Lucene search
K
NetappActive Iq Unified Manager

848 matches found

CVE
CVE
added 2020/07/24 12:0 a.m.30701 views

CVE-2020-15778

The CVE-2020-15778 entry covers a command-injection flaw in scp within OpenSSH up to version 8.3p1. The vulnerability resides in scp.c toremote, enabling arbitrary command execution when a destination argument contains backtick characters; the vendor notes they intentionally forgo validating anom...

7.8CVSS7.8AI score0.12996EPSS
CVE
CVE
added 2021/09/26 12:0 a.m.17242 views

CVE-2021-41617

CVE-2021-41617 affects OpenSSH sshd (versions 6.2–8.x prior to 8.8) where certain non-default configurations allow local privilege escalation because supplemental groups are not initialized as expected when AuthorizedKeysCommand/AuthorizedPrincipalsCommand run under a different user. This can cau...

7CVSS7.5AI score0.02367EPSS
CVE
CVE
added 2020/06/29 5:33 p.m.16498 views

CVE-2020-14145

The CVE-2020-14145 entry concerns the OpenSSH client, with versions 5.7–8.4 (and notes that 8.5/8.6 may also be affected) exhibiting an observable discrepancy in the algorithm negotiation that leads to information leakage. The impact is a potential man-in-the-middle attack during initial connecti...

5.9CVSS5.6AI score0.02057EPSS
CVE
CVE
added 2024/02/14 12:0 a.m.11336 views

CVE-2023-50868

CVE-2023-50868 is a DNSSEC-related denial of service issue (NSEC3 Closest Encloser proof) that can cause CPU exhaustion. The connected documents confirm impact on DNS implementations such as Unbound and BIND/BIND9 and describe the root cause as processors performing thousands of hash iterations f...

7.5CVSS7.6AI score0.81729EPSS
CVE
CVE
added 2017/10/26 12:0 a.m.10776 views

CVE-2017-15906

OpenSSH OpenSSH sftp-server.c contains a write-blocking flaw in readonly mode that can let an attacker create zero-length files. Specifically, the process_open function in sftp-server.c mishandles write operations when in read-only mode, affecting OpenSSH versions prior to 7.6. The vulnerability ...

5.3CVSS5.5AI score0.03359EPSS
CVE
CVE
added 2024/02/26 12:0 a.m.8477 views

CVE-2024-26462

CVE-2024-26462 affects krb5 1.21.2 and is a memory-leak vulnerability in /krb5/src/kdc/ndr.c. The issue can cause memory exhaustion and potential denial of service; exploitation status is not provided in the documents, but related advisories/patches indicate upgrading to 1.21.3 or newer to mitiga...

5.5CVSS9.1AI score0.00437EPSS
CVE
CVE
added 2024/03/10 12:0 a.m.8333 views

CVE-2024-28757

The CVE-2024-28757 entry concerns libexpat up to version 2.6.1, where XML External Entity (XXE) processing can be triggered when isolated external parsers are used (XML_ExternalEntityParserCreate). The impact is denial of service or resource exhaustion (availability impact: HIGH) with CVSS v3.1 b...

7.5CVSS7.4AI score0.02006EPSS
CVE
CVE
added 2024/07/01 12:37 p.m.7751 views

CVE-2024-6387

CVE-2024-6387 is a remote code-execution vulnerability in OpenSSH’s server (sshd) caused by a race condition in a signal handler that may run after a client fails to authenticate within LoginGraceTime. The issue is exploitable by an unauthenticated, remote attacker on glibc-based Linux systems, p...

8.1CVSS8.5AI score0.99506EPSS
In wild
CVE
CVE
added 2020/04/29 12:0 a.m.7237 views

CVE-2020-11023

The connected Astra Linux bulletin confirms CVE-2020-11023: in jQuery versions >= 1.0.3 and < 3.5.0, passing HTML containing elements from untrusted sources to DOM manipulation methods (e.g., .html(), .append()) may lead to untrusted code execution. Patch released in jQuery 3.5.0. Remediat...

6.9CVSS7.2AI score0.8383EPSS
In wild
CVE
CVE
added 2021/12/10 12:0 a.m.6840 views

CVE-2021-44228

CVE-2021-44228 (Log4Shell) affects Apache Log4j2 2.0-beta9 through 2.15.0 (excluding some security releases) and is specific to log4j-core. The vulnerability arises from JNDI features used in configuration, log messages, and parameters, which can be exploited when an attacker can control log mess...

