Lucene search
K
NetappCloud Backup

345 matches found

CVE
CVE
added 2021/11/17 12:0 a.m.391 views

CVE-2021-43976

CVE-2021-43976 affects the Linux kernel, specifically the Marvell mwifiex_usb_recv() function in drivers/net/wireless/marvell/mwifiex/usb.c. A local attacker with access to a crafted USB device can trigger a denial of service (skb_over_panic). The advisory notes the vulnerability exists in kernel...

4.6CVSS6AI score0.00643EPSS
CVE
CVE
added 2020/04/15 1:29 p.m.390 views

CVE-2020-2781

CVE-2020-2781 concerns Oracle/OpenJDK Java SE JSSE vulnerability that allows unauthenticated network access to degrade availability in Java SE and Java SE Embedded (client/server deployment). The Chainguard data confirms affected OpenJDK JSSE components and versions, aligning with the CVE descrip...

5.3CVSS5.3AI score0.04948EPSS
CVE
CVE
added 2020/05/27 2:42 p.m.388 views

CVE-2020-13630

CVE-2020-13630 affects SQLite prior to 3.32.0, with a use-after-free in ext/fts3/fts3.c (fts3EvalNextRow) related to the snippet feature. Multiple connected advisories (Astra Linux, BSA, AlmaLinux) confirm the issue in SQLite and reference the same function/file. The provided sources do not quant...

7CVSS7.5AI score0.0103EPSS
CVE
CVE
added 2020/07/15 5:34 p.m.388 views

CVE-2020-14579

CVE-2020-14579 affects Oracle Java SE/Embedded (Libraries component) with affected Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. The connected advisories confirm network-remote, unauthenticated access leading to a partial denial of service via multiple protocols, per CVSS 3.1 Base Score 3.7 ...

4.3CVSS4.3AI score0.04044EPSS
CVE
CVE
added 2020/04/15 1:29 p.m.387 views

CVE-2020-2756

CVE-2020-2756 affects Oracle Java SE/Java SE Embedded (component: Serialization). Affected: Java SE 7u251, 8u241, 11.0.6, 14; Java SE Embedded 8u241. An unauthenticated, network-exposed attacker can exploit to cause a partial Denial of Service. Connected advisories show remediation via updating t...

4.3CVSS4.2AI score0.04211EPSS
CVE
CVE
added 2020/12/05 11:18 p.m.387 views

CVE-2020-29573

CVE-2020-29573 affects the GNU C Library (glibc) on x86, where sysdeps/i386/ldbl2mpn.c allows a stack-based buffer overflow when a printf-family input is an 80-bit long double with a non-canonical pattern (example: 0x0004000000000000000000000000000000000004 passed to sprintf). Public notes indica...

7.5CVSS7.6AI score0.02765EPSS
CVE
CVE
added 2020/05/27 2:42 p.m.385 views

CVE-2020-13631

CVE-2020-13631 affects SQLite up to version 3.32.0, where a vulnerability allows renaming a virtual table to the name of one of its shadow tables (related to alter.c and build.c). Connected advisories confirm the issue in SQLite prior to 3.32.0 and note the remediation is to upgrade SQLite to 3.3...

5.5CVSS6.7AI score0.0062EPSS
CVE
CVE
added 2019/07/16 12:0 a.m.384 views

CVE-2019-13115

CVE-2019-13115 affects libssh2 prior to 1.9.0, where kex_method_diffie_hellman_group_exchange_sha256_key_exchange in kex.c can overflow an integer, leading to an out-of-bounds read when processing server packets. The vulnerability could allow a remote attacker controlling a SSH server to disclose...

8.1CVSS8.5AI score0.11659EPSS
CVE
CVE
added 2020/12/11 4:5 a.m.383 views

CVE-2020-27786

CVE-2020-27786 affects the Linux kernel MIDI subsystem (rawmidi) with a use-after-free in the MIDI ioctl handling path. A local attacker with access to issue ioctl commands to MIDI devices could trigger memory corruption, potentially enabling privilege escalation. Public documentation in connecte...

7.8CVSS8.6AI score0.01672EPSS
CVE
CVE
added 2021/01/12 12:0 a.m.383 views

CVE-2021-23239

The CVE-2021-23239 entry concerns the sudoedit personality in sudo up to version 1.9.4 (before 1.9.5). A race condition in sudoedit (sudo_edit.c) can allow a local, unprivileged user to determine directory existence by substituting a user-controlled directory with a symlink to an arbitrary path, ...

