Latest oracle communications cloud native core network function cloud native environment Vulnerabilities

CVE-2022-22963
VMware Tanzu Spring Cloud Function Remote Code Execution Vulnerability
VMware Tanzu Spring Cloud
Vmware Spring Cloud Function<=3.1.6
Vmware Spring Cloud Function>=3.2.0<=3.2.2
Oracle Banking Branch=14.5
Oracle Banking Cash Management=14.5
Oracle Banking Corporate Lending Process Management=14.5
and 42 more
CVE-2022-22965
Spring Framework JDK 9+ Remote Code Execution Vulnerability
VMware Spring Framework
VMware Spring Framework<5.2.20
VMware Spring Framework>=5.3.0<5.3.18
Cisco CX Cloud Agent<2.1.0
Oracle Communications Cloud Native Core Automated Test Suite=1.9.0
Oracle Communications Cloud Native Core Automated Test Suite=22.1.0
and 84 more
CVE-2022-22947
VMware Spring Cloud Gateway Code Injection Vulnerability
maven/org.springframework.cloud:spring-cloud-gateway>=3.1.0<3.1.1
maven/org.springframework.cloud:spring-cloud-gateway<3.0.7
VMware Spring Cloud Gateway
VMware Spring Cloud Gateway<3.0.7
VMware Spring Cloud Gateway=3.1.0
Oracle Commerce Guided Search=11.3.2
and 13 more
CVE-2022-23308
A flaw was found in libxml2. A call to the xmlGetID function can return a pointer already freed when parsing an XML document with the XML_PARSE_DTDVALID option and without the XML_PARSE_NOENT option, ...
redhat/jbcs-httpd24-apr-util<0:1.6.1-91.el8
redhat/jbcs-httpd24-curl<0:7.78.0-3.el8
redhat/jbcs-httpd24-httpd<0:2.4.37-80.el8
redhat/jbcs-httpd24-nghttp2<0:1.39.2-41.el8
redhat/jbcs-httpd24-openssl<1:1.1.1g-11.el8
redhat/jbcs-httpd24-openssl-chil<0:1.0.0-11.el8
and 75 more
CVE-2022-24407
In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement.
redhat/cyrus-sasl<0:2.1.23-16.el6_10
redhat/cyrus-sasl<0:2.1.26-24.el7_9
redhat/cyrus-sasl<0:2.1.27-6.el8_5
redhat/cyrus-sasl<0:2.1.27-2.el8_1
redhat/cyrus-sasl<0:2.1.27-2.el8_2
redhat/cyrus-sasl<0:2.1.27-6.el8_4
and 15 more
CVE-2022-23219
The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may ...
GNU glibc<=2.34
Oracle Communications Cloud Native Core Binding Support Function=22.1.3
Oracle Communications Cloud Native Core Network Function Cloud Native Environment=22.1.0
Oracle Communications Cloud Native Core Network Repository Function=22.1.2
Oracle Communications Cloud Native Core Network Repository Function=22.2.0
Oracle Communications Cloud Native Core Security Edge Protection Proxy=22.1.1
and 5 more
CVE-2021-45105
Apache Log4j StrSubstitutor Uncontrolled Recursion Denial-of-Service Vulnerability
redhat/eap7-log4j<0:2.17.1-1.redhat_00001.1.el8ea
redhat/eap7-log4j<0:2.17.1-1.redhat_00001.1.el7ea
redhat/rh-sso7-keycloak<0:15.0.6-1.redhat_00001.1.el7
redhat/rh-sso7-keycloak<0:15.0.6-1.redhat_00001.1.el8
debian/apache-log4j2
debian/apache-log4j2<=2.16.0-1~deb10u1<=2.16.0-1<=2.16.0-1~deb11u1
and 217 more
CVE-2021-43396
** DISPUTED ** In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, remote attackers can force iconv() to emit a spurious '\0' character via crafted ISO-2022-JP-3 data that is accompani...
