Communications cloud native core unified data repository
This hub aggregates every CVE we track for Communications cloud native core unified data repository, a product in the databases space. Use it to gauge the current risk picture and drill into individual advisories.
42
CVEs tracked
5
Critical
29
High
2
In CISA KEV
Severity distribution
HIGH29MEDIUM8CRITICAL5
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-082026-07
Latest CVEs
The 15 most recently published vulnerabilities affecting Communications cloud native core unified data repository.
- CVE-2022-25845Deserialization of Untrusted Data8.1
- CVE-2022-22965A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a W...KEV9.8
- CVE-2022-22963In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression...KEV9.8
- CVE-2020-36518jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.7.5
- CVE-2022-23308valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.7.5
- CVE-2022-23218The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which ma...9.8
- CVE-2022-23219The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which m...9.8
- CVE-2021-45105Apache Log4j2 does not always protect from infinite recursion in lookup evaluation5.9
- CVE-2021-43797HTTP fails to validate against control chars in header names which may lead to HTTP request smuggling6.5
- CVE-2021-43396In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, remote attackers can force iconv() to emit a spurious '\0' character via crafted ISO-2022-JP-3 data that is accompanied by an int...7.5
- CVE-2021-37136The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Dec...7.5
- CVE-2021-3712Read buffer overruns processing ASN.1 strings7.4
- CVE-2021-3711SM2 Decryption Buffer Overflow9.8
- CVE-2021-38604In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data, leading to a NULL pointer dereference. NOTE: this vulnerability w...7.5
- CVE-2021-34429For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security...5.3
Product normalization is registry-driven with AI assist and human review. How it works