2.5CVSS5.5AI score0.01029EPSS
CVE
CVE
added 2020/02/21 9:25 p.m.382 views

CVE-2020-9327

The CVE-2020-9327 entry concerns SQLite 3.31.1. A NULL pointer dereference can be triggered by isAuxiliaryVtabOperator due to generated column optimizations, potentially causing a segmentation fault. The connected Astra Linux security bulletin confirms the same SQLite 3.31.1 issue but provides no...

7.5CVSS7.8AI score0.03683EPSS
CVE
CVE
added 2021/05/05 3:30 p.m.382 views

CVE-2021-29489

Highcharts JS (charting library) versions 8 and earlier are vulnerable to cross-site scripting due to inadequate filtering of the chart options structure for XSS vectors. The vulnerability can allow execution of untrusted script in the end user’s browser if the configuration contains malicious in...

7.6CVSS5.5AI score0.00867EPSS
CVE
CVE
added 2020/04/15 1:29 p.m.379 views

CVE-2020-2755

CVE-2020-2755 is reported in the Oracle Java SE scripting component affecting Java SE 8u241, 11.0.6 and 14 (and Java SE Embedded 8u241). The vulnerability allows an unauthenticated attacker with network access to cause a partial denial of service in Java SE/Java SE Embedded. The CVSS base score i...

4.3CVSS4.2AI score0.03899EPSS
CVE
CVE
added 2020/04/15 1:29 p.m.377 views

CVE-2020-2805

CVE-2020-2805 is an OpenJDK/OpenJDK Libraries issue. The connected Chainguard entry states the flaw resides in the readObject() method of the MethodType class within the Libraries component of OpenJDK, which can allow an untrusted Java applet or application to bypass Java sandbox restrictions. Th...

8.3CVSS8.2AI score0.04051EPSS
CVE
CVE
added 2019/12/23 11:12 p.m.375 views

CVE-2019-19947

CVE-2019-19947 affects the Linux kernel up to version 5.4.6, where the kvaser_usb_leaf.c driver (drivers/net/can/usb/kvaser_usb) leaks information from uninitialized memory to a USB device (CID-da2311a6385c). Connected advisories corroborate this kernel info-leak issue and link it to the Kvaser C...

4.6CVSS5.1AI score0.00493EPSS
CVE
CVE
added 2020/07/15 5:34 p.m.369 views

CVE-2020-14578

CVE-2020-14578 affects Oracle Java SE and Java SE Embedded (Libraries component) with Java SE 7u261 and 8u251; Java SE Embedded 8u251. It is exploitable over a network (multiple protocols) by unauthenticated attackers, including via sandboxed Java Web Start apps, applets, or direct API input, lea...

4.3CVSS4.3AI score0.04044EPSS
CVE
CVE
added 2021/04/22 6:0 p.m.365 views

CVE-2021-23133

CVE-2021-23133 is a race condition in the Linux kernel SCTP sockets (net/sctp/socket.c) prior to 5.12-rc8. If sctp_destroy_sock executes without sock_net(sk)->sctp.addr_wq_lock, an element is removed from the auto_asconf_splist list without proper locking, enabling a local attacker with networ...

7CVSS7.4AI score0.00482EPSS
CVE
CVE
added 2020/04/13 12:0 a.m.359 views

CVE-2020-1730

The CVE-2020-1730 vulnerability affects libssh versions before 0.8.9 and before 0.9.4, caused by how AES-CTR (or DES, if enabled) ciphers are handled. If a connection isn’t fully initialized, cleaning up these ciphers on close can crash the server or client, impacting availability. Upgrading to l...

5.3CVSS5.2AI score0.03065EPSS
CVE
CVE
added 2019/02/26 2:0 a.m.358 views

CVE-2019-9169

CVE-2019-9169 affects GNU C Library (glibc) up to 2.29, where proceed_next_node in posix/regexec.c permits a heap-based buffer over-read during a case-insensitive regular-expression match. Impact: potential information disclosure via crafted input; CVSS/assessment in references indicates high/cri...

9.8CVSS9.3AI score0.04731EPSS
CVE
CVE
added 2020/05/09 8:16 p.m.358 views

CVE-2020-12771

CVE-2020-12771 involves the Linux kernel component drivers/md/bcache/btree.c , where the function btree_gc_coalesce may deadlock if a coalescing operation fails. The connected Unity/Nessus entries reproduce: an issue in the kernel up to 5.6.11 with deadlock in the btree GC coalescing path, impact...