GNU glibc=2.34
Oracle Communications Cloud Native Core Binding Support Function=22.1.3
Oracle Communications Cloud Native Core Network Function Cloud Native Environment=22.1.0
Oracle Communications Cloud Native Core Network Repository Function=22.1.2
Oracle Communications Cloud Native Core Network Repository Function=22.2.0
Oracle Communications Cloud Native Core Security Edge Protection Proxy=22.1.1
and 4 more
CVE-2021-36160
A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive).
redhat/httpd<2.4.49
redhat/jbcs-httpd24-httpd<0:2.4.51-28.el8
redhat/jbcs-httpd24-httpd<0:2.4.51-28.el7
redhat/httpd24-httpd<0:2.4.34-23.el7.5
debian/apache2
debian/uwsgi<=2.0.18-1<=2.0.19.1-7.1<=2.0.21-5.1<=2.0.22-4
and 20 more
CVE-2021-34798
Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.
redhat/jbcs-httpd24-apr<0:1.6.3-107.el8
redhat/jbcs-httpd24-apr-util<0:1.6.1-84.el8
redhat/jbcs-httpd24-curl<0:7.78.0-2.el8
redhat/jbcs-httpd24-httpd<0:2.4.37-78.el8
redhat/jbcs-httpd24-nghttp2<0:1.39.2-39.el8
redhat/jbcs-httpd24-openssl<1:1.1.1g-8.el8
and 38 more
CVE-2021-22947
curl. Multiple issues were addressed by updating to curl version 7.79.1.
redhat/rh-dotnet31-curl<0:7.61.1-22.el7_9
redhat/curl<0:7.61.1-18.el8_4.2
redhat/curl<0:7.61.1-12.el8_2.4
debian/curl<=7.64.0-4+deb10u2
Apple macOS Monterey<12.3
redhat/curl<7.79.0
and 62 more
CVE-2021-22946
curl. Multiple issues were addressed by updating to curl version 7.79.1.
redhat/rh-dotnet31-curl<0:7.61.1-22.el7_9
redhat/curl<0:7.61.1-18.el8_4.2
redhat/curl<0:7.61.1-12.el8_2.4
debian/curl<=7.64.0-4+deb10u2
Apple macOS Monterey<12.3
IBM QRadar SIEM<=7.5.0 GA
and 68 more
CVE-2021-38604
In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data, leading to a NULL pointer dereference. NOTE: this vulnerability was ...
GNU glibc<=2.34
Fedoraproject Fedora=35
Oracle Communications Cloud Native Core Binding Support Function=22.1.3
Oracle Communications Cloud Native Core Network Function Cloud Native Environment=22.1.0
Oracle Communications Cloud Native Core Network Repository Function=22.1.2
Oracle Communications Cloud Native Core Network Repository Function=22.2.0
and 5 more
CVE-2021-22897
curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library. The se...
Haxx Curl>=7.61.0<=7.76.1
Oracle Communications Cloud Native Core Binding Support Function=1.11.0
Oracle Communications Cloud Native Core Network Function Cloud Native Environment=1.10.0
Oracle Communications Cloud Native Core Network Repository Function=1.15.0
Oracle Communications Cloud Native Core Network Repository Function=1.15.1
Oracle Communications Cloud Native Core Network Slice Selection Function=1.8.0
and 45 more
CVE-2021-33560
Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appr...
GnuPG Libgcrypt<1.8.8
GnuPG Libgcrypt>=1.9.0<1.9.3
Debian Debian Linux=9.0
Fedoraproject Fedora=33
Fedoraproject Fedora=34
Oracle Communications Cloud Native Core Binding Support Function=1.11.0
and 10 more
CVE-2021-22898
cURL libcurl could allow a remote attacker to obtain sensitive information, caused by a flaw in the option parser for sending NEW_ENV variables. By sending a specially-crafted request using a clear-te...
redhat/curl<0:7.61.1-22.el8
debian/curl<=7.64.0-4+deb10u2
debian/curl<=7.74.0-1.2<=7.64.0-4<=7.64.0-4+deb10u2<=7.64.0-4+deb10u1
Haxx Curl>=7.7<=7.76.1
Debian Debian Linux=9.0
Fedoraproject Fedora=33
and 19 more
CVE-2021-22901
A use-after-free flaw was found in the way curl handled TLS session data. The curl versions using the OpenSSL library as their TLS backend could use freed memory after TLS session renegotiation was pe...
