Lucene search

K
NetappCloud Backup

344 matches found

CVE
CVE
added 2019/07/16 6:15 p.m.318 views

CVE-2019-13115

In libssh2 before 1.9.0, kex_method_diffie_hellman_group_exchange_sha256_key_exchange in kex.c has an integer overflow that could lead to an out-of-bounds read in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to disclose sensitive information o...

8.1CVSS8.5AI score0.4327EPSS
CVE
CVE
added 2019/02/26 2:29 a.m.318 views

CVE-2019-9169

In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.

9.8CVSS9.3AI score0.1003EPSS
CVE
CVE
added 2020/04/15 2:15 p.m.316 views

CVE-2020-2781

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compr...

5.3CVSS5.3AI score0.00206EPSS
CVE
CVE
added 2020/04/13 7:15 p.m.315 views

CVE-2020-1730

A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR (or DES ciphers if enabled) ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to cleanup the ciphers when closing the connection. The bigges...

5.3CVSS5.2AI score0.00076EPSS
CVE
CVE
added 2020/05/27 3:15 p.m.314 views

CVE-2020-13631

SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c.

5.5CVSS6.7AI score0.00111EPSS
CVE
CVE
added 2021/01/12 9:15 a.m.314 views

CVE-2021-23239

The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path.

2.5CVSS5.5AI score0.0004EPSS
CVE
CVE
added 2021/05/27 1:15 p.m.314 views

CVE-2021-33200

kernel/bpf/verifier.c in the Linux kernel through 5.12.7 enforces incorrect limits for pointer arithmetic operations, aka CID-bb01a1bba579. This can be abused to perform out-of-bounds reads and writes in kernel memory, leading to local privilege escalation to root. In particular, there is a corner ...

7.8CVSS7.5AI score0.00024EPSS
CVE
CVE
added 2021/05/25 10:15 p.m.314 views

CVE-2021-33574

The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possi...

9.8CVSS8.7AI score0.00129EPSS
CVE
CVE
added 2020/04/15 2:15 p.m.312 views

CVE-2020-2773

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

4.3CVSS4.2AI score0.00624EPSS
CVE
CVE
added 2020/04/15 2:15 p.m.311 views

CVE-2020-2755

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple proto...

4.3CVSS4.2AI score0.0018EPSS
CVE
CVE
added 2020/05/09 9:15 p.m.309 views

CVE-2020-12771

An issue was discovered in the Linux kernel through 5.6.11. btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails.

5.5CVSS5.9AI score0.00063EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.309 views

CVE-2020-14593

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple pro...

7.4CVSS7.1AI score0.00331EPSS
CVE
CVE
added 2021/03/05 6:15 p.m.309 views

CVE-2021-28038

An issue was discovered in the Linux kernel through 5.11.3, as used with Xen PV. A certain part of the netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of changes to the handling of grant mapping errors). A host OS denial of service may occur during ...

6.5CVSS6.3AI score0.00158EPSS
CVE
CVE
added 2020/04/15 2:15 p.m.307 views

CVE-2020-2756

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via mul...

4.3CVSS4.2AI score0.0026EPSS
CVE
CVE
added 2020/12/11 5:15 a.m.307 views

CVE-2020-27786

A flaw was found in the Linux kernel’s implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. A write to this specific memory while freed and before use causes the flow of execution to change a...

7.8CVSS8.6AI score0.06584EPSS
CVE
CVE
added 2020/04/15 2:15 p.m.303 views

CVE-2020-2805

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multipl...

8.3CVSS8.2AI score0.01306EPSS
CVE
CVE
added 2020/05/28 12:15 p.m.300 views

CVE-2020-13645

In GNOME glib-networking through 2.64.2, the implementation of GTlsClientConnection skips hostname verification of the server's TLS certificate if the application fails to specify the expected server identity. This is in contrast to its intended documented behavior, to fail the certificate verifica...