5.5CVSS5.9AI score0.00519EPSS
CVE
CVE
added 2020/06/06 3:37 p.m.356 views

CVE-2020-13871

SQLite 3.32.2 is affected by a use-after-free in resetAccumulator (select.c) due to a late parse tree rewrite for window functions. Impact could include a crash or arbitrary code execution. Remediation: upgrade to SQLite 3.32.3 or later (fix upstream).

7.5CVSS7.4AI score0.04447EPSS
CVE
CVE
added 2021/11/17 4:32 p.m.356 views

CVE-2021-43975

CVE-2021-43975 is described in connected material as a Linux kernel vulnerability up to version 5.15.2 where the hw_atl_utils_fw_rpc_wait() function in the aQuantia AQtion Ethernet driver (drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c) allows a local attacker who can introduce a cr...

6.7CVSS6.6AI score0.00513EPSS
CVE
CVE
added 2020/11/23 8:8 p.m.354 views

CVE-2020-15436

The CVE-2020-15436 entry is confirmed by connected sources as a Linux kernel local-use-after-free vulnerability in fs/block_dev.c (pre-5.8). It enables a local attacker to gain elevated privileges or cause a denial of service by abusing improper access to a particular error field. The Linux kerne...

7.2CVSS6.9AI score0.00928EPSS
CVE
CVE
added 2019/11/18 5:23 a.m.346 views

CVE-2019-19052

CVE-2019-19052 is a memory-leak vulnerability in the Linux kernel, specifically in drivers/net/can/usb/gs_usb.c within the gs_can_open() function. The issue allows a denial of service through memory consumption when usb_submit_urb() fails, affecting the kernel up to version before 5.3.11. The rea...

7.8CVSS7.5AI score0.05376EPSS
CVE
CVE
added 2021/05/25 7:38 p.m.346 views

CVE-2020-25672

The CVE-2020-25672 entry refers to a memory-leak vulnerability in the Linux kernel NFC LLCP path (llcp_sock_connect). The issue is described as a memory leak in the NFC LLCP implementation, which can lead to resource exhaustion and denial of service when non-blocking socket operations trigger the...

7.5CVSS7.3AI score0.03259EPSS
CVE
CVE
added 2021/08/05 12:0 a.m.346 views

CVE-2021-22922

CVE-2021-22922 affects curl’s Metalink download flow: when multiple URLs are provided, a content hash mismatch on a breached server is not discarded during download, allowing potentially malicious data to be kept on disk. Public advisories and vendor bulletins confirm patches in patched curl rele...

6.5CVSS6.6AI score0.04313EPSS
CVE
CVE
added 2020/02/14 4:27 a.m.345 views

CVE-2020-8992

CVE-2020-8992 affects the Linux kernel ext4 implementation (ext4_protect_reserved_inode in fs/ext4/block_validity.c) through version 5.5.3. A crafted journal size can cause a denial of service (soft lockup) via a local attack. Connected advisories (e.g., SUSE-SU-2020:1663-1, Ubuntu USN-4419-1, Un...

5.5CVSS5.5AI score0.00416EPSS
CVE
CVE
added 2021/09/23 12:0 a.m.345 views

CVE-2021-22945

Summary: CVE-2021-22945 affects libcurl/curl when sending data to an MQTT server, where in some cases a pointer to freed memory could be reused and freed again. This is a memory-use-after-free/double-free issue in libcurl. What is affected: libcurl/curl (MQTT data transmission scenarios) with vul...

9.1CVSS8.9AI score0.06216EPSS
CVE
CVE
added 2021/05/17 11:25 a.m.344 views

CVE-2021-3483

CVE-2021-3483 refers to a vulnerability in the Linux kernel Nosy driver where a device can be inserted twice into a doubly-linked list, causing a use-after-free when one is removed. This affects versions before 5.12-rc6 and impacts confidentiality, integrity, and availability. The incident is loc...

7.8CVSS7.7AI score0.00361EPSS
CVE
CVE
added 2021/03/15 4:51 a.m.340 views

CVE-2021-28375

The CVE-2021-28375 issue affects the Linux kernel up to 5.11.6, specifically fastrpc_internal_invoke in drivers/misc/fastrpc.c, which does not prevent user-space processes from sending kernel RPC messages. This is a local, privilege-escalation risk (as indicated by related CVE-2019-2308) that cou...

