Lucene search
K
NetappCloud Backup

345 matches found

CVE
CVE
added 2018/07/18 1:0 p.m.318 views

CVE-2018-2973

CVE-2018-2973 is an Oracle Java SE/JSSE vulnerability affecting Java SE: 6u191, 7u181, 8u172, 10.0.1 and Java SE Embedded: 8u171. It can be exploited over the network with SSL/TLS by an unauthenticated attacker to cause unauthorized data modifications (integrity impact). Affected deployments load...

5.9CVSS6.2AI score0.04676EPSS
CVE
CVE
added 2019/12/25 3:1 a.m.317 views

CVE-2019-19966

CVE-2019-19966 affects the Linux kernel prior to 5.1.6, where a use-after-free in cpia2_exit() (drivers/media/usb/cpia2/cpia2_v4l.c) can lead to denial of service. Connected advisories (Unity Linux UTSA-2026-004036 and related Nessus plugins) reference the same issue and note a fix in kernel 5.1....

4.6CVSS6.1AI score0.00632EPSS
CVE
CVE
added 2021/03/22 7:17 a.m.315 views

CVE-2021-28964

CVE-2021-28964: A race condition in get_old_root() in fs/btrfs/ctree.c of the Linux kernel up to 5.11.8 can allow a local attacker to cause a denial of service by cloning an extent buffer without proper locking. Connected documents confirm the Btrfs race condition and DoS impact but do not provid...

4.7CVSS6.2AI score0.00267EPSS
CVE
CVE
added 2018/07/18 1:0 p.m.313 views

CVE-2018-2938

CVE-2018-2938 concerns a vulnerability in the Java SE component of Oracle Java SE (subcomponent: Java DB). Affected versions are Java SE: 6u191, 7u181, and 8u172. The vulnerability is described as difficult to exploit but capable of allowing an unauthenticated attacker with network access via mul...

9CVSS6.8AI score0.01944EPSS
CVE
CVE
added 2018/02/01 2:0 p.m.308 views

CVE-2018-6485

CVE-2018-6485 is an integer overflow in posix_memalign within glibc (memalign implementation) for versions 2.26 and earlier, which could cause a heap area to be too small and lead to heap corruption. The NVD CVSSv3/base score is 9.8 (CRITICAL) with network attack vector, no user interaction. Affe...

9.8CVSS8.4AI score0.04778EPSS
CVE
CVE
added 2021/01/06 10:30 p.m.306 views

CVE-2020-36180

The connected documents confirm CVE-2020-36180 affects FasterXML jackson-databind 2.x before 2.9.10.8, due to mishandling of interaction between serialization gadgets and typing, specifically involving DriverAdapterCPDS in org.apache.commons.dbcp2.cpdsadapter (and related CPDS drivers). A public ...

8.8CVSS7.7AI score0.05041EPSS
CVE
CVE
added 2019/10/03 4:1 p.m.304 views

CVE-2019-15166

CVE-2019-15166 affects tcpdump: lmp_print_data_link_subobjs() in print-lmp.c before 4.9.3 lacks bounds checks, enabling memory corruption that could crash the application when processing crafted data. Connected sources confirm this specific subroutine and bug class, and multiple advisories refere...

7.5CVSS6.8AI score0.04986EPSS
CVE
CVE
added 2019/12/23 12:53 a.m.303 views

CVE-2019-19926

CVE-2019-19926 affects SQLite 3.30.1, where multiSelect in select.c mishandles certain parsing errors. Astra Linux notes an invalid pointer dereference triggered by ORDER BY constants in window definitions, due to an incomplete fix for CVE-2019-19880. This can cause a crash (denial of service) an...

7.5CVSS8.2AI score0.06997EPSS
CVE
CVE
added 2021/05/26 10:28 a.m.303 views

CVE-2020-25670

CVE-2020-25670 is a Linux kernel vulnerability affecting the NFC LLCP protocol implementation. The issue is a refcount leak in llcp_sock_bind() that can cause a use-after-free, with the potential for privilege escalation. The connected documents confirm the vulnerability and its association with ...

7.8CVSS7.7AI score0.00613EPSS
CVE
CVE
added 2021/03/22 4:53 p.m.303 views

CVE-2021-28972

CVE-2021-28972 affects the Linux kernel RPA PCI Hotplug driver (drivers/pci/hotplug/rpadlpar_sysfs.c) up to version 5.11.8. It is a user‑tolerable buffer overflow caused by improper handling of drc_name termination in add_slot_store/remove_slot_store, allowing userspace to write into the kernel s...