6.5CVSS6.4AI score0.00498EPSS
CVE
CVE
added 2020/02/14 5:15 a.m.300 views

CVE-2020-8992

ext4_protect_reserved_inode in fs/ext4/block_validity.c in the Linux kernel through 5.5.3 allows attackers to cause a denial of service (soft lockup) via a crafted journal size.

5.5CVSS5.5AI score0.00068EPSS
CVE
CVE
added 2021/09/23 1:15 p.m.300 views

CVE-2021-22945

When sending data to an MQTT server, libcurl

9.1CVSS8.9AI score0.00481EPSS
CVE
CVE
added 2021/08/05 9:15 p.m.299 views

CVE-2021-22922

When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the client how to get the same contentfrom a set of different URLs, potentially hosted by different servers and thecli...

6.5CVSS6.6AI score0.00235EPSS
CVE
CVE
added 2019/07/01 2:15 a.m.297 views

CVE-2019-13118

In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data.

5.3CVSS6.1AI score0.01193EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.297 views

CVE-2020-14579

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols ...

4.3CVSS4.3AI score0.00131EPSS
CVE
CVE
added 2021/11/17 5:15 p.m.297 views

CVE-2021-43976

In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic).

4.6CVSS6AI score0.00017EPSS
CVE
CVE
added 2019/12/30 5:15 a.m.296 views

CVE-2019-20095

mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c in the Linux kernel before 5.1.6 has some error-handling cases that did not free allocated hostcmd memory, aka CID-003b686ace82. This will cause a memory leak and denial of service.

5.5CVSS6.5AI score0.00131EPSS
CVE
CVE
added 2021/08/05 9:15 p.m.295 views

CVE-2021-22923

When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to each of the servers from which curl will download or try to download the contents from. Often contrar...

5.3CVSS6.1AI score0.00086EPSS
CVE
CVE
added 2021/05/10 4:15 p.m.294 views

CVE-2020-13529

An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server.

6.1CVSS6.2AI score0.00055EPSS
CVE
CVE
added 2021/04/22 6:15 p.m.294 views

CVE-2021-23133

A race condition in Linux kernel SCTP sockets (net/sctp/socket.c) before 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or an unprivileged process. If sctp_destroy_sock is called without sock_net(sk)->sctp.addr_wq_lock then an element is removed from the a...

7CVSS7.4AI score0.00024EPSS
CVE
CVE
added 2020/05/27 3:15 p.m.293 views

CVE-2020-13630

ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.

7CVSS7.5AI score0.00177EPSS
CVE
CVE
added 2020/06/06 4:15 p.m.292 views

CVE-2020-13871

SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late.

7.5CVSS7.4AI score0.02187EPSS
CVE
CVE
added 2021/05/17 12:15 p.m.292 views

CVE-2021-3483

A flaw was found in the Nosy driver in the Linux kernel. This issue allows a device to be inserted twice into a doubly-linked list, leading to a use-after-free when one of these devices is removed. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availa...

7.8CVSS7.7AI score0.00133EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.290 views

CVE-2020-14578

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols ...

4.3CVSS4.3AI score0.00131EPSS
CVE
CVE
added 2021/03/03 5:15 p.m.289 views

CVE-2020-14372

A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a Secondary System Description Table (SSDT) containing code to overwrite the Linux kernel lockdow...

7.5CVSS7.3AI score0.03085EPSS
CVE
CVE
added 2020/12/08 1:15 a.m.289 views

CVE-2020-25692

A NULL pointer dereference was found in OpenLDAP server and was fixed in openldap 2.4.55, during a request for renaming RDNs. An unauthenticated attacker could remotely crash the slapd process by sending a specially crafted request, causing a Denial of Service.

7.5CVSS7.5AI score0.00652EPSS
CVE
CVE
added 2021/12/14 7:15 p.m.289 views

CVE-2021-4044

Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error (for example out of memory). Such a negative return value is mishandled by OpenSSL and will cause an ...

