Communications cloud native core network exposure function

This hub aggregates every CVE we track for Communications cloud native core network exposure function, a product in the communications space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Communications cloud native core network exposure function.

• CVE-2023-31582jose4j before v0.9.3 allows attackers to set a low iteration count of 1000 or less.7.5Oct 24, 2023
• CVE-2023-23931Cipher.update_into can corrupt memory in pyca cryptography4.8Feb 7, 2023
• CVE-2022-22965A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a W...KEV9.8Apr 1, 2022
• CVE-2022-22963In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression...KEV9.8Apr 1, 2022
• CVE-2022-1154Use after free in utf_ptr2char in vim/vim7.8Mar 30, 2022
• CVE-2022-0322A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to ...5.5Mar 25, 2022
• CVE-2021-4203A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker w...6.8Mar 25, 2022
• CVE-2022-0002Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.6.5Mar 11, 2022
• CVE-2022-0001Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.6.5Mar 11, 2022
• CVE-2021-3744A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption). Thi...5.5Mar 4, 2022
• CVE-2021-3743An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel. A missing sanity check allows a local attacker to gain access to out-of-bounds memory, lea...7.1Mar 4, 2022
• CVE-2021-3737A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infin...7.5Mar 4, 2022
• CVE-2021-4002A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of s...4.4Mar 3, 2022
• CVE-2022-22947In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote a...KEV10.0Mar 3, 2022
• CVE-2021-3772A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used...6.5Mar 2, 2022