Communications Cloud Native Core Network Slice Selection Function Oracle Communications Cloud Native Core Network Slice Selection Function

Do you want an email whenever new security vulnerabilities are reported in Oracle Communications Cloud Native Core Network Slice Selection Function?

By the Year

In 2022 there have been 1 vulnerability in Oracle Communications Cloud Native Core Network Slice Selection Function with an average score of 9.8 out of ten. Last year Communications Cloud Native Core Network Slice Selection Function had 13 security vulnerabilities published. Right now, Communications Cloud Native Core Network Slice Selection Function is on track to have less security vulnerabilities in 2022 than it did last year. However, the average CVE base score of the vulnerabilities in 2022 is greater by 3.52.

Year Vulnerabilities Average Score
2022 1 9.80
2021 13 6.28
2020 2 5.70
2019 1 7.50
2018 0 0.00

It may take a day or so for new Communications Cloud Native Core Network Slice Selection Function vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Oracle Communications Cloud Native Core Network Slice Selection Function Security Vulnerabilities

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding

CVE-2022-22965 9.8 - Critical - April 01, 2022

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.

Code Injection

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients

CVE-2021-43797 6.5 - Medium - December 09, 2021

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. Netty prior to version 4.1.71.Final skips control chars when they are present at the beginning / end of the header name. It should instead fail fast as these are not allowed by the spec and could lead to HTTP request smuggling. Failing to do the validation might cause netty to "sanitize" header names before it forward these to another remote system when used as proxy. This remote system can't see the invalid usage anymore, and therefore does not do the validation itself. Users should upgrade to version 4.1.71.Final.

HTTP Request Smuggling

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J)

CVE-2021-2471 5.9 - Medium - October 20, 2021

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Connectors accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors. CVSS 3.1 Base Score 5.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H).

When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once

CVE-2021-22947 5.9 - Medium - September 29, 2021

When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. curl would then upgrade to TLS but not flush the in-queue of cached responses but instead continue using and trustingthe responses it got *before* the TLS handshake as if they were authenticated.Using this flaw, it allows a Man-In-The-Middle attacker to first inject the fake responses, then pass-through the TLS traffic from the legitimate server and trick curl into sending data back to the user thinking the attacker's injected data comes from the TLS-protected server.

Insufficient Verification of Data Authenticity

A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP

CVE-2021-22946 7.5 - High - September 29, 2021

A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl). This requirement could be bypassed if the server would return a properly crafted but perfectly legitimate response.This flaw would then make curl silently continue its operations **withoutTLS** contrary to the instructions and expectations, exposing possibly sensitive data in clear text over the network.

Cleartext Transmission of Sensitive Information

curl 7.75.0 through 7.76.1 suffers

CVE-2021-22901 8.1 - High - June 11, 2021

curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection. A malicious server can use this in rare unfortunate circumstances to potentially reach remote code execution in the client. When libcurl at run-time sets up support for TLS 1.3 session tickets on a connection using OpenSSL, it stores pointers to the transfer in-memory object for later retrieval when a session ticket arrives. If the connection is used by multiple transfers (like with a reused HTTP/1.1 connection or multiplexed HTTP/2 connection) that first transfer object might be freed before the new session is established on that connection and then the function will access a memory buffer that might be freed. When using that memory, libcurl might even call a function pointer in the object, making it possible for a remote code execution if the server could somehow manage to get crafted memory content into the correct place in memory.

Dangling pointer

curl 7.7 through 7.76.1 suffers

CVE-2021-22898 3.1 - Low - June 11, 2021

curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol.

Missing Initialization of Resource

curl 7.61.0 through 7.76.1 suffers

CVE-2021-22897 5.3 - Medium - June 11, 2021

curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single "static" variable in the library, which has the surprising side-effect that if an application sets up multiple concurrent transfers, the last one that sets the ciphers will accidentally control the set used by all transfers. In a worst-case scenario, this weakens transport security significantly.

Exposure of Resource to Wrong Sphere

Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption

CVE-2021-33560 7.5 - High - June 08, 2021

Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. This, for example, affects use of ElGamal in OpenPGP.

Side Channel Attack

In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string

CVE-2021-29921 9.8 - Critical - May 06, 2021

In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This (in some situations) allows attackers to bypass access control that is based on IP addresses.

Improper Input Validation

In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages

CVE-2020-13949 7.5 - High - February 12, 2021

In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service.

Resource Exhaustion

In JetBrains Kotlin before 1.4.21, a vulnerable Java API was used for temporary file and folder creation

CVE-2020-29582 5.3 - Medium - February 03, 2021

In JetBrains Kotlin before 1.4.21, a vulnerable Java API was used for temporary file and folder creation. An attacker was able to read data from such files and list directories due to insecure permissions.

Incorrect Default Permissions

The MediaWiki "Report" extension has a Cross-Site Request Forgery (CSRF) vulnerability

CVE-2021-21275 4.3 - Medium - January 25, 2021

The MediaWiki "Report" extension has a Cross-Site Request Forgery (CSRF) vulnerability. Before fixed version, there was no protection against CSRF checks on Special:Report, so requests to report a revision could be forged. The problem has been fixed in commit f828dc6 by making use of MediaWiki edit tokens.

Session Riding

Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to

CVE-2020-8554 5 - Medium - January 21, 2021

Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status (which is considered a privileged operation and should not typically be granted to users) of a LoadBalancer service can set the status.loadBalancer.ingress.ip to similar effect.

AuthZ

An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66

CVE-2020-28052 8.1 - High - December 18, 2020

An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were different.

A temp directory creation vulnerability exists in all versions of Guava

CVE-2020-8908 3.3 - Low - December 10, 2020

A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the created directory is world-readable (readable by an attacker with access to the system). The method in question has been marked @Deprecated in versions 30.0 and later and should not be used. For Android developers, we recommend choosing a temporary directory API provided by Android, such as context.getCacheDir(). For other Java developers, we recommend migrating to the Java 7 API java.nio.file.Files.createTempDirectory() which explicitly configures permissions of 700, or configuring the Java runtime's java.io.tmpdir system property to point to a location whose permissions are appropriately configured.

Incorrect Permission Assignment for Critical Resource

In Apache Thrift all versions up to and including 0.12.0

CVE-2019-0205 7.5 - High - October 29, 2019

In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data. Because the issue had already been partially fixed in version 0.11.0, depending on the installed version it affects only certain language bindings.

Infinite Loop

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Oracle Communications Cloud Native Core Network Slice Selection Function or by Oracle? Click the Watch button to subscribe.

Oracle
Vendor

subscribe