7.2CVSS7.3AI score0.00858EPSS
CVE
CVE
added 2017/10/19 5:0 p.m.302 views

CVE-2017-10355

CVE-2017-10355 is documented across multiple openJDK/OpenJDK-derived advisories (CentOS, Debian, Amazon, IBM, etc.) as a networking vulnerability in the FtpClient component of OpenJDK’s Java SE/Java SE Embedded. Technical details in connected sources specify that the FtpClient did not set default...

5.3CVSS5.3AI score0.16181EPSS
CVE
CVE
added 2018/07/18 1:0 p.m.298 views

CVE-2018-2940

CVE-2018-2940 affects Oracle Java SE and Java SE Embedded Libraries. Affected: Java SE 6u191, 7u181, 8u172, 10.0.1; Java SE Embedded 8u171. Underlying issue in the Libraries component allows an unauthenticated, network-accessible attacker to read data from Java deployments that load untrusted cod...

4.3CVSS4.2AI score0.03146EPSS
CVE
CVE
added 2019/12/18 5:7 a.m.297 views

CVE-2019-19880

CVE-2019-19880 affects SQLite 3.30.1. The issue arises in exprListAppendList in window.c, where constant integer values in ORDER BY clauses of window definitions are mishandled, allowing an attacker to trigger an invalid pointer dereference. This is described in multiple connected sources (Astra ...

7.5CVSS7.8AI score0.06937EPSS
CVE
CVE
added 2020/04/29 12:7 p.m.296 views

CVE-2020-11884

CVE-2020-11884 affects the Linux kernel on s390x (versions 4.19–5.6.7). The issue is a race in enable_sacf_uaccess (arch/s390/lib/uaccess.c) that fails to protect against a concurrent page table upgrade (CID-3f777e19d171), potentially allowing code execution or a crash. The initial documents do n...

7CVSS6.6AI score0.00397EPSS
CVE
CVE
added 2021/01/06 10:30 p.m.296 views

CVE-2020-36179

CVE-2020-36179 affects FasterXML Jackson Databind (2.x) prior to 2.9.10.8, where the interaction between serialization gadgets and typing (notably involving DriverAdapterCPDS variants) is mishandled. Several connected advisories corroborate an insecure-deserialization pattern that can be triggere...

8.8CVSS7.7AI score0.20929EPSS
CVE
CVE
added 2020/04/15 1:29 p.m.295 views

CVE-2020-2778

CVE-2020-2778 affects Oracle Java SE JSSE (Java 11.0.6 and 14). It can be triggered over HTTPS by unauthenticated remote attackers, potentially enabling read access to a subset of Java SE data. The related connected advisories (e.g., CentOS/RH/OpenJDK tracking) describe the issue as an incomplete...

4.3CVSS3.7AI score0.02298EPSS
CVE
CVE
added 2021/03/20 8:5 p.m.295 views

CVE-2021-28952

CVE-2021-28952 concerns a buffer overflow in the Linux kernel’s sound/soc/qcom/sdm845.c soundwire driver when an unexpected port ID is encountered. Affected: Linux kernel 5.11.8 and earlier (through 5.11.x); root cause: buffer overflow in the driver. Impact described in sources as potentially ena...

7.8CVSS7.8AI score0.00378EPSS
CVE
CVE
added 2019/12/22 7:7 p.m.294 views

CVE-2019-19922

CVE-2019-19922 affects the Linux kernel sched subsystem (kernel/sched/fair.c) and is triggered when cpu.cfs_quota_us is in use (e.g., with Kubernetes). The issue allows a local attacker to cause a denial of service for non–CPU-bound applications by generating work that triggers slice expiration, ...

5.5CVSS6.4AI score0.00949EPSS
CVE
CVE
added 2020/04/15 1:29 p.m.294 views

CVE-2020-2767

CVE-2020-2767 affects Oracle Java SE JSSE: vulnerable in Java SE 11.0.6 and 14 (client/server deployment). The vulnerability allows unauthenticated network access over HTTPS to modify or read Java SE data due to TLS/JSSE handling flaws, with potential for unauthorized updates, insertions, deletio...