redhat/jbcs-httpd24<0:1-18.el8
redhat/jbcs-httpd24-apr<0:1.6.3-105.el8
redhat/jbcs-httpd24-apr-util<0:1.6.1-82.el8
redhat/jbcs-httpd24-brotli<0:1.0.6-40.el8
redhat/jbcs-httpd24-curl<0:7.77.0-2.el8
redhat/jbcs-httpd24-httpd<0:2.4.37-74.el8
and 68 more
CVE-2021-3537
A NULL pointer dereference flaw was found in libxml2, where it did not propagate errors while parsing XML mixed content. This flaw causes the application to crash if an untrusted XML document is parse...
redhat/jbcs-httpd24-apr-util<0:1.6.1-91.el8
redhat/jbcs-httpd24-curl<0:7.78.0-3.el8
redhat/jbcs-httpd24-httpd<0:2.4.37-80.el8
redhat/jbcs-httpd24-nghttp2<0:1.39.2-41.el8
redhat/jbcs-httpd24-openssl<1:1.1.1g-11.el8
redhat/jbcs-httpd24-openssl-chil<0:1.0.0-11.el8
and 36 more
CVE-2021-3572
A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest ...
redhat/python-pip<0:9.0.3-20.el8
redhat/rh-python38-babel<0:2.7.0-12.el7
redhat/rh-python38-python<0:3.8.11-2.el7
redhat/rh-python38-python-cryptography<0:2.8-5.el7
redhat/rh-python38-python-jinja2<0:2.10.3-6.el7
redhat/rh-python38-python-lxml<0:4.4.1-7.el7
and 12 more
CVE-2021-3517
A heap-based buffer overflow was found in libxml2 when processing truncated UTF-8 input. Reference: <a href="https://gitlab.gnome.org/GNOME/libxml2/-/issues/235">https://gitlab.gnome.org/GNOME/libxml...
rubygems/nokogiri<1.11.4
redhat/jbcs-httpd24-apr-util<0:1.6.1-91.el8
redhat/jbcs-httpd24-curl<0:7.78.0-3.el8
redhat/jbcs-httpd24-httpd<0:2.4.37-80.el8
redhat/jbcs-httpd24-nghttp2<0:1.39.2-41.el8
redhat/jbcs-httpd24-openssl<1:1.1.1g-11.el8
and 46 more
CVE-2021-3518
libxml2. This issue was addressed with improved checks.
rubygems/nokogiri<1.11.4
redhat/jbcs-httpd24-apr-util<0:1.6.1-91.el8
redhat/jbcs-httpd24-curl<0:7.78.0-3.el8
redhat/jbcs-httpd24-httpd<0:2.4.37-80.el8
redhat/jbcs-httpd24-nghttp2<0:1.39.2-41.el8
redhat/jbcs-httpd24-openssl<1:1.1.1g-11.el8
and 37 more
CVE-2021-3448
A flaw was found in dnsmasq in versions before 2.85. When configured to use a specific server for a given network interface, dnsmasq uses a fixed port while forwarding queries. An attacker on the netw...
Thekelleys Dnsmasq<2.85
Redhat Enterprise Linux=8.0
Fedoraproject Fedora=32
Fedoraproject Fedora=33
Fedoraproject Fedora=34
Oracle Communications Cloud Native Core Network Function Cloud Native Environment=1.9.0
CVE-2021-3177
Python is vulnerable to a buffer overflow, caused by improper bounds checking by the PyCArg_repr function in _ctypes/callproc.c. By sending specially-crafted arguments to c_double.from_param, a remote...
redhat/python<0:2.7.5-92.el7_9
redhat/python3<0:3.6.8-37.el8
redhat/python27-babel<0:0.9.6-10.el7
redhat/python27-python<0:2.7.18-3.el7
redhat/python27-python-jinja2<0:2.6-16.el7
redhat/python27-python-pygments<0:1.5-5.el7
and 39 more
CVE-2020-36242
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. When certain sequences of `update()` calls with large values (multiple GBs) for symetric encrypt...
