threat
engine
.sh
Back
·
··:··
Home
/
Product
/
oracle communications cloud native core security edge protection proxy
Product
oracle communications cloud native core security edge protection proxy
26 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2022-22965
all versions
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. Th
9.8
CRITICAL
CVE-2022-22963
all versions
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for
9.8
CRITICAL
CVE-2020-36518
all versions
jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.
7.5
HIGH
CVE-2022-22946
all versions
In spring cloud gateway versions prior to 3.1.1+ , applications that are configured to enable HTTP2 and no key store or trusted ce
5.5
MEDIUM
CVE-2022-22947
all versions
In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gate
10.0
CRITICAL
CVE-2022-24407
all versions
In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement
8.8
HIGH
CVE-2022-23219
all versions
The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its ho
9.8
CRITICAL
CVE-2021-45105
all versions
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from sel
5.9
MEDIUM
CVE-2021-43797
all versions
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protoco
6.5
MEDIUM
CVE-2021-43396
all versions
In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, remote attackers can force iconv() to emit a spurious '\0' cha
7.5
HIGH
CVE-2021-2471
all versions
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8
5.9
MEDIUM
CVE-2021-37136
all versions
The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects th
7.5
HIGH
CVE-2021-22947
all versions
When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, t
5.9
MEDIUM
CVE-2021-22946
all versions
A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (
7.5
HIGH
CVE-2021-3712
all versions
ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string dat
7.4
HIGH
CVE-2021-3711
all versions
In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an applic
9.8
CRITICAL
CVE-2021-38604
all versions
In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data
7.5
HIGH
CVE-2021-34429
all versions
For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to acce
5.3
MEDIUM
CVE-2021-33880
all versions
The aaugustin websockets library before 9.1 for Python has an Observable Timing Discrepancy on servers when HTTP Basic Authenticat
5.9
MEDIUM
CVE-2020-14340
all versions
A vulnerability was discovered in XNIO where file descriptor leak caused by growing amounts of NIO Selector file handles between g
5.9
MEDIUM
CVE-2021-22118
all versions
In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a pr
7.8
HIGH
CVE-2021-25329
all versions
The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0
7.0
HIGH
CVE-2021-25122
all versions
When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61
7.5
HIGH
CVE-2021-3326
all versions
The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-
7.5
HIGH
CVE-2019-10219
all versions
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting
6.1
MEDIUM
CVE-2019-17195
all versions
Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an applica
9.8
CRITICAL
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin