Lucene search

K

Netapp Security Vulnerabilities

cve
cve

CVE-2020-15778

scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a...

7.8CVSS

7.8AI Score

0.004EPSS

2020-07-24 02:15 PM
23973
76
cve
cve

CVE-2019-18683

An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during...

7CVSS

7.7AI Score

0.0004EPSS

2019-11-04 04:15 PM
180
2
cve
cve

CVE-2021-22543

An issue was discovered in Linux: KVM through Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allows users with the ability to start and control a VM to read/write random pages of memory and...

7.8CVSS

7.7AI Score

0.0004EPSS

2021-05-26 11:15 AM
455
18
cve
cve

CVE-2024-21983

StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8 are susceptible to a Denial of Service (DoS) vulnerability. Successful exploit by an authenticated attacker could lead to an out of memory condition or node...

6.5CVSS

6.3AI Score

0.0004EPSS

2024-02-16 11:15 PM
11
cve
cve

CVE-2024-21988

StorageGRID (formerly StorageGRID Webscale) versions prior to 11.7.0.9 and 11.8.0.5 are susceptible to disclosure of sensitive information via complex MiTM attacks due to a vulnerability in the SSH cryptographic...

5.3CVSS

5.2AI Score

0.0004EPSS

2024-06-14 10:15 PM
14
cve
cve

CVE-2022-1055

A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past commit...

7.8CVSS

7.5AI Score

0.0004EPSS

2022-03-29 03:15 PM
223
5
cve
cve

CVE-2024-21990

ONTAP Select Deploy administration utility versions 9.12.1.x, 9.13.1.x and 9.14.1.x contain hard-coded credentials that could allow an attacker to view Deploy configuration information and modify the account...

5.4CVSS

6.5AI Score

0.0004EPSS

2024-04-17 08:15 PM
27
cve
cve

CVE-2021-35591

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks.....

4.9CVSS

4.9AI Score

0.001EPSS

2021-10-20 11:17 AM
81
cve
cve

CVE-2016-20012

OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent only when that combination could be valid for a login session. NOTE:....

5.3CVSS

5.4AI Score

0.006EPSS

2021-09-15 08:15 PM
4737
4
cve
cve

CVE-2021-3520

There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash. The greatest impact of this flaw is to...

9.8CVSS

9.3AI Score

0.001EPSS

2021-06-02 01:15 PM
499
12
cve
cve

CVE-2021-38160

In drivers/char/virtio_console.c in the Linux kernel before 5.13.4, data corruption or loss can be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size. NOTE: the vendor indicates that the cited data corruption is not a vulnerability in any existing use case;...

7.8CVSS

7.8AI Score

0.0004EPSS

2021-08-07 04:15 AM
293
9
cve
cve

CVE-2023-4813

A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue....

5.9CVSS

6.6AI Score

0.001EPSS

2023-09-12 10:15 PM
460
cve
cve

CVE-2023-41993

The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS...

9.8CVSS

8.8AI Score

0.003EPSS

2023-09-21 07:15 PM
370
In Wild
cve
cve

CVE-2022-0897

A flaw was found in the libvirt nwfilter driver. The virNWFilterObjListNumOfNWFilters method failed to acquire the driver->nwfilters mutex before iterating over virNWFilterObj instances. There was no protection to stop another thread from concurrently modifying the driver->nwfilters object. T...

4.3CVSS

4.4AI Score

0.001EPSS

2022-03-25 07:15 PM
106
7
cve
cve

CVE-2022-22976

Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and earlier unsupported versions contain an integer overflow vulnerability. When using the BCrypt class with the maximum work factor (31), the encoder does not perform any salt rounds, due to an integer overflow error. The...

5.3CVSS

5.5AI Score

0.002EPSS

2022-05-19 03:15 PM
131
6
cve
cve

CVE-2021-37600

An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system resources in a way that leads to a large number in the /proc/sysvipc/sem file. NOTE: this is unexploitable in GNU C Library environments, and possibly in all realistic...

