Latest oracle communications cloud native core network exposure function Vulnerabilities

CVE-2022-22965
Spring Framework JDK 9+ Remote Code Execution Vulnerability
VMware Spring Framework
VMware Spring Framework<5.2.20
VMware Spring Framework>=5.3.0<5.3.18
Cisco CX Cloud Agent<2.1.0
Oracle Communications Cloud Native Core Automated Test Suite=1.9.0
Oracle Communications Cloud Native Core Automated Test Suite=22.1.0
and 84 more
CVE-2022-22963
VMware Tanzu Spring Cloud Function Remote Code Execution Vulnerability
VMware Tanzu Spring Cloud
Vmware Spring Cloud Function<=3.1.6
Vmware Spring Cloud Function>=3.2.0<=3.2.2
Oracle Banking Branch=14.5
Oracle Banking Cash Management=14.5
Oracle Banking Corporate Lending Process Management=14.5
and 42 more
CVE-2022-1154
Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8.2.4646.
Vim Vim<8.2.4646
Fedoraproject Fedora=34
Fedoraproject Fedora=35
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Oracle Communications Cloud Native Core Network Exposure Function=22.1.1
and 7 more
CVE-2022-0002
Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.
redhat/kernel-rt<0:4.18.0-372.9.1.rt7.166.el8
redhat/kernel<0:4.18.0-372.9.1.el8
Intel Atom C3308
Intel Atom C3336
Intel Atom C3338
Intel Atom C3338r
and 623 more
CVE-2022-0001
Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.
redhat/kernel-rt<0:4.18.0-372.9.1.rt7.166.el8
redhat/kernel<0:4.18.0-372.9.1.el8
Intel Atom P5921b
Intel Atom P5931b
Intel Atom P5942b
Intel Atom P5962b
and 578 more
CVE-2022-22947
VMware Spring Cloud Gateway Code Injection Vulnerability
maven/org.springframework.cloud:spring-cloud-gateway>=3.1.0<3.1.1
maven/org.springframework.cloud:spring-cloud-gateway<3.0.7
VMware Spring Cloud Gateway
VMware Spring Cloud Gateway<3.0.7
VMware Spring Cloud Gateway=3.1.0
Oracle Commerce Guided Search=11.3.2
and 13 more
CVE-2022-25636
An out-of-bounds (OOB) memory access flaw was found in nft_fwd_dup_netdev_offload in net/netfilter/nf_dup_netdev.c in netfilter subcomponent in the Linux kernel due to a heap out of bounds write probl...
redhat/kernel-rt<0:4.18.0-348.23.1.rt7.153.el8_5
redhat/kernel<0:4.18.0-348.23.1.el8_5
redhat/kernel-rt<0:4.18.0-305.45.1.rt7.117.el8_4
redhat/kernel<0:4.18.0-305.45.1.el8_4
Linux Linux kernel>=5.4<5.4.182
Linux Linux kernel>=5.5<5.10.103
and 128 more
CVE-2021-43818
lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content ...
redhat/python-lxml<4.6.5
redhat/python-lxml<0:4.2.3-4.el8
redhat/python-lxml<0:4.7.1-1.el8
redhat/rh-python38-python-lxml<0:4.4.1-8.el7
debian/lxml
Lxml Lxml<4.6.5
and 15 more
CVE-2021-4083
A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigge...
Linux Linux kernel<4.4.294
Linux Linux kernel>=4.5<4.9.292
Linux Linux kernel>=4.10<4.14.257
Linux Linux kernel>=4.15<4.19.220
Linux Linux kernel>=4.20<5.4.164
Linux Linux kernel>=5.5.0<5.10.84
and 206 more
CVE-2021-4002
A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some...
redhat/kernel-rt<0:4.18.0-372.9.1.rt7.166.el8
redhat/kernel<0:4.18.0-372.9.1.el8
Linux Linux kernel<5.16
Linux Linux kernel=5.16
Linux Linux kernel=5.16-rc1
Linux Linux kernel=5.16-rc2
and 139 more
CVE-2021-43976
In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_pani...
redhat/kernel-rt<0:4.18.0-372.9.1.rt7.166.el8
redhat/kernel<0:4.18.0-372.9.1.el8
Linux Linux kernel<=5.15.2
Fedoraproject Fedora=34
Fedoraproject Fedora=35
Debian Debian Linux=9.0
and 159 more
CVE-2022-0322
A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use...
