Oracle communications cloud native core policy
This hub aggregates every CVE we track for Oracle communications cloud native core policy, a product in the communications space. Use it to gauge the current risk picture and drill into individual advisories.
10
CVEs tracked
2
Critical
2
High
0
In CISA KEV
Severity distribution
MEDIUM6HIGH2CRITICAL2
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 10 most recently published vulnerabilities affecting Oracle communications cloud native core policy.
- CVE-2021-34141An incomplete string comparison in the numpy.core component in NumPy before 1.22.0 allows attackers to trigger slightly incorrect copying by constructing specific string objects. NOTE: the vendor s...5.3
- CVE-2021-43797HTTP fails to validate against control chars in header names which may lead to HTTP request smuggling6.5
- CVE-2021-37136The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Dec...7.5
- CVE-2021-38153Timing Attack Vulnerability for Apache Kafka Connect and Clients5.9
- CVE-2021-31684A vulnerability was discovered in the indexOf function of JSONParserByteArray in JSON Smart versions 1.3 and 2.4 which causes a denial of service (DOS) via a crafted web request.7.5
- CVE-2021-27568An issue was discovered in netplex json-smart-v1 through 2015-10-23 and json-smart-v2 through 2.4. An exception is thrown from a function, but it is not caught, as demonstrated by NumberFormatExcep...5.9
- CVE-2020-29582In JetBrains Kotlin before 1.4.21, a vulnerable Java API was used for temporary file and folder creation. An attacker was able to read data from such files and list directories due to insecure perm...5.3
- CVE-2019-3799Directory Traversal with spring-cloud-config-server6.5
- CVE-2017-7658In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations), when presented with two content-lengths headers, Jetty ignored t...9.8
- CVE-2017-7657In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk...9.8
Product normalization is registry-driven with AI assist and human review. How it works