5.8CVSS4.6AI score0.02108EPSS
CVE
CVE
added 2021/05/26 11:11 a.m.292 views

CVE-2020-25668

CVE-2020-25668 is a Linux kernel vulnerability in the TTY subsystem (con_font_op) caused by unsynchronized access to fg_console, leading to a use-after-free. According to Debian, this can cause a crash or memory corruption and may enable privilege escalation; CloudLinux notes a fix was applied in...

7CVSS7.4AI score0.01026EPSS
CVE
CVE
added 2021/01/06 10:30 p.m.292 views

CVE-2020-36182

CVE-2020-36182 affects FasterXML jackson-databind 2.x before 2.9.10.8, due to mishandling of serialization gadgets and typing involving DriverAdapterCPDS (org.apache.tomcat.dbcp.dbcp2.cpdsadapter). Do not speculate on exploitability beyond what is stated; some sources (e.g., Debian LTS advisory) ...

8.8CVSS7.7AI score0.05018EPSS
CVE
CVE
added 2021/01/06 10:29 p.m.292 views

CVE-2020-36189

CVE-2020-36189 affects FasterXML jackson-databind 2.x before 2.9.10.8. The issue is a deserialization/serialization typing interaction with gadgets (e.g., logback, MySQL/commons proxies) that can lead to arbitrary code execution, data exfiltration or integrity/availability impacts as described in...

8.1CVSS7.7AI score0.04912EPSS
CVE
CVE
added 2021/01/06 10:30 p.m.291 views

CVE-2020-36183

CVE-2020-36183 affects FasterXML jackson-databind 2.x prior to 2.9.10.8, due to mishandling of interaction between serialization gadgets and typing (JNDIConnectionPool gadget chain). Reported in IBM/X-Force and mirrored in Astra Linux bulletin; impact can be high (deserialization-based). Affected...

8.1CVSS7.7AI score0.0489EPSS
CVE
CVE
added 2021/01/06 10:30 p.m.289 views

CVE-2020-36184

CVE-2020-36184 affects FasterXML jackson-databind 2.x before 2.9.10.8. The connected documents describe a vulnerability arising from the interaction between serialization gadgets and typing, tied to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource (and related datasource classes). T...

8.8CVSS7.7AI score0.10379EPSS
CVE
CVE
added 2019/11/18 5:23 a.m.288 views

CVE-2019-19054

CVE-2019-19054: A memory leak in the Linux kernel cx23888_ir_probe() function (drivers/media/pci/cx23885/cx23888-ir.c) through version 5.3.11 can lead to denial of service via memory consumption when kfifo_alloc() fails. Connected Nessus advisories (UNITY_LINUX_UTSA-2026-004170 and related entrie...

4.7CVSS6.2AI score0.00446EPSS
CVE
CVE
added 2020/05/27 2:42 p.m.287 views

CVE-2020-13632

SQLite vuln CVE-2020-13632 affects ext/fts3/fts3_snippet.c in SQLite

5.5CVSS6.2AI score0.00571EPSS
CVE
CVE
added 2021/01/06 10:29 p.m.286 views

CVE-2020-36185

CVE-2020-36185 is a Jackson Databind v2.x vulnerability (pre-2.9.10.8) where deserialization gadgets interact with typing, linked to SharedPoolDataSource/JNDI-related classes. Affected: jackson-databind 2.x before 2.9.10.8. Impact includes potential remote code execution via gadget chains. Remedi...

8.1CVSS7.7AI score0.05218EPSS
CVE
CVE
added 2021/04/19 9:11 p.m.286 views

CVE-2021-3506

CVE-2021-3506 : An out-of-bounds memory access in fs/f2fs/node.c of the Linux kernel (f2fs module) allows a local attacker to read/write out-of-bounds memory, leading to a system crash or leakage of kernel information. Affected are kernel versions before 5.12.0-rc4. The description notes the high...

7.1CVSS6.7AI score0.00366EPSS
CVE
CVE
added 2021/01/06 10:29 p.m.280 views

CVE-2020-36186

CVE-2020-36186 affects FasterXML jackson-databind 2.x up to before 2.9.10.8, where serialization gadgets and typing handling interact incorrectly in the presence of PerUserPoolDataSource (org.apache.tomcat.dbcp.dbcp.datasources). This deserialization-related flaw can impact confidentiality, integ...

8.1CVSS7.7AI score0.05218EPSS
CVE
CVE
added 2021/01/06 10:29 p.m.280 views

CVE-2020-36188

The CVE-2020-36188 issue affects FasterXML jackson-databind 2.x prior to 2.9.10.8, caused by mis-handling serialization gadgets in combination with typing (notably involving com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource). The vulnerability is described across multiple source...

8.1CVSS7.7AI score0.10911EPSS
CVE
CVE
added 2020/12/11 5:13 p.m.278 views

CVE-2020-27825

CVE-2020-27825: A use-after-free in Linux kernel kernel/trace/ring_buffer.c (before 5.10-rc1) enables a race between trace_open and cpu-buffer resize, allowing local DOS and potential information leaks. Affected: Linux kernel’s tracing ring buffer; root cause is a race on parallel CPU access. Mit...

5.7CVSS6.4AI score0.00276EPSS
CVE
CVE
added 2019/12/09 6:44 p.m.274 views

CVE-2019-19603

CVE-2019-19603 affects SQLite 3.30.1 (mishandling of certain SELECTs with nonexistent VIEW leading to app crash). Astra Linux bulletin confirms the same SQLite behavior. IBM CP4S advisory lists CP4S 1.7.2.0, 1.8.0.0, and 1.8.1.0 as affected, with remediation to CP4S 1.9.0.0. Action: upgrade to CP...

7.5CVSS8.3AI score0.0825EPSS
CVE
CVE
added 2019/12/08 1:1 a.m.273 views

CVE-2019-19448

CVE-2019-19448 is a use-after-free in Linux kernel’s Btrfs code (try_merge_free_space in fs/btrfs/free-space-cache.c). It can be triggered by mounting a crafted Btrfs image and performing operations followed by a syncfs, due to a pointer alias between left and right data structures. Affected: Lin...

7.8CVSS7AI score0.02143EPSS
CVE
CVE
added 2021/07/22 12:0 a.m.273 views

CVE-2021-32785

CVE-2021-32785 affects mod_auth_openidc (Apache 2.x) prior to 2.4.9 when configured with an unencrypted Redis cache. The issue arises from argument interpolation before Redis requests are passed to hiredis, causing an uncontrolled format string bug. Impact described as reliable denial of service ...

7.5CVSS6.4AI score0.02731EPSS
CVE
CVE
added 2021/01/06 10:29 p.m.272 views

CVE-2020-36187

CVE-2020-36187 affects FasterXML jackson-databind 2.x before 2.9.10.8. The root cause is a mishandling of the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource. The connected Astra Linux bulletin mirrors this description....

8.1CVSS7.7AI score0.05195EPSS
CVE
CVE
added 2019/12/25 3:1 a.m.271 views

CVE-2019-19965

CVE-2019-19965 is a vulnerability in the Linux kernel (affecting the SAS SAS discover path) where a NULL pointer dereference occurs in drivers/scsi/libsas/sas_discover.c due to mishandling of port disconnection during discovery, related to a PHY down race condition (CID-f70267f379b5). The Unity L...

4.7CVSS6.2AI score0.00654EPSS
CVE
CVE
added 2019/11/04 3:36 p.m.268 views

CVE-2019-18683

CVE-2019-18683 affects the Linux kernel’s V4L2 vivid driver (drivers/media/platform/vivid). The issue arises from wrong mutex locking in functions vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(), sdr_cap_stop_streaming(), and related kthreads, causing multiple race conditions dur...

7CVSS7.7AI score0.00985EPSS
CVE
CVE
added 2021/06/11 3:49 p.m.265 views

CVE-2021-22901

CVE-2021-22901 affects curl/libcurl up to version 7.76.x for builds using OpenSSL. A use-after-free during TLS 1.3 session-ticket handling on a single connection can lead to remote code execution in rare cases. Impact is tied to memory access after freeing objects when a session ticket arrives on...

8.1CVSS8.2AI score0.60122EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.263 views

CVE-2017-10102

CVE-2017-10102 is a remotely exploitable issue in Oracle Java SE and Java SE Embedded (RMI subcomponent) affecting Java SE 6u151, 7u141, 8u131 and Java SE Embedded 8u131. A remote attacker could compromise the target via API data handling over network access, potentially taking over the Java runt...

9CVSS8.7AI score0.02971EPSS
CVE
CVE
added 2017/10/19 5:0 p.m.263 views

CVE-2017-10345

CVE-2017-10345 affects Oracle Java SE/Embedded/JRockit serialization. The vulnerability allows an unauthenticated attacker with network access to compromise the target, potentially causing a partial denial of service; exploitation is difficult and may require human interaction. Affected versions ...

3.1CVSS4.2AI score0.02442EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.262 views

CVE-2017-10135

CVE-2017-10135 is a timing-channel vulnerability in the PKCS#8 implementation of the JCE component of OpenJDK/OpenJDK-derived JREs. Public sources in the dataset describe it as a covert timing channel flaw that could enable a remote attacker to glean information about the private key via timing a...

5.9CVSS5.9AI score0.02598EPSS
CVE
CVE
added 2019/12/24 3:43 p.m.262 views

CVE-2019-19923

CVE-2019-19923 affects SQLite 3.30.1, specifically the flattenSubquery path in select.c. The vulnerability arises when using SELECT DISTINCT with a LEFT JOIN where the right-hand side is a view, leading to a NULL pointer dereference or incorrect results. The connected documents consistently descr...

7.5CVSS7.8AI score0.0681EPSS
CVE
CVE
added 2021/05/26 11:25 a.m.262 views

CVE-2020-25669

CVE-2020-25669 is a Linux kernel use-after-free in sunkbd_reinit triggered after sunkbd interrupts and before freed; an alias remains after NULLing in sinkbd_disconnect, enabling a use-after-free condition. Documents indicate this is a kernel issue with local impact, potentially causing a crash o...

7.8CVSS7.7AI score0.00627EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.261 views

CVE-2017-10115

CVE-2017-10115 is a covert timing-channel vulnerability in the DSA implementation of the JCE in OpenJDK/OpenJRE/JRockit, affecting Java SE 6u151, 7u141, 8u131 and related packages (e.g., OpenJDK 7 on Debian/Ubuntu, RHEL/CentOS, Arch Linux advisories). A remote attacker could potentially exploit t...

7.5CVSS7.2AI score0.02737EPSS
CVE
CVE
added 2017/10/19 5:0 p.m.260 views

CVE-2017-10356

CVE-2017-10356 affects OpenJDK/OpenJDK Security component. The root cause is weak password-based encryption keys used to protect private keys stored in keystores, enabling an unauthenticated attacker with sufficient access to compromise protected data. Affected: Java SE components (OpenJDK/OpenJD...

6.2CVSS6.5AI score0.00754EPSS
CVE
CVE
added 2019/11/18 5:23 a.m.260 views

CVE-2019-19057

CVE-2019-19057 affects the Linux kernel mwifiex PCIe wireless driver (drivers/net/wireless/marvell/mwifiex/pcie.c). Two memory leaks in mwifiex_pcie_init_evt_ring() can occur through failures in mwifiex_map_pci_memory(), allowing a local attacker to trigger memory consumption and a denial of serv...

3.3CVSS6.1AI score0.00788EPSS
CVE
CVE
added 2020/06/24 6:4 p.m.260 views

CVE-2020-15025

The CVE-2020-15025 entry concerns ntpd (NTP) memory exhaustion via CMAC-related paths. Affected: ntpd 4.2.8 prior to 4.2.8p15 and 4.3.x prior to 4.3.101. Root cause: memory is not freed in CMAC-key scenarios in ntp.keys, enabling remote packets to trigger a denial of service through memory consum...

4.9CVSS5.7AI score0.03357EPSS
CVE
CVE
added 2017/10/19 5:0 p.m.259 views

CVE-2017-10281

CVE-2017-10281 affects Oracle/OpenJDK components (Java SE, Java SE Embedded, JRockit) with the Serialization subcomponent. The vulnerability is exploitable remotely via network protocols and can be triggered by sandboxed Web Start/Applet use or by supplying data to APIs, potentially causing parti...

5.3CVSS5.3AI score0.03305EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.258 views

CVE-2017-10087

CVE-2017-10087 is a vulnerability in Oracle Java SE/Java SE Embedded Libraries affecting Java SE 6u151, 7u141, and 8u131, and Java SE Embedded 8u131. The issue is an access-control bypass in the Libraries component that could allow a network-facilitated, unauthenticated attacker to take control o...

9.6CVSS9AI score0.02555EPSS
CVE
CVE
added 2017/10/19 5:0 p.m.258 views

CVE-2017-10295

CVE-2017-10295 affects OpenJDK (Java SE/Java SE Embedded) Networking: HttpURLConnection/HttpsURLConnection failed to detect newline characters in URLs, enabling potential HTTP header injection via attacker-provided URLs. Public notices in connected docs show affected package openjdk-7/openjdk-8 w...

4.3CVSS5.1AI score0.02199EPSS
Total number of security vulnerabilities345