redhat/kernel<5.15
redhat/kernel-rt<0:4.18.0-372.9.1.rt7.166.el8
redhat/kernel<0:4.18.0-372.9.1.el8
Linux Linux kernel<5.15
Linux Linux kernel=5.15
Linux Linux kernel=5.15-rc1
and 9 more
CVE-2021-4203
A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with...
redhat/kernel-rt<0:4.18.0-372.9.1.rt7.166.el8
redhat/kernel<0:4.18.0-372.9.1.el8
redhat/kernel-rt<0:4.18.0-305.57.1.rt7.129.el8_4
redhat/kernel<0:4.18.0-305.57.1.el8_4
Linux Linux kernel<5.15
Linux Linux kernel=5.15
and 175 more
CVE-2021-43389
An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c.
redhat/kernel-rt<0:4.18.0-372.9.1.rt7.166.el8
redhat/kernel<0:4.18.0-372.9.1.el8
Linux Linux kernel<5.14.15
Redhat Enterprise Linux=8.0
Debian Debian Linux=9.0
Debian Debian Linux=10.0
and 135 more
CVE-2021-3773
A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint information for further use in traditional network attacks.
redhat/kernel-rt<0:4.18.0-372.9.1.rt7.166.el8
redhat/kernel<0:4.18.0-372.9.1.el8
Linux Linux kernel<5.14
Linux Linux kernel>=5.15<5.15.15
Fedoraproject Fedora=34
Redhat Enterprise Linux=6.0
and 5 more
CVE-2021-3772
A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used an...
redhat/kernel-rt<0:4.18.0-372.9.1.rt7.166.el8
redhat/kernel<0:4.18.0-372.9.1.el8
ubuntu/linux<4.15.0-184.194
ubuntu/linux<5.4.0-117.132
ubuntu/linux<5.13.0-28.31
ubuntu/linux<5.15
and 195 more
CVE-2021-3752
A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to ...
redhat/kernel-rt<0:3.10.0-1160.59.1.rt56.1200.el7
redhat/kernel<0:3.10.0-1160.59.1.el7
redhat/kernel-rt<0:4.18.0-372.9.1.rt7.166.el8
redhat/kernel<0:4.18.0-372.9.1.el8
Linux Linux kernel>=2.6.12<4.4.293
Linux Linux kernel>=4.5<4.9.291
and 192 more
CVE-2021-20322
A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw all...
redhat/kernel-rt<0:4.18.0-372.9.1.rt7.166.el8
redhat/kernel<0:4.18.0-372.9.1.el8
redhat/kernel-rt<0:4.18.0-305.49.1.rt7.121.el8_4
redhat/kernel<0:4.18.0-305.49.1.el8_4
redhat/kernel<5.15
ubuntu/linux-aws<4.15.0-1119.127
and 186 more
CVE-2021-3743
An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel. A missing sanity check allows a local attacker to gain access to out-of-bounds memory, leadin...
redhat/kernel-rt<0:4.18.0-372.9.1.rt7.166.el8
redhat/kernel<0:4.18.0-372.9.1.el8
Linux Linux kernel>5.14.1<5.17
Linux Linux kernel=5.14-rc6
Linux Linux kernel=5.17
Linux Linux kernel=5.17-rc1
and 174 more
CVE-2021-3744
A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption). This v...
redhat/kernel-rt<0:4.18.0-372.9.1.rt7.166.el8
redhat/kernel<0:4.18.0-372.9.1.el8
Linux Linux kernel<5.15
Linux Linux kernel=5.15
Linux Linux kernel=5.15-rc1
Linux Linux kernel=5.15-rc2
and 157 more
CVE-2021-3737
A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite...
redhat/python3<0:3.6.8-45.el8
redhat/python27-python<0:2.7.18-4.el7
IBM Cloud Pak for Security<=1.10.0.0 - 1.10.11.0
IBM QRadar Suite Software<=1.10.12.0 - 1.10.16.0
redhat/python<3.6.14
redhat/python<3.7.11
and 41 more
CVE-2022-0286
A flaw was found in the Linux kernel. A null pointer dereference in bond_ipsec_add_sa() may lead to local denial of service.