7.8CVSS7.7AI score0.00305EPSS
CVE
CVE
added 2021/08/05 12:0 a.m.339 views

CVE-2021-22923

CVE-2021-22923 affects curl's metalink feature: when downloading a metalink XML with user credentials, those credentials are subsequently passed to each server curls contacts, potentially leaking credentials to multiple endpoints. Technical details across sources confirm this credential exposure ...

5.3CVSS6.1AI score0.01843EPSS
CVE
CVE
added 2021/03/05 12:0 a.m.338 views

CVE-2021-28038

CVE-2021-28038 is a Linux kernel issue (through 5.11.3 with Xen PV) where the netback driver mishandles grant mapping errors, leaving memory allocation/error conditions untreated. In a Xen PV setup, a misbehaving networking frontend driver can trigger a host OS denial of service (Dom0 crash) from...

6.5CVSS6.3AI score0.00708EPSS
CVE
CVE
added 2021/02/17 12:0 a.m.335 views

CVE-2021-26932

CVE-2021-26932 affects Linux kernels 3.2 through 5.10.16 when used with Xen PV backends. The issue arises in grant-mapping error handling during batch hypercalls, where errors can be ignored or misreported, causing improper unmapping and potential downstream impact. Affected components include ar...

5.5CVSS6AI score0.00346EPSS
CVE
CVE
added 2020/12/02 12:48 a.m.334 views

CVE-2020-14305

Mode C: CVE-2020-14305 is a Linux kernel vulnerability described in connected documents as an out-of-bounds memory write affecting the Voice Over IP H.323 connection tracking for ipv6 port 1720. An unauthenticated remote attacker could crash the system, causing DoS, with high impact on confidenti...

8.3CVSS7.8AI score0.05114EPSS
CVE
CVE
added 2019/12/30 4:39 a.m.333 views

CVE-2019-20095

CVE-2019-20095 affects the Linux kernel mwifiex driver (drivers/net/wireless/marvell/mwifiex/cfg80211.c). The description states that certain error-handling paths do not free allocated hostcmd memory, causing a memory leak that can lead to a denial of service. The issue is fixed in kernel version...

5.5CVSS6.5AI score0.00394EPSS
CVE
CVE
added 2021/03/22 4:53 p.m.333 views

CVE-2021-28971

The CVE-2021-28971 vulnerability affects the Linux kernel: specifically, intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c can mishandle PEBS status on Haswell-era CPUs, potentially causing a system crash when userspace tools (e.g., perf-fuzzer) access performance events. The issue exists in...

5.5CVSS6.5AI score0.00385EPSS
CVE
CVE
added 2021/05/26 10:44 a.m.331 views

CVE-2020-25671

CVE-2020-25671 is a Linux kernel vulnerability in the NFC LLCP implementation where a refcount leak in llcp_sock_connect() can cause a use-after-free, potentially enabling privilege escalation or system crash via local access. Affected: Linux kernel NFC LLCP path; impact parameter: local attacker...

7.8CVSS7.6AI score0.00511EPSS
CVE
CVE
added 2020/12/08 12:6 a.m.331 views

CVE-2020-25692

CVE-2020-25692 affects OpenLDAP slapd. It is a NULL pointer dereference during a request to rename RDNs, allowing an unauthenticated remote attacker to crash slapd and cause Denial of Service. The fix is OpenLDAP 2.4.55. IBM/Red Hat advisories and the 2020 CVE entry document this issue and its re...

7.5CVSS7.5AI score0.02183EPSS
CVE
CVE
added 2020/04/08 1:58 p.m.330 views

CVE-2019-20636

CVE-2019-20636 affects the Linux kernel prior to 5.4.12. The vulnerability is an out-of-bounds write in drivers/input/input.c via a crafted keycode table in input_set_keycode, enabling a local attacker with root privileges to corrupt memory and potentially execute arbitrary code or cause a denial...

7.2CVSS6.4AI score0.00384EPSS
CVE
CVE
added 2021/03/03 4:40 p.m.330 views

CVE-2020-14372

Summary: CVE-2020-14372 affects grub2 prior to version 2.06. The flaw enables the use of the ACPI command when Secure Boot is enabled, allowing a privileged attacker to craft an SSDT that overwrites the Linux kernel lockdown state in memory. The loaded SSDT is executed by the kernel, defeating Se...

