Oracle Communications Cloud Native Core Automated Test Suite — known CVE vulnerabilities
Every CVE whose affected-product data names Oracle Communications Cloud Native Core Automated Test Suite, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVE-2021-29921 — CVSS 9.8 (critical): In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This (in some…
CVE-2018-1999001 — CVSS 8.8 (high): A unauthorized modification of configuration vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in User.java that…
CVE-2019-10384 — CVSS 8.8 (high): Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed users to obtain CSRF tokens without an associated web session ID, resulting in…
CVE-2021-39149 — CVSS 8.5 (high): XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker…
CVE-2021-39148 — CVSS 8.5 (high): XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker…
CVE-2021-39147 — CVSS 8.5 (high): XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker…
CVE-2021-39146 — CVSS 8.5 (high): XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker…
CVE-2021-39145 — CVSS 8.5 (high): XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker…
CVE-2021-39139 — CVSS 8.5 (high): XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker…
CVE-2021-39154 — CVSS 8.5 (high): XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker…
CVE-2021-39153 — CVSS 8.5 (high): XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker…
CVE-2021-39152 — CVSS 8.5 (high): XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker…
CVE-2021-39151 — CVSS 8.5 (high): XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker…
CVE-2021-39150 — CVSS 8.5 (high): XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker…
CVE-2021-39141 — CVSS 8.5 (high): XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker…
CVE-2018-1000194 — CVSS 8.1 (high): A path traversal vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in FilePath.java, SoloFilePathFilter.java that…
CVE-2019-1003049 — CVSS 8.1 (high): Users who cached their CLI authentication before Jenkins was updated to 2.150.2 and newer, or 2.160 and newer, would remain authenticated…
CVE-2021-35516 — CVSS 7.5 (high): When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out of…
CVE-2018-1999002 — CVSS 7.5 (high): A arbitrary file read vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's…
CVE-2021-35515 — CVSS 7.5 (high): When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite…
CVE-2021-36090 — CVSS 7.5 (high): When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of…
CVE-2021-43859 — CVSS 7.5 (high): XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote attacker to…
CVE-2021-22144 — CVSS 6.5 (medium): In Elasticsearch versions before 7.13.3 and 6.8.17 an uncontrolled recursion vulnerability that could lead to a denial of service attack…
CVE-2018-6356 — CVSS 6.5 (medium): Jenkins before 2.107 and Jenkins LTS before 2.89.4 did not properly prevent specifying relative paths that escape a base directory for URLs…
CVE-2021-39140 — CVSS 6.5 (medium): XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker…
CVE-2021-22145 — CVSS 6.5 (medium): A memory disclosure vulnerability was identified in Elasticsearch 7.10.0 to 7.13.3 error reporting. A user with the ability to submit…
CVE-2019-10219 — CVSS 6.1 (medium): A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of…
CVE-2021-36374 — CVSS 5.5 (medium): When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory…
CVE-2021-36373 — CVSS 5.5 (medium): When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an…
CVE-2018-1999007 — CVSS 5.4 (medium): A cross-site scripting vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's…
CVE-2022-20615 — CVSS 5.4 (medium): Jenkins Matrix Project Plugin 1.19 and earlier does not escape HTML metacharacters in node and label names, and label descriptions…
CVE-2019-1003050 — CVSS 5.4 (medium): The f:validateButton form control for the Jenkins UI did not properly escape job URLs in Jenkins 2.171 and earlier and Jenkins LTS 2.164.1…
CVE-2018-1999005 — CVSS 5.4 (medium): A cross-site scripting vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in BuildTimelineWidget.java…
CVE-2018-1000068 — CVSS 5.3 (medium): An improper input validation vulnerability exists in Jenkins versions 2.106 and earlier, and LTS 2.89.3 and earlier, that allows an…
CVE-2018-1000067 — CVSS 5.3 (medium): An improper authorization vulnerability exists in Jenkins versions 2.106 and earlier, and LTS 2.89.3 and earlier, that allows an attacker…
CVE-2021-22132 — CVSS 4.8 (medium): Elasticsearch versions 7.7.0 to 7.10.1 contain an information disclosure flaw in the async search API. Users who execute an async search…
CVE-2019-10383 — CVSS 4.8 (medium): A stored cross-site scripting vulnerability in Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed attackers with Overall/Administer…
CVE-2018-1000193 — CVSS 4.3 (medium): A improper neutralization of control sequences vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in…
CVE-2018-1000192 — CVSS 4.3 (medium): A information exposure vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in AboutJenkins.java, ListPluginsCommand.java…
CVE-2021-22134 — CVSS 4.3 (medium): A document disclosure flaw was found in Elasticsearch versions after 7.6.0 and before 7.11.0 when Document or Field Level Security is used…
CVE-2022-20612 — CVSS 4.3 (medium): A cross-site request forgery (CSRF) vulnerability in Jenkins 2.329 and earlier, LTS 2.319.1 and earlier allows attackers to trigger build…
CVE-2022-20613 — CVSS 4.3 (medium): A cross-site request forgery (CSRF) vulnerability in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier allows attackers to use the DNS…
CVE-2022-20614 — CVSS 4.3 (medium): A missing permission check in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier allows attackers with Overall/Read access to use the…
CVE-2018-1999003 — CVSS 4.3 (medium): A Improper authorization vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in Queue.java that allows attackers with…
CVE-2018-1999004 — CVSS 4.3 (medium): A Improper authorization vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in SlaveComputer.java that allows attackers…
CVE-2018-1000195 — CVSS 4.3 (medium): A server-side request forgery vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in ZipExtractionInstaller.java that…