📦 Communications Cloud Native Core Policy

This vulnerability allows remote attackers to execute arbitrary code on systems running vulnerable versions of Spring Cloud Function. Attackers can craft malicious SpEL expressions in routing function...

A netfilter flaw allows network-connected attackers to infer OpenVPN connection endpoint information by analyzing network traffic patterns. This affects Linux systems running OpenVPN with netfilter en...

CVE-2021-42392 is a critical remote code execution vulnerability in H2 Database where attackers can exploit JNDI injection through the database driver configuration. This allows unauthenticated attack...

CVE-2021-3520 is an integer overflow vulnerability in the LZ4 compression library that allows attackers to trigger out-of-bounds writes by submitting crafted files. This can lead to application crashe...

CVE-2022-25636 is a heap out-of-bounds write vulnerability in the Linux kernel's netfilter component that allows local users to escalate privileges to root. The vulnerability affects Linux kernel vers...

This Linux kernel vulnerability allows remote attackers to bypass UDP source port randomization by exploiting flaws in ICMP error processing. Attackers can scan open UDP ports more effectively, compro...

A use-after-free vulnerability in the Linux kernel's Bluetooth subsystem allows local attackers to crash the system or potentially escalate privileges through a race condition when connecting and disc...

This CVE describes a time-of-check-time-of-use (TOCTOU) vulnerability in Apache Tomcat that allows local attackers to escalate privileges. The vulnerability only affects systems where Tomcat is config...

A race condition vulnerability in the Linux kernel's Unix domain socket garbage collection allows local users to trigger a read-after-free memory flaw. This can lead to system crashes or privilege esc...

This vulnerability in protobuf-java allows attackers to craft malicious Protocol Buffer messages that cause excessive CPU consumption through parser inefficiencies. It affects any Java application usi...

This vulnerability in Oracle Outside In Technology allows unauthenticated attackers to cause denial of service by crashing or hanging the software via network requests. It affects any system using Ora...

CVE-2021-37136 is a denial-of-service vulnerability in Netty's Bzip2Decoder that allows attackers to trigger out-of-memory errors by sending specially crafted Bzip2 compressed data. The vulnerability ...

CVE-2021-23440 is a type confusion vulnerability in the set-value npm package that allows attackers to bypass previous security fixes (CVE-2019-10747) when user-provided keys in path parameters are ar...

CVE-2021-39150 is a deserialization vulnerability in XStream library that allows remote attackers to access internal resources by manipulating XML input streams. Only affects users who rely on XStream...

CVE-2021-39154 is a remote code execution vulnerability in XStream library that allows attackers to execute arbitrary code by manipulating XML input streams. Only users who haven't implemented XStream...

CVE-2021-39144 is a remote code execution vulnerability in XStream library versions before 1.4.18. Attackers with sufficient privileges can execute arbitrary commands on the host by manipulating XML i...

CVE-2021-39146 is a remote code execution vulnerability in XStream library that allows attackers to execute arbitrary code by manipulating XML input streams. Only users who haven't implemented XStream...

CVE-2021-39148 is a remote code execution vulnerability in XStream library that allows attackers to execute arbitrary code by manipulating XML input streams. Only users who haven't implemented XStream...

CVE-2021-39151 is a remote code execution vulnerability in XStream library versions before 1.4.18. Attackers can manipulate XML input to execute arbitrary code on affected systems. Only users who have...

CVE-2021-39139 is a remote code execution vulnerability in XStream library that allows attackers to execute arbitrary code by manipulating XML input streams. Users are affected if they use XStream out...

A local privilege escalation vulnerability in Linux kernel versions before 5.9-rc1 allows attackers with local access to crash systems or gain root privileges through improper bounds checking in joyst...

Spring Security OAuth 2.0 clients are vulnerable to denial-of-service attacks where attackers can exhaust system resources by repeatedly initiating authorization requests. This affects Spring Security...

This vulnerability allows a locally authenticated malicious user to escalate privileges in Spring Framework WebFlux applications by manipulating temporary storage directories. Attackers can read or mo...

This vulnerability in Eclipse Jetty allows denial-of-service attacks by causing 100% CPU usage when processing large invalid TLS frames. Attackers can exploit this to make affected servers unresponsiv...

This vulnerability in Apache Tomcat allows HTTP/2 cleartext (h2c) connections to leak request data between users. When processing h2c requests, Tomcat could duplicate headers and limited body content ...

This vulnerability in JetBrains Kotlin before version 1.4.21 uses an insecure Java API for temporary file creation, allowing attackers to read sensitive data from improperly secured temporary files an...