Skip to main content

Communications Cloud Native Core Network Exposure Function

19 CVEs product

Monthly

CVE-2022-22965 Maven CRITICAL POC KEV PATCH THREAT Act Now

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java RCE Code Injection Tomcat Spring Framework +37
NVD
CVSS 3.1
9.8
EPSS
99.7%
CVE-2022-22963 Maven CRITICAL POC KEV PATCH THREAT Act Now

In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java RCE Code Injection Spring Cloud Function Banking Branch +26
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
99.9%
CVE-2022-1154 HIGH POC PATCH This Week

Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8.2.4646. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Memory Corruption Use After Free Vim Fedora +2
NVD GitHub
CVSS 3.1
7.8
EPSS
1.5%
CVE-2022-0322 MEDIUM PATCH This Month

A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel Fedora Communications Cloud Native Core Binding Support Function +2
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-0002 MEDIUM PATCH This Month

Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Communications Cloud Native Core Binding Support Function Communications Cloud Native Core Policy Intel Atom X5 E3930 Atom X5 E3940 +501
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-0001 MEDIUM PATCH This Month

Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Intel Information Disclosure Atom P5921B Atom P5931B Atom P5942B +455
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-22947 Maven CRITICAL POC KEV PATCH THREAT Act Now

In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java RCE Code Injection Spring Cloud Gateway Commerce Guided Search +8
NVD Exploit-DB
CVSS 3.1
10.0
EPSS
98.3%
CVE-2022-25636 HIGH POC PATCH This Week

net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 allows local users to gain privileges because of a heap out-of-bounds write. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Linux Buffer Overflow Linux Kernel Debian Linux +11
NVD GitHub
CVSS 3.1
7.8
EPSS
2.6%
CVE-2021-45486 LOW PATCH Monitor

In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak because the hash table is very small. Rated low severity (CVSS 3.5), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel Communications Cloud Native Core Binding Support Function Communications Cloud Native Core Network Exposure Function +1
NVD
CVSS 3.1
3.5
EPSS
0.4%
CVE-2021-45485 HIGH PATCH This Week

In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Linux Information Disclosure Linux Kernel E Series Santricity Os Controller Solidfire Enterprise Sds Hci Storage Node +23
NVD
CVSS 3.1
7.5
EPSS
3.6%
CVE-2021-43818 PyPI HIGH PATCH This Week

lxml is a library for processing XML and HTML in the Python language. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Information Disclosure Lxml Fedora Debian Linux +8
NVD GitHub
CVSS 3.1
7.1
EPSS
2.5%
CVE-2021-43976 MEDIUM PATCH This Month

In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device) to cause a denial of service. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity.

Linux Denial Of Service Linux Kernel Fedora Debian Linux +12
NVD
CVSS 3.1
4.6
EPSS
0.6%
CVE-2021-43389 MEDIUM POC PATCH This Month

An issue was discovered in the Linux kernel before 5.14.15. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Linux Information Disclosure Linux Kernel Enterprise Linux +4
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2021-42739 MEDIUM PATCH This Month

The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandles. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Linux Memory Corruption Linux Kernel Fedora +6
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2021-21781 LOW POC PATCH Monitor

An information disclosure vulnerability exists in the ARM SIGPAGE functionality of Linux Kernel v5.4.66 and v5.4.54. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available.

Linux Information Disclosure Linux Kernel Communications Cloud Native Core Binding Support Function Communications Cloud Native Core Network Exposure Function +1
NVD
CVSS 3.1
3.3
EPSS
0.5%
CVE-2021-37159 MEDIUM PATCH This Month

hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel through 5.13.4 calls unregister_netdev without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required.

Linux Information Disclosure Linux Kernel Debian Linux Communications Cloud Native Core Binding Support Function +2
NVD
CVSS 3.1
6.4
EPSS
0.4%
CVE-2021-3612 HIGH PATCH This Week

An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Linux Denial Of Service Linux Kernel Enterprise Linux Fedora +14
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2020-4788 MEDIUM PATCH This Month

IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. Rated medium severity (CVSS 4.7).

IBM Information Disclosure Vios Aix Fedora +3
NVD
CVSS 3.1
4.7
EPSS
0.4%
CVE-2020-0404 MEDIUM This Month

In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android Communications Cloud Native Core Binding Support Function Communications Cloud Native Core Network Exposure Function +1
NVD
CVSS 3.1
5.5
EPSS
0.2%
EPSS 100% CVSS 9.8
CRITICAL POC KEV PATCH THREAT Act Now

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java RCE Code Injection +39
NVD
EPSS 100% CVSS 9.8
CRITICAL POC KEV PATCH THREAT Act Now

In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java RCE Code Injection +28
NVD Exploit-DB
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8.2.4646. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Memory Corruption Use After Free +4
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel +4
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Communications Cloud Native Core Binding Support Function Communications Cloud Native Core Policy Intel +503
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Intel Information Disclosure Atom P5921B +457
NVD
EPSS 98% CVSS 10.0
CRITICAL POC KEV PATCH THREAT Act Now

In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java RCE Code Injection +10
NVD Exploit-DB
EPSS 3% CVSS 7.8
HIGH POC PATCH This Week

net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 allows local users to gain privileges because of a heap out-of-bounds write. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Linux Buffer Overflow +13
NVD GitHub
EPSS 0% CVSS 3.5
LOW PATCH Monitor

In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak because the hash table is very small. Rated low severity (CVSS 3.5), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel +3
NVD
EPSS 4% CVSS 7.5
HIGH PATCH This Week

In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Linux Information Disclosure Linux Kernel +25
NVD
EPSS 2% CVSS 7.1
HIGH PATCH This Week

lxml is a library for processing XML and HTML in the Python language. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Information Disclosure Lxml +10
NVD GitHub
EPSS 1% CVSS 4.6
MEDIUM PATCH This Month

In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device) to cause a denial of service. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity.

Linux Denial Of Service Linux Kernel +14
NVD
EPSS 1% CVSS 5.5
MEDIUM POC PATCH This Month

An issue was discovered in the Linux kernel before 5.14.15. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Linux Information Disclosure +6
NVD
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandles. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Linux Memory Corruption +8
NVD
EPSS 1% CVSS 3.3
LOW POC PATCH Monitor

An information disclosure vulnerability exists in the ARM SIGPAGE functionality of Linux Kernel v5.4.66 and v5.4.54. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available.

Linux Information Disclosure Linux Kernel +3
NVD
EPSS 0% CVSS 6.4
MEDIUM PATCH This Month

hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel through 5.13.4 calls unregister_netdev without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required.

Linux Information Disclosure Linux Kernel +4
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Linux Denial Of Service Linux Kernel +16
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. Rated medium severity (CVSS 4.7).

IBM Information Disclosure Vios +5
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android +3
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy