Cloud Backup Security Vulnerabilities and Issues — Page 2 of Cloud Backup CVE List

Lucene search

NetappCloud Backup

88 matches found

CVE•added 2020/11/23 9:15 p.m.•290 views

CVE-2020-15436

Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field.

7.2CVSS6.9AI score0.00115EPSS

CVE•added 2020/06/15 5:15 p.m.•289 views

CVE-2020-14155

libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.

5.3CVSS6.4AI score0.00152EPSS

CVE•added 2020/12/02 1:15 a.m.•286 views

CVE-2020-14305

An out-of-bounds memory write flaw was found in how the Linux kernel’s Voice Over IP H.323 connection tracking functionality handled connections on ipv6 port 1720. This flaw allows an unauthenticated remote user to crash the system, causing a denial of service. The highest threat from this vulnerab...

8.3CVSS7.8AI score0.01072EPSS

CVE•added 2020/04/15 2:15 p.m.•285 views

CVE-2020-2816

Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability c...

7.5CVSS6.8AI score0.00514EPSS

CVE•added 2020/04/08 2:15 p.m.•266 views

CVE-2019-20636

In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bounds writes via a crafted keycode table, as demonstrated by input_set_keycode, aka CID-cb222aed03d7.

7.2CVSS6.4AI score0.00066EPSS

CVE•added 2020/04/15 2:15 p.m.•265 views

CVE-2020-2767

Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability...

5.8CVSS4.6AI score0.00454EPSS

CVE•added 2020/02/25 4:15 p.m.•265 views

CVE-2020-9383

An issue was discovered in the Linux kernel 3.16 through 5.5.6. set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it, aka CID-2e90ca68b0d2.

7.1CVSS6.7AI score0.00164EPSS

CVE•added 2020/04/15 2:15 p.m.•260 views

CVE-2020-2778

4.3CVSS3.7AI score0.00426EPSS

CVE•added 2020/04/29 1:15 p.m.•244 views

CVE-2020-11884

In the Linux kernel 4.19 through 5.6.7 on the s390 platform, code execution may occur because of a race condition, as demonstrated by code in enable_sacf_uaccess in arch/s390/lib/uaccess.c that fails to protect against a concurrent page table upgrade, aka CID-3f777e19d171. A crash could also occur.

7CVSS6.6AI score0.0011EPSS

CVE•added 2020/05/27 3:15 p.m.•241 views

CVE-2020-13632

ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query.

5.5CVSS6.2AI score0.00064EPSS

CVE•added 2020/06/24 7:15 p.m.•235 views

CVE-2020-15025

ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service (memory consumption) by sending packets, because memory is not freed in situations where a CMAC key is used and associated with a CMAC algorithm in the ntp.keys file.

4.9CVSS5.7AI score0.01955EPSS

CVE•added 2020/12/11 7:15 p.m.•228 views

CVE-2020-27825

A use-after-free flaw was found in kernel/trace/ring_buffer.c in Linux kernel (before 5.10-rc1). There was a race problem in trace_open and resize of cpu buffer running parallely on different cpus, may cause a denial of service problem (DOS). This flaw could even allow a local attacker with special...

5.7CVSS6.4AI score0.00138EPSS

CVE•added 2020/08/20 1:17 a.m.•225 views

CVE-2020-15861

Net-SNMP through 5.7.3 allows Escalation of Privileges because of UNIX symbolic link (symlink) following.

7.8CVSS7.5AI score0.00561EPSS

CVE•added 2020/04/02 6:15 p.m.•219 views

CVE-2020-8835

In the Linux kernel 5.5.0 and newer, the bpf verifier (kernel/bpf/verifier.c) did not properly restrict the register bounds for 32-bit operations, leading to out-of-bounds reads and writes in kernel memory. The vulnerability also affects the Linux 5.4 stable series, starting with v5.4.7, as the int...

7.8CVSS7.2AI score0.27523EPSS

CVE•added 2020/04/10 12:15 a.m.•209 views

CVE-2020-8832

The fix for the Linux kernel in Ubuntu 18.04 LTS for CVE-2019-14615 ("The Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors.") was discovered to be incomplete, meaning that in versions of the kernel before 4.15.0-91.92, an attacker could u...

5.5CVSS6.2AI score0.04704EPSS

CVE•added 2020/11/28 7:15 a.m.•203 views

CVE-2020-29370

An issue was discovered in kmem_cache_alloc_bulk in mm/slub.c in the Linux kernel before 5.5.11. The slowpath lacks the required TID increment, aka CID-fd4d9c7d0c71.

7CVSS7.5AI score0.00592EPSS

CVE•added 2020/04/29 7:15 p.m.•158 views

CVE-2020-12465

An array overflow was discovered in mt76_add_fragment in drivers/net/wireless/mediatek/mt76/dma.c in the Linux kernel before 5.5.10, aka CID-b102f0c522cf. An oversized packet with too many rx fragments can corrupt memory of adjacent pages.

7.2CVSS6.6AI score0.00169EPSS

CVE•added 2020/03/27 3:15 p.m.•149 views

CVE-2020-5863

In NGINX Controller versions prior to 3.2.0, an unauthenticated attacker with network access to the Controller API can create unprivileged user accounts. The user which is created is only able to upload a new license to the system but cannot view or modify any other components of the system.

8.6CVSS8.6AI score0.01111EPSS

CVE•added 2020/12/09 9:15 p.m.•142 views

CVE-2020-16599

A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in _bfd_elf_get_symbol_version_string, as demonstrated in nm-new, that can cause a denial of service via a crafted file.

5.5CVSS5.4AI score0.00051EPSS

CVE•added 2020/02/25 6:15 p.m.•130 views

CVE-2020-9391

An issue was discovered in the Linux kernel 5.4 and 5.5 through 5.5.6 on the AArch64 architecture. It ignores the top byte in the address passed to the brk system call, potentially moving the memory break downwards when the application expects it to move upwards, aka CID-dcde237319e6. This has been...

5.5CVSS5.4AI score0.00161EPSS

CVE•added 2020/01/15 5:15 p.m.•126 views

CVE-2020-2585

Vulnerability in the Java SE product of Oracle Java SE (component: JavaFX). The supported version that is affected is Java SE: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulne...

5.9CVSS5.6AI score0.01472EPSS

CVE•added 2020/11/12 6:15 p.m.•113 views

CVE-2020-8747

Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information disclosure and/or denial of service via network access.

9.1CVSS8.7AI score0.00804EPSS

CVE•added 2020/11/12 6:15 p.m.•113 views

CVE-2020-8752

Out-of-bounds write in IPv6 subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 14.0.45 may allow an unauthenticated user to potentially enable escalation of privileges via network access.

9.8CVSS9.5AI score0.00733EPSS

CVE•added 2020/11/12 6:15 p.m.•106 views

CVE-2020-8749

Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.

8.8CVSS9.2AI score0.00536EPSS

CVE•added 2020/07/15 6:15 p.m.•97 views

CVE-2020-14664

Vulnerability in the Java SE product of Oracle Java SE (component: JavaFX). The supported version that is affected is Java SE: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human...

8.3CVSS8.1AI score0.01002EPSS

CVE•added 2020/11/12 6:15 p.m.•95 views

CVE-2020-12356

Out-of-bounds read in subsystem in Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow a privileged user to potentially enable information disclosure via local access.

4.4CVSS5.1AI score0.00145EPSS

CVE•added 2020/12/09 9:15 p.m.•95 views

CVE-2020-16593

A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in scan_unit_for_symbols, as demonstrated in addr2line, that can cause a denial of service via a crafted file.

5.5CVSS5.5AI score0.00301EPSS

CVE•added 2020/11/12 6:15 p.m.•94 views

CVE-2020-8757

Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow a privileged user to potentially enable escalation of privilege via local access.

6.7CVSS6.8AI score0.00136EPSS

CVE•added 2020/11/12 6:15 p.m.•92 views

CVE-2020-8754

Out-of-bounds read in subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information disclosure via network access.

7.5CVSS7.1AI score0.00964EPSS

CVE•added 2020/11/12 6:15 p.m.•89 views

CVE-2020-8746

Integer overflow in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable denial of service via adjacent access.

6.5CVSS7.8AI score0.00213EPSS

CVE•added 2020/11/12 6:15 p.m.•87 views

CVE-2020-8760

Integer overflow in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 14.0.45 may allow a privileged user to potentially enable escalation of privilege via local access.

7.8CVSS7.8AI score0.00124EPSS

CVE•added 2020/12/11 8:15 p.m.•76 views

CVE-2020-27730

In versions 3.0.0-3.9.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller Agent does not use absolute paths when calling system utilities.

9.8CVSS9.4AI score0.0146EPSS

CVE•added 2020/07/20 7:15 p.m.•71 views

CVE-2020-15852

An issue was discovered in the Linux kernel 5.5 through 5.7.9, as used in Xen through 4.13.x for x86 PV guests. An attacker may be granted the I/O port permissions of an unrelated task. This occurs because tss_invalidate_io_bitmap mishandling causes a loss of synchronization between the I/O bitmaps...

7.8CVSS7.3AI score0.0016EPSS

CVE•added 2020/11/12 6:15 p.m.•71 views

CVE-2020-8738

Improper conditions check in Intel BIOS platform sample code for some Intel(R) Processors before may allow a privileged user to potentially enable escalation of privilege via local access.

6.7CVSS6.8AI score0.00282EPSS

CVE•added 2020/11/12 6:15 p.m.•69 views

CVE-2020-0590

Improper input validation in BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8CVSS8.2AI score0.00363EPSS

CVE•added 2020/09/10 2:15 p.m.•63 views

CVE-2020-25221

get_gate_page in mm/gup.c in the Linux kernel 5.7.x and 5.8.x before 5.8.7 allows privilege escalation because of incorrect reference counting (caused by gate page mishandling) of the struct page that backs the vsyscall page. The result is a refcount underflow. This can be triggered by any 64-bit p...

7.8CVSS7.5AI score0.00193EPSS

CVE•added 2020/04/23 8:15 p.m.•49 views

CVE-2020-5867

In versions prior to 3.3.0, the NGINX Controller Agent installer script 'install.sh' uses HTTP instead of HTTPS to check and install packages

8.1CVSS8AI score0.00149EPSS

CVE•added 2020/04/23 7:15 p.m.•39 views

CVE-2020-5865

In versions prior to 3.3.0, the NGINX Controller is configured to communicate with its Postgres database server over unencrypted channels, making the communicated data vulnerable to interception via man-in-the-middle (MiTM) attacks.

5.8CVSS5AI score0.00119EPSS

Total number of security vulnerabilities88