10CVSS10AI score0.99999EPSS
In wildWeb
CVE
CVE
added 2024/02/26 12:0 a.m.6822 views

CVE-2024-26458

CVE-2024-26458 is documented in IBM Security Bulletins as affecting IBM Application Gateway (versions 23.10–25.09) with Kerberos 5 (krb5) 1.21.2 memory leak in /krb5/src/lib/rpc/pmap_rmt.c. IBM lists remediation: update to fixed IBM Application Gateway release and container image. Upgrading via d...

5.3CVSS9.1AI score0.00815EPSS
CVE
CVE
added 2024/05/06 7:22 p.m.6399 views

CVE-2024-33600

CVE-2024-33600 is an in-nscd (Name Service Cache Daemon) null pointer dereference caused by a failure to cache a not-found netgroup response. It affects the nscd binary and was introduced with glibc’s cache feature (glbic 2.15+). Exploitation depends on remote input, but the provided sources do n...

5.9CVSS7AI score0.01216EPSS
CVE
CVE
added 2024/09/19 12:18 a.m.6262 views

CVE-2024-7254

CVE-2024-7254 describes a stack overflow DoS in parsers when handling untrusted Protocol Buffers data with deeply nested SGROUP/group structures. The root cause is unbounded recursion when parsing unknown fields (DiscardUnknownFieldsParser) or Java Protobuf Lite against nested groups or map field...

8.7CVSS6.8AI score0.02772EPSS
CVE
CVE
added 2021/01/26 12:0 a.m.4727 views

CVE-2021-3156

CVE-2021-3156 is a heap-based buffer overflow in sudo that enables privilege escalation to root. The issue arises in the argument parsing path and is exploitable via commands using sudoedit -s with a trailing backslash, leading to memory corruption. Affected release information in the provided do...

7.8CVSS8.3AI score0.99295EPSS
In wild
CVE
CVE
added 2024/02/26 12:0 a.m.4076 views

CVE-2024-26461

CVE-2024-26461 affects Kerberos 5 (krb5) 1.21.2, with a memory leak in /krb5/src/lib/gssapi/krb5/k5sealv3.c. Several advisories (e.g., AlmaLinux ALSA-2024:3268, Astra Linux bulletin, CBLMARINER entries) confirm the issue and indicate a patched version: krb5 1.21.3-1 (or newer). The connected docu...

7.5CVSS9.1AI score0.01128EPSS
CVE
CVE
added 2025/02/18 6:27 p.m.3730 views

CVE-2025-26465

The CVE-2025-26465 issue affects OpenSSH when VerifyHostKeyDNS is enabled. A remote attacker could perform a MITM impersonation by abusing error-code handling during host-key verification, with success contingent on exhausting the client’s memory resources. Affected context is OpenSSH implementat...

6.8CVSS6.7AI score0.06997EPSS
CVE
CVE
added 2022/03/25 12:0 a.m.3259 views

CVE-2018-25032

CVE-2018-25032 affects zlib prior to 1.2.12 and causes memory corruption during deflate when the input contains many distant matches. The linked Astra Linux advisory reiterates the zlib memory corruption in zlib before 1.2.12, and multiple Mariner/CBL advisories show affected packages (e.g., teck...

7.5CVSS8.1AI score0.51733EPSS
CVE
CVE
added 2022/04/13 12:0 a.m.2933 views

CVE-2015-20107

The CVE-2015-20107 issue affects CPython’s mailcap module through Python 3.10.8 (and back-ported fixes to 3.7–3.9). Root cause: mailcap.findmatch does not escape system-mailcap commands, enabling shell-command injection when untrusted input is used (e.g., via unvalidated filenames/arguments). Doc...

8CVSS7.8AI score0.07017EPSS
CVE
CVE
added 2023/07/18 8:18 p.m.2914 views

CVE-2023-22045

CVE-2023-22045 affects Oracle Java SE (Hotspot) and Oracle GraalVM variants (Enterprise Edition and JDK). Affected versions include Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; GraalVM Enterprise: 20.3.10, 21.3.6, 22.3.2; GraalVM for JDK: 17.0.7, 20.0.1. The vulnerability is diffic...

3.7CVSS4.4AI score0.01164EPSS
CVE
CVE
added 2021/04/29 12:55 a.m.2608 views

CVE-2021-25216

CVE-2021-25216 affects BIND: in 64-bit builds it can trigger a buffer over-read, and in 32-bit builds a buffer overflow with potential remote code execution, when GSS-TSIG is enabled. The ISC SPNEGO implementation is being removed from the April releases of BIND 9.11 and 9.16 (and 9.17 already dr...