Linux Linux kernel
Oracle Communications Cloud Native Core Binding Support Function=22.1.3
Oracle Communications Cloud Native Core Network Exposure Function=22.1.1
Oracle Communications Cloud Native Core Policy=22.2.0
redhat/kernel-rt<0:4.18.0-372.9.1.rt7.166.el8
redhat/kernel<0:4.18.0-372.9.1.el8
CVE-2021-21781
An information disclosure vulnerability exists in the ARM SIGPAGE functionality of Linux Kernel v5.4.66 and v5.4.54. The latest version (5.11-rc4) seems to still be vulnerable. A userland application ...
Linux Linux kernel=5.4.54
Linux Linux kernel=5.4.66
Oracle Communications Cloud Native Core Binding Support Function=22.1.3
Oracle Communications Cloud Native Core Network Exposure Function=22.1.1
Oracle Communications Cloud Native Core Policy=22.2.0
redhat/kernel<0:4.18.0-372.9.1.el8
CVE-2021-3612
An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to...
redhat/kernel-rt<0:4.18.0-372.9.1.rt7.166.el8
redhat/kernel<0:4.18.0-372.9.1.el8
redhat/kernel<5.9
ubuntu/linux<4.15.0-156.163
ubuntu/linux<5.4.0-84.94
ubuntu/linux<5.11.0-34.36
and 165 more
CVE-2021-45485
In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that ...
redhat/kernel-rt<0:4.18.0-372.9.1.rt7.166.el8
redhat/kernel<0:4.18.0-372.9.1.el8
redhat/kernel-rt<0:4.18.0-305.65.1.rt7.137.el8_4
redhat/kernel<0:4.18.0-305.65.1.el8_4
Linux Linux kernel<5.13.3
NetApp E-Series SANtricity OS Controller
and 191 more
CVE-2021-42739
A heap-based buffer overflow flaw was found in the Linux kernel FireDTV media card driver, where the user calls the CA_SEND_MSG ioctl. This flaw allows a local user of the host machine to crash the sy...
Linux Linux kernel<=5.14.13
Fedoraproject Fedora=33
Fedoraproject Fedora=34
Fedoraproject Fedora=35
Debian Debian Linux=9.0
Mozilla NSS=v8r12
and 131 more
CVE-2021-45486
In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak because the hash table is very small.
redhat/kernel-rt<0:4.18.0-372.9.1.rt7.166.el8
redhat/kernel<0:4.18.0-372.9.1.el8
redhat/kernel-rt<0:4.18.0-305.65.1.rt7.137.el8_4
redhat/kernel<0:4.18.0-305.65.1.el8_4
Linux Linux kernel<5.12.4
Oracle Communications Cloud Native Core Binding Support Function=22.1.3
and 108 more
CVE-2020-27820
A vulnerability was found in kernel, where a use-after-frees in nouveau's postclose() handler could happen if removing device (that is not common to remove video card physically without power-off, but...
redhat/kernel-rt<0:4.18.0-372.9.1.rt7.166.el8
redhat/kernel<0:4.18.0-372.9.1.el8
Linux Linux kernel
Fedoraproject Fedora=33
Linux Linux kernel>2.6.12<5.4.162
Linux Linux kernel>5.5<5.10.82
and 127 more
CVE-2020-4788
IBM Power9 processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances.
IBM i<=7.1
IBM i<=7.2
IBM i<=7.3
IBM i<=7.4
IBM AIX<=7.1
IBM AIX<=7.2
and 99 more
CVE-2021-37159
hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel through 5.13.4 calls unregister_netdev without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free.
redhat/kernel-rt<0:4.18.0-372.9.1.rt7.166.el8
redhat/kernel<0:4.18.0-372.9.1.el8
Linux Linux kernel<=5.13.4
Debian Debian Linux=9.0
Oracle Communications Cloud Native Core Binding Support Function=22.1.3
Oracle Communications Cloud Native Core Network Exposure Function=22.1.1
and 123 more
CVE-2020-0404
In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of privilege in the kernel with no additional ex...
redhat/kernel-rt<0:4.18.0-372.9.1.rt7.166.el8
redhat/kernel<0:4.18.0-372.9.1.el8
Google Android
Oracle Communications Cloud Native Core Binding Support Function=22.1.3
Oracle Communications Cloud Native Core Network Exposure Function=22.1.1
Oracle Communications Cloud Native Core Policy=22.2.0
and 1 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203