Oracle Communications Cloud Native Core Console — known CVE vulnerabilities
Every CVE whose affected-product data names Oracle Communications Cloud Native Core Console, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVE-2022-23221 — CVSS 9.8 (critical): H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the…
CVE-2022-24407 — CVSS 8.8 (high): In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement.
CVE-2021-22569 — CVSS 7.5 (high): An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be processed out…
CVE-2020-36518 — CVSS 7.5 (high): jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.
CVE-2021-22946 — CVSS 7.5 (high): A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server…
CVE-2021-3712 — CVSS 7.4 (high): ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a…
CVE-2020-25638 — CVSS 7.4 (high): A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA…
CVE-2019-10086 — CVSS 7.3 (high): In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to…
CVE-2021-41973 — CVSS 6.5 (medium): In Apache MINA, a specifically crafted, malformed HTTP request may cause the HTTP Header decoder to loop indefinitely. The decoder assumed…
CVE-2021-30129 — CVSS 6.5 (medium): A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error. This issue affects…
CVE-2019-10219 — CVSS 6.1 (medium): A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of…
CVE-2021-22947 — CVSS 5.9 (medium): When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server…
CVE-2021-2471 — CVSS 5.9 (medium): Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.26 and…
CVE-2021-45105 — CVSS 5.9 (medium): Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from…
CVE-2021-21409 — CVSS 5.9 (medium): Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance…
CVE-2020-14340 — CVSS 5.9 (medium): A vulnerability was discovered in XNIO where file descriptor leak caused by growing amounts of NIO Selector file handles between garbage…
CVE-2022-22946 — CVSS 5.5 (medium): In spring cloud gateway versions prior to 3.1.1+ , applications that are configured to enable HTTP2 and no key store or trusted…
CVE-2021-20289 — CVSS 5.3 (medium): A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the…
CVE-2021-22096 — CVSS 4.3 (medium): In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious…
CVE-2021-22060 — CVSS 4.3 (medium): In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious…