Vulnerabilities (CVE)

Filtered by vendor Oracle Subscribe

Filtered by product Communications Cloud Native Core Security Edge Protection Proxy

Total 24 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2021-25329	3 Apache, Debian, Oracle	12 Tomcat, Debian Linux, Agile Plm and 9 more	2024-02-04	4.4 MEDIUM	7.0 HIGH
The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the previously published prerequisites for CVE-2020-9484 and the previously published mitigations for CVE-2020-9484 also apply to this issue.
CVE-2021-3326	5 Debian, Fujitsu, Gnu and 2 more	17 Debian Linux, M10-1, M10-1 Firmware and 14 more	2024-02-04	5.0 MEDIUM	7.5 HIGH
The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.
CVE-2019-17195	3 Apache, Connect2id, Oracle	15 Hadoop, Nimbus Jose\+jwt, Communications Cloud Native Core Security Edge Protection Proxy and 12 more	2024-02-04	6.8 MEDIUM	9.8 CRITICAL
Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential authentication bypass.
CVE-2019-10219	3 Netapp, Oracle, Redhat	195 Active Iq Unified Manager, Element, Management Services For Element Software And Netapp Hci and 192 more	2024-02-04	4.3 MEDIUM	6.1 MEDIUM
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.