5.5CVSS

5.8AI Score

0.001EPSS

2021-07-30 02:15 PM
181
4
cve
cve

CVE-2021-45346

A Memory Leak vulnerability exists in SQLite Project SQLite3 3.35.1 and 3.37.0 via maliciously crafted SQL Queries (made via editing the Database File), it is possible to query a record, and leak subsequent bytes of memory that extend beyond the record, which could let a malicious user obtain...

4.3CVSS

5.1AI Score

0.002EPSS

2022-02-14 07:15 PM
103
2
cve
cve

CVE-2024-27316

HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory...

7.5CVSS

7.4AI Score

0.005EPSS

2024-04-04 08:15 PM
1524
cve
cve

CVE-2021-43616

The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an installation even if dependency information in package-lock.json differs from package.json. This behavior is inconsistent with the documentation, and makes it easier for attackers to install malware that was supposed to have been....

9.8CVSS

9.3AI Score

0.015EPSS

2021-11-13 06:15 PM
127
2
cve
cve

CVE-2024-20975

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

6.5CVSS

6.1AI Score

0.0004EPSS

2024-01-16 10:15 PM
20
cve
cve

CVE-2023-4273

A flaw was found in the exFAT driver of the Linux kernel. The vulnerability exists in the implementation of the file name reconstruction function, which is responsible for reading file name entries from a directory index and merging file name parts belonging to one file into a single long file...

6.7CVSS

6.6AI Score

0.0004EPSS

2023-08-09 03:15 PM
196
cve
cve

CVE-2023-4004

A use-after-free flaw was found in the Linux kernel's netfilter in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_EXT_KEY_END. This issue could allow a local user to crash the system or potentially escalate their privileges on the...

7.8CVSS

7.6AI Score

0.001EPSS

2023-07-31 05:15 PM
331
cve
cve

CVE-2019-3900

An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could use this flaw to...

7.7CVSS

8.4AI Score

0.001EPSS

2019-04-25 03:29 PM
375
2
cve
cve

CVE-2022-37967

Windows Kerberos Elevation of Privilege...

7.2CVSS

7.4AI Score

0.067EPSS

2022-11-09 10:15 PM
213
7
cve
cve

CVE-2021-38201

net/sunrpc/xdr.c in the Linux kernel before 5.13.4 allows remote attackers to cause a denial of service (xdr_set_page_base slab-out-of-bounds access) by performing many NFS 4.2 READ_PLUS...

7.5CVSS

6.8AI Score

0.004EPSS

2021-08-08 08:15 PM
178
8
cve
cve

CVE-2022-38023

Netlogon RPC Elevation of Privilege...

8.1CVSS

8.1AI Score

0.019EPSS

2022-11-09 10:15 PM
451
4
cve
cve

CVE-2022-37966

Windows Kerberos RC4-HMAC Elevation of Privilege...

8.1CVSS

8AI Score

0.029EPSS

2022-11-09 10:15 PM
157
6
cve
cve

CVE-2023-4527

A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address...

6.5CVSS

6.8AI Score

0.001EPSS

2023-09-18 05:15 PM
534
cve
cve

CVE-2023-2598

A flaw was found in the fixed buffer registration code for io_uring (io_sqe_buffer_register in io_uring/rsrc.c) in the Linux kernel that allows out-of-bounds access to physical memory beyond the end of the buffer. This flaw enables full local privilege...

7.8CVSS

7.2AI Score

0.0004EPSS

2023-06-01 01:15 AM
60
cve
cve

CVE-2023-5178

A use-after-free vulnerability was found in drivers/nvme/target/tcp.cinnvmet_tcp_free_crypto` due to a logical bug in the NVMe/TCP subsystem in the Linux kernel. This issue may allow a malicious user to cause a use-after-free and double-free problem, which may permit remote code execution or lead.....

9.8CVSS

9.4AI Score

0.025EPSS

2023-11-01 05:15 PM
246
cve
cve

CVE-2019-17069

PuTTY before 0.73 might allow remote SSH-1 servers to cause a denial of service by accessing freed memory locations via an SSH1_MSG_DISCONNECT...

