.9.1.rt7.166.el8
redhat/kernel<0:4.18.0-372.9.1.el8
Linux Linux kernel<5.17
Linux Linux kernel=5.17
Linux Linux kernel=5.17-rc1
Linux Linux kernel=5.17-rc2
and 181 more
In spring cloud gateway versions prior to 3.1.1+ , applications that are configured to enable HTTP2 and no key store or trusted certificates are set will be configured to use an insecure TrustManager....
VMware Spring Cloud Gateway=3.1.0
Oracle Commerce Guided Search=11.3.2
Oracle Communications Cloud Native Core Binding Support Function=22.1.3
Oracle Communications Cloud Native Core Console=22.2.0
Oracle Communications Cloud Native Core Network Repository Function=22.1.2
Oracle Communications Cloud Native Core Network Repository Function=22.2.0
and 1 more
VMware Spring Cloud Gateway Code Injection Vulnerability
maven/org.springframework.cloud:spring-cloud-gateway>=3.1.0<3.1.1
maven/org.springframework.cloud:spring-cloud-gateway<3.0.7
VMware Spring Cloud Gateway
VMware Spring Cloud Gateway<3.0.7
VMware Spring Cloud Gateway=3.1.0
Oracle Commerce Guided Search=11.3.2
and 13 more
In JetBrains Kotlin before 1.6.0, it was not possible to lock dependencies for Multiplatform Gradle Projects.
JetBrains Kotlin<1.6.0
Oracle Communications Cloud Native Core Binding Support Function=22.1.3
Oracle Communications Pricing Design Center=12.0.0.4
Oracle Communications Pricing Design Center=12.0.0.5
An out-of-bounds (OOB) memory access flaw was found in nft_fwd_dup_netdev_offload in net/netfilter/nf_dup_netdev.c in netfilter subcomponent in the Linux kernel due to a heap out of bounds write probl...
redhat/kernel-rt<0:4.18.0-348.23.1.rt7.153.el8_5
redhat/kernel<0:4.18.0-348.23.1.el8_5
redhat/kernel-rt<0:4.18.0-305.45.1.rt7.117.el8_4
redhat/kernel<0:4.18.0-305.45.1.el8_4
Linux Linux kernel>=5.4<5.4.182
Linux Linux kernel>=5.5<5.10.103
and 128 more
A flaw was found in libxml2. A call to the xmlGetID function can return a pointer already freed when parsing an XML document with the XML_PARSE_DTDVALID option and without the XML_PARSE_NOENT option, ...
redhat/jbcs-httpd24-apr-util<0:1.6.1-91.el8
redhat/jbcs-httpd24-curl<0:7.78.0-3.el8
redhat/jbcs-httpd24-httpd<0:2.4.37-80.el8
redhat/jbcs-httpd24-nghttp2<0:1.39.2-41.el8
redhat/jbcs-httpd24-openssl<1:1.1.1g-11.el8
redhat/jbcs-httpd24-openssl-chil<0:1.0.0-11.el8
and 75 more
The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may ...
GNU glibc<=2.34
Oracle Communications Cloud Native Core Binding Support Function=22.1.3
Oracle Communications Cloud Native Core Network Function Cloud Native Environment=22.1.0
Oracle Communications Cloud Native Core Network Repository Function=22.1.2
Oracle Communications Cloud Native Core Network Repository Function=22.2.0
Oracle Communications Cloud Native Core Security Edge Protection Proxy=22.1.1
and 5 more
lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content ...
redhat/python-lxml<4.6.5
redhat/python-lxml<0:4.2.3-4.el8
redhat/python-lxml<0:4.7.1-1.el8
redhat/rh-python38-python-lxml<0:4.4.1-8.el7
debian/lxml
Lxml Lxml<4.6.5
and 15 more
### Impact Netty currently just skips control chars when these are present at the beginning / end of the header name. We should better fail fast as these are not allowed by the spec and could lead to...
redhat/eap7-netty<0:4.1.72-4.Final_redhat_00001.1.el8ea
redhat/eap7-netty<0:4.1.72-4.Final_redhat_00001.1.el7ea
redhat/candlepin<0:4.1.13-1.el7
redhat/candlepin<0:4.1.13-1.el8
redhat/rh-sso7-keycloak<0:15.0.8-1.redhat_00001.1.el7
redhat/rh-sso7-keycloak<0:15.0.8-1.redhat_00001.1.el8
and 60 more
A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigge...