9.8CVSS8.1AI score0.82367EPSS
CVE
CVE
added 2020/07/13 12:0 a.m.2548 views

CVE-2019-20907

CVE-2019-20907 affects Python’s tarfile handling (Lib/tarfile.py) up to Python 3.8.3. A crafted TAR archive can trigger an infinite loop when opened via tarfile.open because _proc_pax lacks header validation. Connected advisories confirm the issue is treated as a tarfile DoS, with patches release...

7.5CVSS7.6AI score0.06304EPSS
CVE
CVE
added 2024/04/17 5:27 p.m.2469 views

CVE-2024-2961

CVE-2024-2961 affects the GNU C Library (glibc) versions 2.39 and older. The iconv() implementation may overflow the output buffer by up to 4 bytes when converting strings to ISO-2022-CN-EXT, potentially crashing the application or overwriting adjacent memory. Publicly documented in glibc advisor...

7.3CVSS8.4AI score0.8833EPSS
In wild
CVE
CVE
added 2021/01/19 12:0 a.m.2044 views

CVE-2021-3177

CVE-2021-3177: A buffer overflow in PyCArg_repr of Python’s ctypes (_ctypes/callproc.c) may allow remote code execution when untrusted floating-point input is passed (e.g., 1e300 to c_double.from_param) due to unsafe use of sprintf. Affected: Python 3.x up to 3.9.1. Remediation exists in multiple...

9.8CVSS9.3AI score0.23293EPSS
CVE
CVE
added 2018/08/22 1:0 p.m.1788 views

CVE-2018-11776

The CVE-2018-11776 issue affects Apache Struts 2.x versions 2.3–2.3.34 and 2.5–2.5.16. The underlying condition is when alwaysSelectFullNamespace is true and a result or url tag lacks a namespace/value, and the upper namespace/action configuration also has no or a wildcard namespace, allowing rem...

9.3CVSS8.4AI score0.99993EPSS
In wild
CVE
CVE
added 2017/10/03 3:0 p.m.1602 views

CVE-2017-12617

CVE-2017-12617 concerns Apache Tomcat JSP upload via HTTP PUT when readonly=false and PUTs are allowed. Affected: Tomcat 7.x/8.x/9.x (various 7.0.0–7.0.81, 8.0.0.RC1–8.0.46, 8.5.0–8.5.22, 9.0.0.M1–9.0.0) with PUT enabled. Root cause: PUT request handling allowed uploading a JSP, enabling remote c...

8.1CVSS7.5AI score0.99988EPSS
In wild
CVE
CVE
added 2019/07/17 12:32 p.m.1571 views

CVE-2019-13272

CVE-2019-13272 affects the Linux kernel ptrace code (kernel/ptrace.c), where credentials recording during ptrace relationship establishment can fail, enabling a local attacker to obtain root privileges under certain parent/child lifecycle scenarios and potentially cause a panic. Public advisories...

7.8CVSS7.7AI score0.52199EPSS
In wild
CVE
CVE
added 2023/09/12 2:24 p.m.1570 views

CVE-2023-4863

CVE-2023-4863 describes a heap buffer overflow in libwebp used by Google Chrome prior to 116.0.5845.187 and in libwebp 1.3.2. A remote attacker can cause an out-of-bounds memory write by presenting a crafted HTML page. The vulnerability is exploitable over the network and requires user interactio...

8.8CVSS8.5AI score0.99735EPSS
In wild
CVE
CVE
added 2022/07/19 12:0 a.m.1365 views

CVE-2022-21540

CVE-2022-21540 applies to Oracle Java SE (Hotspot) and Oracle GraalVM Enterprise Edition; affected versions include Oracle Java SE 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1 and GraalVM EE 20.3.6, 21.3.2, 22.1.0. The connected documents provide concrete details: the vulnerability can be exploite...

5.3CVSS5AI score0.0296EPSS
CVE
CVE
added 2022/07/19 12:0 a.m.1362 views

CVE-2022-21541

CVE-2022-21541 affects Oracle Java SE (Hotspot) and Oracle GraalVM Enterprise Edition. Affected Java SE versions include 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; GraalVM EE: 20.3.6, 21.3.2, 22.1.0. The vulnerability is described as difficult to exploit but allows an unauthenticated networked ...

5.9CVSS5.8AI score0.02062EPSS
CVE
CVE
added 2022/04/19 8:37 p.m.1286 views

CVE-2022-21449

CVE-2022-21449 affects Oracle Java SE Libraries (Oracle Java SE 17.0.2, 18) and GraalVM Enterprise Edition (21.3.1, 22.0.0.2). It enables unauthenticated, network‑accessible attackers to compromise data integrity — potentially unauthorized creation, deletion or modification of data in affected Or...