7.5CVSS7.3AI score0.01738EPSS
CVE
CVE
added 2020/06/15 12:0 a.m.326 views

CVE-2020-14155

CVE-2020-14155 concerns the PCRE library: libpcre in PCRE versions prior to 8.44 allows an integer overflow when parsing a large number after a (?C substring. The issue is the result of an input validation/overflow bug in PCRE’s handling of certain regular expressions, potentially enabling memory...

5.3CVSS6.4AI score0.04182EPSS
CVE
CVE
added 2021/05/21 2:30 p.m.325 views

CVE-2021-31440

CVE-2021-31440 affects the Linux kernel, with the vulnerability in the eBPF verifier: improper validation of user-supplied eBPF programs can allow a local attacker to escalate privileges and execute code in kernel context. The issue is rooted in the handling/verification of eBPF programs, leading...

8.8CVSS7.4AI score0.01754EPSS
CVE
CVE
added 2021/12/14 6:40 p.m.325 views

CVE-2021-4044

OpenSSL OpenSSL libssl vulnerability CVE-2021-4044 arises when X509_verify_cert() returns a negative internal error (e.g., OOM). OpenSSL mishandles this, causing SSL_connect/SSL_do_handshake to not signal success and SSL_get_error() to return SSL_ERROR_WANT_RETRY_VERIFY, which is unexpected for m...

7.5CVSS7.2AI score0.50099EPSS
CVE
CVE
added 2019/07/01 1:27 a.m.324 views

CVE-2019-13118

CVE-2019-13118 affects libxslt 1.1.33, where a too-narrow type holding grouping characters in xsl:number can pass an invalid character/length to xsltNumberFormatDecimal, causing a read of uninitialized stack data (stack overflow vulnerability). Connected Apple advisories (HT210351, HT210346, HT21...

5.3CVSS6.1AI score0.05147EPSS
CVE
CVE
added 2021/05/10 3:8 p.m.324 views

CVE-2020-13529

CVE-2020-13529 is a systemd denial-of-service/remote reconfiguration vulnerability tied to DHCP FORCERENEW handling. The connected documents confirm a DHCP FORCERENEW/ACK pairing can allow an attacker to reconfigure a systemd-managed DHCP client. The issue affects systemd components (e.g., system...

6.1CVSS6.2AI score0.01399EPSS
CVE
CVE
added 2020/05/28 11:55 a.m.324 views

CVE-2020-13645

Technical details for CVE-2020-13645 are not provided in the Connected documents. The Initial Description notes a hostname verification issue in GNOME glib-networking (GTlsClientConnection), but there are no product/version specifics beyond the CP4S remediation, so monitor for updates.

6.5CVSS6.4AI score0.01933EPSS
CVE
CVE
added 2020/02/25 3:48 p.m.321 views

CVE-2020-9383

CVE-2020-9383 affects the Linux kernel floppy driver (set_fdc in drivers/block/floppy.c) where the FDC index is not checked for errors before assignment, causing a wait_til_ready out-of-bounds read. Impact per the CVE description: local attacker could cause a denial of service or privilege escala...

7.1CVSS6.7AI score0.00731EPSS
CVE
CVE
added 2021/09/19 4:2 p.m.321 views

CVE-2021-41073

The CVE-2021-41073 issue affects the Linux kernel (affected versions 5.10 to 5.14.6) where loop_rw_iter in fs/io_uring.c can be abused via IORING_OP_PROVIDE_BUFFERS to trigger a use-after-free of a kernel buffer, enabling local privilege escalation. Exploitation relies on reading /proc//maps and ...

7.8CVSS7.2AI score0.01719EPSS
CVE
CVE
added 2020/04/15 1:29 p.m.319 views

CVE-2020-2816

CVE-2020-2816 affects Oracle Java SE JSSE in Java SE 11.0.6 and 14. The vulnerability allows an unauthenticated attacker with network access via HTTPS to compromise Java SE, potentially enabling unauthorized creation, deletion, or modification of data in Java SE‑accessible data. The description n...

7.5CVSS6.8AI score0.02698EPSS
CVE
CVE
added 2021/02/05 7:41 a.m.319 views

CVE-2021-26708

CVE-2021-26708 describes a local privilege-escalation in the Linux kernel prior to 5.10.13 caused by race conditions in AF_VSOCK (net/vmw_vsock/af_vsock.c) related to wrong locking during VSOCK multi-transport changes. The vulnerability can be exploited via use-after-free primitives in the vsock_...

7CVSS6.6AI score0.01602EPSS
Web
Total number of security vulnerabilities345