7.5CVSS7.2AI score0.26964EPSS
CVE
CVE
added 2021/05/25 8:15 p.m.288 views

CVE-2020-25672

A memory leak vulnerability was found in Linux kernel in llcp_sock_connect

7.5CVSS7.3AI score0.01939EPSS
CVE
CVE
added 2020/06/15 5:15 p.m.284 views

CVE-2020-14155

libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.

5.3CVSS6.4AI score0.00152EPSS
CVE
CVE
added 2019/12/25 4:15 a.m.282 views

CVE-2019-19966

In the Linux kernel before 5.1.6, there is a use-after-free in cpia2_exit() in drivers/media/usb/cpia2/cpia2_v4l.c that will cause denial of service, aka CID-dea37a972655.

4.6CVSS6.1AI score0.00132EPSS
CVE
CVE
added 2020/11/23 9:15 p.m.281 views

CVE-2020-15436

Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field.

7.2CVSS6.9AI score0.00115EPSS
CVE
CVE
added 2020/04/15 2:15 p.m.281 views

CVE-2020-2816

Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability c...

7.5CVSS6.8AI score0.00514EPSS
CVE
CVE
added 2021/02/17 2:15 a.m.278 views

CVE-2021-26932

An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success or failure of each one is reported to the backend driver, and the backend driver then l...

5.5CVSS6AI score0.00186EPSS
CVE
CVE
added 2020/12/02 1:15 a.m.276 views

CVE-2020-14305

An out-of-bounds memory write flaw was found in how the Linux kernel’s Voice Over IP H.323 connection tracking functionality handled connections on ipv6 port 1720. This flaw allows an unauthenticated remote user to crash the system, causing a denial of service. The highest threat from this vulnerab...

8.3CVSS7.8AI score0.01276EPSS
CVE
CVE
added 2021/03/15 5:15 a.m.276 views

CVE-2021-28375

An issue was discovered in the Linux kernel through 5.11.6. fastrpc_internal_invoke in drivers/misc/fastrpc.c does not prevent user applications from sending kernel RPC messages, aka CID-20c40794eb85. This is a related issue to CVE-2019-2308.

7.8CVSS7.7AI score0.00108EPSS
CVE
CVE
added 2021/05/26 11:15 a.m.275 views

CVE-2020-25671

A vulnerability was found in Linux Kernel, where a refcount leak in llcp_sock_connect() causing use-after-free which might lead to privilege escalations.

7.8CVSS7.6AI score0.00131EPSS
CVE
CVE
added 2018/02/01 2:29 p.m.274 views

CVE-2018-6485

An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption.

9.8CVSS8.4AI score0.00663EPSS
CVE
CVE
added 2019/12/23 1:15 a.m.269 views

CVE-2019-19926

multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880.

7.5CVSS8.2AI score0.1124EPSS
CVE
CVE
added 2019/12/18 6:15 a.m.266 views

CVE-2019-19880

exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled.

7.5CVSS7.8AI score0.1124EPSS
CVE
CVE
added 2021/11/17 5:15 p.m.265 views

CVE-2021-43975

In the Linux kernel through 5.15.2, hw_atl_utils_fw_rpc_wait in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c allows an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value.

6.7CVSS6.6AI score0.00018EPSS
CVE
CVE
added 2019/11/18 6:15 a.m.264 views

CVE-2019-19054

A memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering kfifo_alloc() failures, aka CID-a7b2df76b42b.

4.7CVSS6.2AI score0.00076EPSS
CVE
CVE
added 2021/01/07 12:15 a.m.263 views

CVE-2020-36180

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.

8.8CVSS7.7AI score0.01957EPSS
CVE
CVE
added 2021/03/22 5:15 p.m.263 views

CVE-2021-28971

In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS status in a PEBS record is mishandled, aka CID-d88d05a9e0b6.

5.5CVSS6.5AI score0.00024EPSS
Total number of security vulnerabilities344