7.5CVSS6.9AI score0.48235EPSS
CVE
CVE
added 2023/04/18 12:0 a.m.1279 views

CVE-2023-27043

CVE-2023-27043 : The Python email module (email/_parseaddr.py) misparses e-mail addresses with a special character, causing the addr-spec to be taken from the wrong RFC2822 header field. This can allow bypassing domain-based signup protections (e.g., restricting to @company.example.com). The Astr...

5.3CVSS5.8AI score0.02527EPSS
CVE
CVE
added 2022/05/03 3:15 p.m.1277 views

CVE-2022-1292

CVE-2022-1292 describes a command-injection risk in the OpenSSL c_rehash script due to improper sanitization of shell metacharacters. The issue can allow local attackers to run arbitrary commands with the script’s privileges on systems where c_rehash runs automatically. Fixes are published in Ope...

10CVSS9AI score0.83223EPSS
CVE
CVE
added 2023/02/17 12:0 a.m.1272 views

CVE-2023-24329

The CVE-2023-24329 issue is in Python's urllib.parse (before 3.11.4) where URLs starting with blank characters bypass blocklists. In practice, this can undermine domain/protocol filtering and potentially enable SSRF or related impacts as described. Affected versions include Python releases prior ...

7.5CVSS7.8AI score0.20459EPSS
CVE
CVE
added 2022/08/05 12:0 a.m.1223 views

CVE-2022-37434

CVE-2022-37434 describes a heap-based buffer over-read/overflow in zlib’s inflate() (inflate.c) when handling a large gzip header extra field. The vulnerability is limited to code paths that call inflateGetHeader, and is fixed in subsequent zlib revisions. Connected advisories indicate affected e...

9.8CVSS9.9AI score0.1593EPSS
CVE
CVE
added 2020/12/08 3:30 p.m.1192 views

CVE-2020-1971

CVE-2020-1971 is described across multiple connected sources as a NULL-dereference in OpenSSL’s GENERAL_NAME_cmp when EDIPARTYNAME is present, potentially enabling a denial-of-service crash. Affected OpenSSL versions include all 1.1.1 and 1.0.2 lines; fixes are published in OpenSSL 1.1.1i and Ope...

5.9CVSS5.7AI score0.06968EPSS
CVE
CVE
added 2020/02/04 2:5 p.m.1171 views

CVE-2019-9674

The CVE-2019-9674 entry affects Python’s Lib/zipfile.py up to Python 3.7.2. It enables remote attackers to cause a denial of service via a ZIP bomb, triggering resource consumption. The vulnerability originates from how zip files are processed in lib/zipfile.py, leading to potential exhaustion of...

7.5CVSS7.1AI score0.05535EPSS
CVE
CVE
added 2017/05/23 3:56 a.m.1147 views

CVE-2016-9843

CVE-2016-9843 concerns zlib 1.2.8 and its crc32_big implementation (big-endian CRC calculation). Connected docs show affected packages: FLTK builds for zlib before 1.3.8-1 in CBLMariner, and Cloud Foundry/ALAS advisories link multiple zlib-related CVEs with remediation guidance. The FLTK note sta...

9.8CVSS9.9AI score0.0595EPSS
CVE
CVE
added 2023/10/18 3:52 a.m.1136 views

CVE-2023-38545

CVE-2023-38545 is a heap-based buffer overflow in curl/libcurl during SOCKS5 proxy hostname handling. When a long host name (over 255 bytes) is passed for proxy resolution, curl may copy the full hostname into the target buffer due to a race in a slow handshake, enabling arbitrary code execution....

9.8CVSS9.4AI score0.78483EPSS
CVE
CVE
added 2022/07/19 12:0 a.m.1111 views

CVE-2022-21549

CVE-2022-21549 affects Oracle Java SE Libraries with affected binaries: Oracle Java SE 17.0.3.1 and Oracle GraalVM Enterprise Edition 21.3.2 and 22.1.0. The entry notes network‑accessible exploitation by an unauthenticated attacker, potentially enabling unauthorized update/insert/delete of data i...

5.3CVSS5AI score0.01804EPSS
CVE
CVE
added 2020/12/10 10:10 p.m.1024 views

CVE-2020-8908

CVE-2020-8908 (Guava) : A temp directory creation vulnerability exists in all Guava versions where guava’s API com.google.common.io.Files.createTempDir() creates temporary directories that are world-readable on Unix-like systems. The issue arises because the temp dir permissions are not restricte...