pip/cryptography>=3.1<3.3.2
Cryptography Project Cryptography<3.3.2
Fedoraproject Fedora=33
Oracle Communications Cloud Native Core Network Function Cloud Native Environment=1.10.0
redhat/python-cryptography<0:3.2.1-4.el8
redhat/rh-python38-babel<0:2.7.0-12.el7
and 7 more
CVE-2020-1971
A null pointer dereference flaw was found in openssl. A remote attacker, able to control the arguments of the GENERAL_NAME_cmp function, could cause the application, compiled with openssl to crash res...
redhat/jbcs-httpd24-brotli<0:1.0.6-40.jbcs.el7
redhat/jbcs-httpd24-httpd<0:2.4.37-66.jbcs.el7
redhat/jbcs-httpd24-nghttp2<0:1.39.2-35.jbcs.el7
redhat/jbcs-httpd24-openssl<1:1.1.1g-3.jbcs.el7
redhat/jbcs-httpd24-openssl-chil<0:1.0.0-3.jbcs.el7
redhat/jbcs-httpd24-openssl-pkcs11<0:0.4.10-18.jbcs.el7
and 95 more
CVE-2020-25659
A flaw was found in python-cryptography, where it is vulnerable to Bleichenbacher timing attacks. This flaw allows an attacker, via the RSA decryption API, to decrypt parts of the ciphertext encrypted...
redhat/python-cryptography<0:3.2.1-4.el8
redhat/rh-python38-babel<0:2.7.0-12.el7
redhat/rh-python38-python<0:3.8.11-2.el7
redhat/rh-python38-python-cryptography<0:2.8-5.el7
redhat/rh-python38-python-jinja2<0:2.10.3-6.el7
redhat/rh-python38-python-lxml<0:4.4.1-7.el7
and 7 more
CVE-2020-27619
An unspecified error with CJK codec tests call eval() on content retrieved throug HTTP in multibytecodec_support.py in Python has an unknown impact and attack vector.
redhat/python3<0:3.6.8-37.el8
redhat/python27-babel<0:0.9.6-10.el7
redhat/python27-python<0:2.7.18-3.el7
redhat/python27-python-jinja2<0:2.6-16.el7
redhat/python27-python-pygments<0:1.5-5.el7
redhat/rh-python38-babel<0:2.7.0-12.el7
and 28 more
CVE-2020-7733
The package ua-parser-js before 0.7.22 are vulnerable to Regular Expression Denial of Service (ReDoS) via the regex for Redmi Phones and Mi Pad Tablets UA.
redhat/nodejs-ua-parser-js<0.7.22
redhat/ovirt-engine-ui-extensions<0:1.2.7-1.el8e
redhat/ovirt-web-ui<0:1.7.2-1.el8e
Ua-parser-js Project Ua-parser-js<0.7.22
Oracle Communications Cloud Native Core Network Function Cloud Native Environment=1.7.0
CVE-2020-24977
GNOME libxml2 is vulnerable to a buffer overflow, caused by improper bounds checking by the xmlEncodeEntitiesInternal function in libxml2/entities.c. By persuading a victim to open a specially-crafted...
IBM Security Verify Access<=10.0.0
Xmlsoft Libxml2=2.9.10
Debian Debian Linux=9.0
Fedoraproject Fedora=31
Fedoraproject Fedora=32
Fedoraproject Fedora=33
and 22 more
CVE-2020-7017
In Kibana versions before 6.8.11 and 7.8.1 the region map visualization in contains a stored XSS flaw. An attacker who is able to edit or create a region map visualization could obtain sensitive infor...
Elasticsearch Kibana<6.8.11
Elasticsearch Kibana>=7.0.0<7.8.1
Oracle Communications Billing and Revenue Management=12.0.0.3.0
Oracle Communications Cloud Native Core Network Function Cloud Native Environment=1.7.0
Oracle PeopleSoft Enterprise PeopleTools=8.58
CVE-2020-7016
Kibana versions before 6.8.11 and 7.8.1 contain a denial of service (DoS) flaw in Timelion. An attacker can construct a URL that when viewed by a Kibana user can lead to the Kibana process consuming l...
