2021-09-16
|
CVE-2021-36160
|
A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive).
|
Http_server, Brocade_fabric_operating_system_firmware, Debian_linux, Fedora, Cloud_backup, Clustered_data_ontap, Storagegrid, Communications_cloud_native_core_network_function_cloud_native_environment, Enterprise_manager_base_platform, Http_server, Instantis_enterprisetrack, Peoplesoft_enterprise_peopletools, Zfs_storage_appliance_kit
|
7.5
|
|
|
2022-02-24
|
CVE-2022-24407
|
In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement.
|
Cyrus\-Sasl, Debian_linux, Fedora, Active_iq_unified_manager, Ontap_select_deploy_administration_utility, Communications_cloud_native_core_console, Communications_cloud_native_core_network_function_cloud_native_environment, Communications_cloud_native_core_security_edge_protection_proxy
|
8.8
|
|
|
2022-02-26
|
CVE-2022-23308
|
valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.
|
Ipados, Iphone_os, Mac_os_x, Macos, Tvos, Watchos, Debian_linux, Fedora, Active_iq_unified_manager, Bootstrap_os, Clustered_data_ontap, Clustered_data_ontap_antivirus_connector, H300e_firmware, H300s_firmware, H410c_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H700e_firmware, H700s_firmware, Manageability_software_development_kit, Ontap_select_deploy_administration_utility, Smi\-S_provider, Snapdrive, Snapmanager, Solidfire\,_enterprise_sds_\&_hci_storage_node, Solidfire_\&_hci_management_node, Communications_cloud_native_core_binding_support_function, Communications_cloud_native_core_network_function_cloud_native_environment, Communications_cloud_native_core_network_repository_function, Communications_cloud_native_core_network_slice_selection_function, Communications_cloud_native_core_unified_data_repository, Mysql_workbench, Zfs_storage_appliance_kit, Libxml2
|
7.5
|
|
|
2020-09-30
|
CVE-2020-26137
|
urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116.
|
Ubuntu_linux, Debian_linux, Communications_cloud_native_core_network_function_cloud_native_environment, Zfs_storage_appliance_kit, Urllib3
|
6.5
|
|
|
2022-03-03
|
CVE-2022-22947
|
In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host.
|
Commerce_guided_search, Communications_cloud_native_core_binding_support_function, Communications_cloud_native_core_console, Communications_cloud_native_core_network_exposure_function, Communications_cloud_native_core_network_function_cloud_native_environment, Communications_cloud_native_core_network_repository_function, Communications_cloud_native_core_network_slice_selection_function, Communications_cloud_native_core_security_edge_protection_proxy, Communications_cloud_native_core_service_communication_proxy, Spring_cloud_gateway
|
10.0
|
|
|
2021-02-09
|
CVE-2020-14343
|
A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. This flaw allows an attacker to execute arbitrary code on the system by abusing the python/object/new constructor. This flaw is due to an incomplete fix for CVE-2020-1747.
|
Communications_cloud_native_core_network_function_cloud_native_environment, Pyyaml
|
9.8
|
|
|
2022-04-01
|
CVE-2022-22965
|
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
|
Cx_cloud_agent, Commerce_platform, Communications_cloud_native_core_automated_test_suite, Communications_cloud_native_core_binding_support_function, Communications_cloud_native_core_console, Communications_cloud_native_core_network_exposure_function, Communications_cloud_native_core_network_function_cloud_native_environment, Communications_cloud_native_core_network_repository_function, Communications_cloud_native_core_network_slice_selection_function, Communications_cloud_native_core_policy, Communications_cloud_native_core_security_edge_protection_proxy, Communications_cloud_native_core_unified_data_repository, Communications_policy_management, Communications_unified_inventory_management, Financial_services_analytical_applications_infrastructure, Financial_services_behavior_detection_platform, Financial_services_enterprise_case_management, Mysql_enterprise_monitor, Product_lifecycle_analytics, Retail_bulk_data_integration, Retail_customer_management_and_segmentation_foundation, Retail_financial_integration, Retail_integration_bus, Retail_merchandising_system, Retail_xstore_point_of_service, Sd\-Wan_edge, Weblogic_server, Operation_scheduler, Simatic_speech_assistant_for_machines, Sinec_network_management_system, Sipass_integrated, Siveillance_identity, Access_appliance, Flex_appliance, Netbackup_appliance, Netbackup_flex_scale_appliance, Netbackup_virtual_appliance, Spring_framework
|
9.8
|
|
|
2020-07-27
|
CVE-2020-7016
|
Kibana versions before 6.8.11 and 7.8.1 contain a denial of service (DoS) flaw in Timelion. An attacker can construct a URL that when viewed by a Kibana user can lead to the Kibana process consuming large amounts of CPU and becoming unresponsive.
|
Kibana, Communications_billing_and_revenue_management, Communications_cloud_native_core_network_function_cloud_native_environment, Peoplesoft_enterprise_peopletools
|
4.8
|
|
|
2022-01-14
|
CVE-2022-23219
|
The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.
|
Debian_linux, Glibc, Communications_cloud_native_core_binding_support_function, Communications_cloud_native_core_network_function_cloud_native_environment, Communications_cloud_native_core_network_repository_function, Communications_cloud_native_core_security_edge_protection_proxy, Communications_cloud_native_core_unified_data_repository, Enterprise_operations_monitor
|
9.8
|
|
|
2020-07-27
|
CVE-2020-7017
|
In Kibana versions before 6.8.11 and 7.8.1 the region map visualization in contains a stored XSS flaw. An attacker who is able to edit or create a region map visualization could obtain sensitive information or perform destructive actions on behalf of Kibana users who view the region map visualization.
|
Kibana, Communications_billing_and_revenue_management, Communications_cloud_native_core_network_function_cloud_native_environment, Peoplesoft_enterprise_peopletools
|
6.7
|
|
|