Linux Linux kernel<4.4.294
Linux Linux kernel>=4.5<4.9.292
Linux Linux kernel>=4.10<4.14.257
Linux Linux kernel>=4.15<4.19.220
Linux Linux kernel>=4.20<5.4.164
Linux Linux kernel>=5.5.0<5.10.84
and 206 more
A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some...
redhat/kernel-rt<0:4.18.0-372.9.1.rt7.166.el8
redhat/kernel<0:4.18.0-372.9.1.el8
Linux Linux kernel<5.16
Linux Linux kernel=5.16
Linux Linux kernel=5.16-rc1
Linux Linux kernel=5.16-rc2
and 139 more
A flaw was found in the way NSS verifies certificates. That will happen both when client reads the Certificate message from the server or when server is configured to ask for client certificates and t...
redhat/nss<0:3.44.0-12.el6_10
redhat/nss<0:3.67.0-4.el7_9
redhat/nss<0:3.28.4-2.el7_3
redhat/nss<0:3.28.4-18.el7_4
redhat/nss<0:3.36.0-10.2.el7_6
redhat/nss<0:3.44.0-8.el7_7
and 22 more
** DISPUTED ** In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, remote attackers can force iconv() to emit a spurious '\0' character via crafted ISO-2022-JP-3 data that is accompani...
GNU glibc=2.34
Oracle Communications Cloud Native Core Binding Support Function=22.1.3
Oracle Communications Cloud Native Core Network Function Cloud Native Environment=22.1.0
Oracle Communications Cloud Native Core Network Repository Function=22.1.2
Oracle Communications Cloud Native Core Network Repository Function=22.2.0
Oracle Communications Cloud Native Core Security Edge Protection Proxy=22.1.1
and 14 more
In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_pani...
redhat/kernel-rt<0:4.18.0-372.9.1.rt7.166.el8
redhat/kernel<0:4.18.0-372.9.1.el8
Linux Linux kernel<=5.15.2
Fedoraproject Fedora=34
Fedoraproject Fedora=35
Debian Debian Linux=9.0
and 159 more
A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use...
redhat/kernel<5.15
redhat/kernel-rt<0:4.18.0-372.9.1.rt7.166.el8
redhat/kernel<0:4.18.0-372.9.1.el8
Linux Linux kernel<5.15
Linux Linux kernel=5.15
Linux Linux kernel=5.15-rc1
and 9 more
A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with...
redhat/kernel-rt<0:4.18.0-372.9.1.rt7.166.el8
redhat/kernel<0:4.18.0-372.9.1.el8
redhat/kernel-rt<0:4.18.0-305.57.1.rt7.129.el8_4
redhat/kernel<0:4.18.0-305.57.1.el8_4
Linux Linux kernel<5.15
Linux Linux kernel=5.15
and 175 more
An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c.
redhat/kernel-rt<0:4.18.0-372.9.1.rt7.166.el8
redhat/kernel<0:4.18.0-372.9.1.el8
Linux Linux kernel<5.14.15
Redhat Enterprise Linux=8.0
Debian Debian Linux=9.0
Debian Debian Linux=10.0
and 135 more
An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled ...
redhat/kernel-rt<0:4.18.0-372.9.1.rt7.166.el8
redhat/kernel<0:4.18.0-372.9.1.el8
redhat/kernel-rt<0:4.18.0-305.57.1.rt7.129.el8_4
redhat/kernel<0:4.18.0-305.57.1.el8_4
redhat/Linux kernel<5.17
ubuntu/linux<4.15.0-189.200
and 161 more
curl. Multiple issues were addressed by updating to curl version 7.79.1.
redhat/rh-dotnet31-curl<0:7.61.1-22.el7_9
redhat/curl<0:7.61.1-18.el8_4.2
redhat/curl<0:7.61.1-12.el8_2.4
debian/curl<=7.64.0-4+deb10u2
Apple macOS Monterey<12.3
redhat/curl<7.79.0
and 62 more
curl. Multiple issues were addressed by updating to curl version 7.79.1.
redhat/rh-dotnet31-curl<0:7.61.1-22.el7_9
redhat/curl<0:7.61.1-18.el8_4.2
redhat/curl<0:7.61.1-12.el8_2.4
debian/curl<=7.64.0-4+deb10u2
Apple macOS Monterey<12.3
IBM QRadar SIEM<=7.5.0 GA
and 68 more
### Impact The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users o...
maven/io.netty:netty<4.0.0
maven/org.jboss.netty:netty<4.0.0
maven/io.netty:netty-codec<4.1.68.Final
Netty Netty<4.1.68
Quarkus Quarkus<2.2.4
Oracle Banking Apis>=18.1<=18.3
and 44 more
### Impact The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk ...
redhat/eap7-netty<0:4.1.72-4.Final_redhat_00001.1.el8ea
redhat/eap7-netty<0:4.1.72-4.Final_redhat_00001.1.el7ea
redhat/candlepin<0:4.1.15-1.el8
maven/io.netty:netty<4.0.0
maven/org.jboss.netty:netty<4.0.0
maven/io.netty:netty-codec>=4.0.0<4.1.68.Final
and 61 more
A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint information for further use in traditional network attacks.
redhat/kernel-rt<0:4.18.0-372.9.1.rt7.166.el8
redhat/kernel<0:4.18.0-372.9.1.el8
Linux Linux kernel<5.14
Linux Linux kernel>=5.15<5.15.15
Fedoraproject Fedora=34
Redhat Enterprise Linux=6.0
and 5 more
A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used an...
redhat/kernel-rt<0:4.18.0-372.9.1.rt7.166.el8
redhat/kernel<0:4.18.0-372.9.1.el8
ubuntu/linux<4.15.0-184.194
ubuntu/linux<5.4.0-117.132
ubuntu/linux<5.13.0-28.31
ubuntu/linux<5.15
and 195 more
A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to ...
redhat/kernel-rt<0:3.10.0-1160.59.1.rt56.1200.el7
redhat/kernel<0:3.10.0-1160.59.1.el7
redhat/kernel-rt<0:4.18.0-372.9.1.rt7.166.el8
redhat/kernel<0:4.18.0-372.9.1.el8
Linux Linux kernel>=2.6.12<4.4.293
Linux Linux kernel>=4.5<4.9.291
and 192 more
A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw all...
redhat/kernel-rt<0:4.18.0-372.9.1.rt7.166.el8
redhat/kernel<0:4.18.0-372.9.1.el8
redhat/kernel-rt<0:4.18.0-305.49.1.rt7.121.el8_4
redhat/kernel<0:4.18.0-305.49.1.el8_4
redhat/kernel<5.15
ubuntu/linux-aws<4.15.0-1119.127
and 186 more
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicl...
redhat/xstream<0:1.3.1-16.el7_9
debian/libxstream-java
redhat/xstream<1.4.18
Xstream Project Xstream<1.4.18
Fedoraproject Fedora=33
Fedoraproject Fedora=34
and 33 more
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only b...
redhat/xstream<0:1.3.1-16.el7_9
debian/libxstream-java
redhat/xstream<1.4.18
Xstream Project Xstream<1.4.18
Debian Debian Linux=9.0
Debian Debian Linux=10.0
and 33 more
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only b...
redhat/xstream<0:1.3.1-16.el7_9
debian/libxstream-java
redhat/xstream<1.4.18
Xstream Project Xstream<1.4.18
Fedoraproject Fedora=33
Fedoraproject Fedora=34
and 27 more
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only b...
redhat/xstream<0:1.3.1-16.el7_9
debian/libxstream-java
redhat/xstream<1.4.18
Xstream Project Xstream<1.4.18
Debian Debian Linux=9.0
Debian Debian Linux=10.0
and 33 more
XStream Remote Code Execution Vulnerability
redhat/xstream<0:1.3.1-16.el7_9
debian/libxstream-java
XStream XStream
redhat/xstream<1.4.18
Xstream Project Xstream<1.4.18
Debian Debian Linux=9.0
and 34 more
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only b...
redhat/xstream<0:1.3.1-16.el7_9
debian/libxstream-java
redhat/xstream<1.4.18
Xstream Project Xstream<1.4.18
Fedoraproject Fedora=33
Fedoraproject Fedora=34
and 33 more
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicl...
redhat/xstream<0:1.3.1-16.el7_9
debian/libxstream-java
redhat/xstream<1.4.18
Xstream Project Xstream<1.4.18
Fedoraproject Fedora=33
Fedoraproject Fedora=34
and 33 more
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to allocate 100% CPU time on the target system depending on ...
redhat/xstream<0:1.3.1-16.el7_9
debian/libxstream-java
redhat/xstream<1.4.18
Xstream Project Xstream<1.4.18
Debian Debian Linux=9.0
Debian Debian Linux=10.0
and 33 more
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only b...
redhat/xstream<0:1.3.1-16.el7_9
debian/libxstream-java
redhat/xstream<1.4.18
Xstream Project Xstream<1.4.18
Fedoraproject Fedora=33
Fedoraproject Fedora=34
and 33 more
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only b...
redhat/xstream<0:1.3.1-16.el7_9
debian/libxstream-java
redhat/xstream<1.4.18
Xstream Project Xstream<1.4.18
Fedoraproject Fedora=33
Fedoraproject Fedora=34
and 33 more
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only b...
redhat/xstream<0:1.3.1-16.el7_9
debian/libxstream-java
redhat/xstream<1.4.18
Xstream Project Xstream<1.4.18
Debian Debian Linux=9.0
Debian Debian Linux=10.0
and 33 more
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only b...
redhat/xstream<0:1.3.1-16.el7_9
debian/libxstream-java
redhat/xstream<1.4.18
Xstream Project Xstream<1.4.18
Fedoraproject Fedora=33
Fedoraproject Fedora=34
and 33 more
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only b...
redhat/xstream<0:1.3.1-16.el7_9
debian/libxstream-java
redhat/xstream<1.4.18
Xstream Project Xstream<1.4.18
Fedoraproject Fedora=33
Fedoraproject Fedora=34
and 33 more
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only b...
redhat/xstream<0:1.3.1-16.el7_9
debian/libxstream-java
redhat/xstream<1.4.18
Xstream Project Xstream<1.4.18
Fedoraproject Fedora=33
Fedoraproject Fedora=34
and 33 more
An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel. A missing sanity check allows a local attacker to gain access to out-of-bounds memory, leadin...
redhat/kernel-rt<0:4.18.0-372.9.1.rt7.166.el8
redhat/kernel<0:4.18.0-372.9.1.el8
Linux Linux kernel>5.14.1<5.17
Linux Linux kernel=5.14-rc6
Linux Linux kernel=5.17
Linux Linux kernel=5.17-rc1
and 174 more
A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption). This v...
redhat/kernel-rt<0:4.18.0-372.9.1.rt7.166.el8
redhat/kernel<0:4.18.0-372.9.1.el8
Linux Linux kernel<5.15
Linux Linux kernel=5.15
Linux Linux kernel=5.15-rc1
Linux Linux kernel=5.15-rc2
and 157 more
In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data, leading to a NULL pointer dereference. NOTE: this vulnerability was ...
GNU glibc<=2.34
Fedoraproject Fedora=35
Oracle Communications Cloud Native Core Binding Support Function=22.1.3
Oracle Communications Cloud Native Core Network Function Cloud Native Environment=22.1.0
Oracle Communications Cloud Native Core Network Repository Function=22.1.2
Oracle Communications Cloud Native Core Network Repository Function=22.2.0
and 5 more
A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite...
redhat/python3<0:3.6.8-45.el8
redhat/python27-python<0:2.7.18-4.el7
IBM Cloud Pak for Security<=1.10.0.0 - 1.10.11.0
IBM QRadar Suite Software<=1.10.12.0 - 1.10.16.0
redhat/python<3.6.14
redhat/python<3.7.11
and 41 more
For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security co...
redhat/jetty<9.4.43
redhat/jetty<10.0.6
redhat/jetty<11.0.6
Eclipse Jetty>=9.4.37<9.4.43
Eclipse Jetty>=10.0.1<10.0.6
Eclipse Jetty>=11.0.1<11.0.6
and 19 more

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203