Elasticsearch Kibana<6.8.11
Elasticsearch Kibana>=7.0.0<7.8.1
Oracle Communications Billing and Revenue Management=12.0.0.3.0
Oracle Communications Cloud Native Core Network Function Cloud Native Environment=1.7.0
Oracle PeopleSoft Enterprise PeopleTools=8.58
CVE-2020-14343
A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or ...
redhat/python-pyyaml<0:5.4.1-1.el7
redhat/PyYAML<5.4
Pyyaml Pyyaml>=5.1<5.4
Oracle Communications Cloud Native Core Network Function Cloud Native Environment=1.10.0
Oracle Communications Cloud Native Core Network Function Cloud Native Environment=22.1.0
pip/PyYAML<5.4
CVE-2020-1747
A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method o...
pip/pyyaml<5.3.1
redhat/PyYAML<5.3.1
Pyyaml Pyyaml>=5.1<5.3.1
Fedoraproject Fedora=30
Fedoraproject Fedora=31
Fedoraproject Fedora=32
and 3 more
CVE-2020-26137
A flaw was found in python-urllib3. The HTTPConnection.request() does not properly validate CRLF sequences in the HTTP request method, potentially allowing manipulation of the request by injecting add...
redhat/python<0:2.7.5-92.el7_9
redhat/python-urllib3<0:1.24.2-5.el8
redhat/python-urllib3<0:1.26.2-1.el7
redhat/rh-python38-python<0:3.8.6-1.el7
redhat/rh-python38-python-psutil<0:5.6.4-5.el7
redhat/rh-python38-python-urllib3<0:1.25.7-6.el7
and 21 more
CVE-2019-15604
Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when sending a crafted X.509 certificate
redhat/rh-nodejs10-nodejs<0:10.19.0-1.el7
redhat/rh-nodejs12-nodejs<0:12.16.1-1.el7
Nodejs Node.js>=10.0.0<10.19.0
Nodejs Node.js>=12.0.0<12.15.0
Nodejs Node.js>=13.0.0<13.8.0
Debian Debian Linux=10.0
and 23 more
CVE-2019-15606
Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons
Nodejs Node.js>=10.0.0<10.19.0
Nodejs Node.js>=12.0.0<12.15.0
Nodejs Node.js>=13.0.0<13.8.0
Oracle Communications Cloud Native Core Network Function Cloud Native Environment=1.4.0
Oracle GraalVM=19.3.1
Oracle GraalVM=20.0.0
and 11 more
CVE-2019-16792
Waitress through version 1.3.1 allows request smuggling by sending the Content-Length header twice. Waitress would header fold a double Content-Length header and due to being unable to cast the now co...
Agendaless Waitress<=1.3.1
Oracle Communications Cloud Native Core Network Function Cloud Native Environment=1.10.0
Debian Debian Linux=9.0
debian/waitress
CVE-2019-20388
GNOME libxml2 could allow a remote attacker to obtain sensitive information, caused by a xmlSchemaValidateStream memory leak in xmlSchemaPreRun in xmlschemas.c. By persuading a victim to open a specia...
redhat/jbcs-httpd24-curl<0:7.64.1-36.jbcs.el6
redhat/jbcs-httpd24-httpd<0:2.4.37-57.jbcs.el6
redhat/jbcs-httpd24-nghttp2<0:1.39.2-25.jbcs.el6
redhat/jbcs-httpd24-curl<0:7.64.1-36.jbcs.el7
redhat/jbcs-httpd24-httpd<0:2.4.37-57.jbcs.el7
redhat/jbcs-httpd24-nghttp2<0:1.39.2-25.jbcs.el7
and 59 more
CVE-2020-7595
GNOME libxml2 is vulnerable to a denial of service, caused by an error in xmlStringLenDecodeEntities in parser.c. An attacker could exploit this vulnerability to cause the application to enter into an...