7.5CVSS

7.2AI Score

0.007EPSS

2019-10-01 05:15 PM
218
cve
cve

CVE-2020-14002

PuTTY 0.68 through 0.73 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the...

5.9CVSS

5.5AI Score

0.003EPSS

2020-06-29 06:15 PM
111
3
cve
cve

CVE-2024-0567

A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of....

7.5CVSS

7.2AI Score

0.001EPSS

2024-01-16 02:15 PM
109
cve
cve

CVE-2024-21989

ONTAP Select Deploy administration utility versions 9.12.1.x, 9.13.1.x and 9.14.1.x are susceptible to a vulnerability which when successfully exploited could allow a read-only user to escalate their ...

8.1CVSS

7AI Score

0.0004EPSS

2024-04-17 08:15 PM
27
cve
cve

CVE-2023-39325

A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new....

7.5CVSS

7.6AI Score

0.002EPSS

2023-10-11 10:15 PM
2842
cve
cve

CVE-2020-36182

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to...

8.1CVSS

7.7AI Score

0.003EPSS

2021-01-07 12:15 AM
221
6
cve
cve

CVE-2020-36179

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to...

8.1CVSS

7.7AI Score

0.004EPSS

2021-01-07 12:15 AM
222
16
cve
cve

CVE-2020-36184

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to...

8.1CVSS

7.7AI Score

0.003EPSS

2021-01-06 11:15 PM
212
6
cve
cve

CVE-2024-0565

An out-of-bounds memory read flaw was found in receive_encrypted_standard in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux Kernel. This issue occurs due to integer underflow on the memcpy length, leading to a denial of...

7.4CVSS

7.2AI Score

0.0004EPSS

2024-01-15 08:15 PM
204
cve
cve

CVE-2020-36180

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to...

8.1CVSS

7.7AI Score

0.003EPSS

2021-01-07 12:15 AM
224
12
cve
cve

CVE-2020-11111

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and...

8.8CVSS

8.3AI Score

0.008EPSS

2020-03-31 05:15 AM
160
4
cve
cve

CVE-2023-40745

LibTIFF is vulnerable to an integer overflow. This flaw allows remote attackers to cause a denial of service (application crash) or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer...

6.5CVSS

7AI Score

0.001EPSS

2023-10-05 07:15 PM
120
cve
cve

CVE-2020-10968

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka...

8.8CVSS

8.3AI Score

0.008EPSS

2020-03-26 01:15 PM
164
3
cve
cve

CVE-2020-10672

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka...

8.8CVSS

8.3AI Score

0.011EPSS

2020-03-18 10:15 PM
175
3
cve
cve

CVE-2020-11112

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka...

8.8CVSS

8.3AI Score

0.008EPSS

2020-03-31 05:15 AM
139
4
cve
cve

CVE-2020-10969

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to...

8.8CVSS

8.3AI Score

0.008EPSS

2020-03-26 01:15 PM
164
3
cve
cve

CVE-2020-10673

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka...

8.8CVSS

8.3AI Score

0.011EPSS

2020-03-18 10:15 PM
222
3
cve
cve

CVE-2020-11113

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka...

8.8CVSS

8.3AI Score

0.008EPSS

2020-03-31 05:15 AM
220
3
cve
cve

CVE-2020-8284

A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service...

3.7CVSS

6AI Score

0.001EPSS

2020-12-14 08:15 PM
263
14
cve
cve

CVE-2022-27779

libcurl wrongly allows cookies to be set for Top Level Domains (TLDs) if thehost name is provided with a trailing dot.curl can be told to receive and send cookies. curl's "cookie engine" can bebuilt with or without Public Suffix Listawareness. If PSL support not provided, a more rudimentary check.....

5.3CVSS

6.1AI Score

0.001EPSS

2022-06-02 02:15 PM
154
6
Total number of security vulnerabilities2296