3.3CVSS6.3AI score0.00964EPSS
CVE
CVE
added 2020/01/15 4:34 p.m.973 views

CVE-2020-2574

CVE-2020-2574 affects the Oracle MySQL Client (C API). Affected: MySQL Client in Oracle MySQL releases 5.6.46 and earlier, 5.7.28 and earlier, and 8.0.18 and earlier. Description in the sources: vulnerability allows an unauthenticated attacker with network access via multiple protocols to cause a...

5.9CVSS5.6AI score0.03485EPSS
CVE
CVE
added 2019/07/25 11:43 p.m.950 views

CVE-2019-10744

CVE-2019-10744 affects lodash versions lower than 4.17.12 and enables Prototype Pollution via defaultsDeep, by injecting a constructor payload to modify Object.prototype. IBM X-Force lists a base3.1 score of 9.1 (CRITICAL) and confirms the prototype pollution impact. Remediation: upgrade lodash t...

9.1CVSS8.9AI score0.05006EPSS
CVE
CVE
added 2023/08/23 12:0 a.m.935 views

CVE-2023-41105

The CVE-2023-41105 issue affects Python 3.11–3.11.4: if a path containing a null byte (\0) is passed to os.path.normpath(), the path is truncated at the first null byte. The description notes cases where filenames would have been rejected for security reasons in Python 3.10.x or earlier are no lo...

7.5CVSS7.3AI score0.02187EPSS
CVE
CVE
added 2019/02/27 11:0 p.m.925 views

CVE-2019-1559

OpenSSL vulnerability CVE-2019-1559 describes a padding-oracle weakness where, if an application encounters a fatal protocol error and then calls SSL_shutdown() twice (to send close_notify and to receive one), the server may respond differently to a 0-byte record with invalid padding versus inval...

5.9CVSS6.3AI score0.17139EPSS
CVE
CVE
added 2020/05/19 12:0 a.m.913 views

CVE-2020-7656

CVE-2020-7656 affects jQuery versions prior to 1.9.0. The vulnerability arises from the load method failing to strip certain ), enabling cross‑site scripting. Public materials describe PoC/exploitation and public advisories/patch guidance (e.g., upgrade to 1.9.0+). The CVE is documented with an o...

6.1CVSS4.9AI score0.06273EPSS
CVE
CVE
added 2022/04/25 12:0 a.m.903 views

CVE-2022-23457

CVE-2022-23457 affects ESAPI (OWASP Enterprise Security API) Java legacy. The default implementation of Validator.getValidDirectoryPath(String, String, File, boolean) before version 2.3.0.0 may treat the input string as a child of the specified parent directory, potentially bypassing control-flow...

9.8CVSS8.6AI score0.02674EPSS
CVE
CVE
added 2020/12/02 4:20 p.m.892 views

CVE-2020-13956

CVE-2020-13956 affects Apache HttpClient prior to 4.5.13 and 5.0.3. A malformed authority component in request URIs, when passed as a java.net.URI, can cause the client to misinterpret the target host and execute the request against an unintended host. This represents a misrouting vulnerability i...

5.3CVSS5.9AI score0.08665EPSS
CVE
CVE
added 2022/03/11 12:0 a.m.876 views

CVE-2020-36518

CVE-2020-36518 affects jackson-databind prior to 2.13.0, enabling a Java StackOverflow and DoS via excessive nesting depth. In affected advisories, remediation is to upgrade jackson-databind to 2.13.0+ (examples show 2.13.x or newer such as 2.13.4.2 in Crowd/CWD references). Practical impact is d...

7.5CVSS7.4AI score0.0486EPSS
CVE
CVE
added 2022/02/09 12:0 a.m.876 views

CVE-2022-0391

CVE-2022-0391 affects the Python urllib.parse.urlparse path handling, where input is not sanitized and allows literal CR/LF characters, enabling crafted URLs to trigger injection-like issues. Public docs (Python history, Debian LTS/DLA notes, Astra Linux bulletin) corroborate that the vulnerabili...

7.5CVSS7.4AI score0.08325EPSS
CVE
CVE
added 2021/04/22 9:53 p.m.871 views

CVE-2021-2163

CVE-2021-2163 applies to Oracle/OpenJDK libraries across Java SE, Java SE Embedded and GraalVM Enterprise Edition. Affected versions include Java SE 7u291, 8u281, 11.0.10, 16; Java SE Embedded 8u281; GraalVM EE 19.3.5, 20.3.1.2 and 21.0.0.2. The vulnerability is exploitable remotely over multiple...

5.3CVSS4.8AI score0.03566EPSS
Total number of security vulnerabilities848