redhat/jbcs-httpd24-curl<0:7.64.1-36.jbcs.el6
redhat/jbcs-httpd24-httpd<0:2.4.37-57.jbcs.el6
redhat/jbcs-httpd24-nghttp2<0:1.39.2-25.jbcs.el6
redhat/jbcs-httpd24-curl<0:7.64.1-36.jbcs.el7
redhat/jbcs-httpd24-httpd<0:2.4.37-57.jbcs.el7
redhat/jbcs-httpd24-nghttp2<0:1.39.2-25.jbcs.el7
and 72 more
CVE-2019-16789
### Impact The patches introduced to fix https://github.com/Pylons/waitress/security/advisories/GHSA-m5ff-3wj3-8ph4 were not complete and still would allow an attacker to smuggle requests/split a HTT...
pip/waitress<1.4.2
redhat/waitress<1.4.1
redhat/python-waitress<0:1.4.2-1.el8
Agendaless Waitress<=1.4.0
Oracle Communications Cloud Native Core Network Function Cloud Native Environment=1.10.0
Debian Debian Linux=9.0
and 4 more
CVE-2019-16786
### Impact Waitress would parse the `Transfer-Encoding` header and only look for a single string value, if that value was not `chunked` it would fall through and use the `Content-Length` header inste...
pip/waitress<1.4.0
redhat/waitress<1.4.0
redhat/python-waitress<0:1.4.2-1.el8
Agendaless Waitress<1.3.1
Oracle Communications Cloud Native Core Network Function Cloud Native Environment=1.10.0
Debian Debian Linux=9.0
and 4 more
CVE-2019-16785
### Impact Waitress implemented a &amp;quot;MAY&amp;quot; part of the RFC7230 (https://tools.ietf.org/html/rfc7230#section-3.5) which states: Although the line terminator for the start-line an...
pip/waitress<1.4.0
Agendaless Waitress<=1.3.1
Oracle Communications Cloud Native Core Network Function Cloud Native Environment=1.10.0
Debian Debian Linux=9.0
Fedoraproject Fedora=30
Fedoraproject Fedora=31
and 3 more
CVE-2019-10219
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This...
redhat/eap7-apache-cxf<0:3.2.11-1.redhat_00001.1.el6ea
redhat/eap7-glassfish-jsf<0:2.3.5-6.SP3_redhat_00004.1.el6ea
redhat/eap7-hal-console<0:3.0.19-1.Final_redhat_00001.1.el6ea
redhat/eap7-hibernate<0:5.3.14-1.Final_redhat_00001.1.el6ea
redhat/eap7-hibernate-validator<0:6.0.18-1.Final_redhat_00001.1.el6ea
redhat/eap7-jackson-annotations<0:2.9.10-1.redhat_00003.1.el6ea
and 779 more
CVE-2019-10746
Versions of `mixin-deep` prior to 2.0.1 or 1.3.2 are vulnerable to Prototype Pollution. The `mixinDeep` function fails to validate which Object properties it updates. This allows attackers to modify t...
npm/mixin-deep=2.0.0
npm/mixin-deep<1.3.2
IBM Cloud Pak for Security (CP4S)<=1.6.0.1
IBM Cloud Pak for Security (CP4S)<=1.6.0.0
IBM Cloud Pak for Security (CP4S)<=1.5.0.1
IBM Cloud Pak for Security (CP4S)<=1.5.0.0
and 8 more
CVE-2019-20916
A flaw was found in python-pip. Installing remote packages is vulnerable to directory traversal via Content-Disposition header by a malicious server. Upstream issue: <a href="https://github.com/pypa...
redhat/python-virtualenv<0:15.1.0-7.el7_9
redhat/python-pip<0:9.0.3-18.el8
redhat/rh-python36-python<0:3.6.12-1.el6
redhat/rh-python36-python-pip<0:9.0.1-5.el6
redhat/rh-python36-python-virtualenv<0:15.1.0-3.el6
redhat/python27-python<0:2.7.18-2.el7
and 13 more
CVE-2018-15686
A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and...
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
Canonical Ubuntu Linux=18.10
Debian Debian Linux=8.0
Systemd Project Systemd<=239
Oracle Communications Cloud Native Core Network Function Cloud Native Environment=1.4.0
and 4 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203