Lucene search
K
NetappCloud Backup

345 matches found

CVE
CVE
added 2021/05/26 10:55 a.m.258 views

CVE-2020-25673

CVE-2020-25673 is described in connected documents as a Linux kernel vulnerability where a non-blocking socket in llcp_sock_connect() can cause a memory leak and eventually hang the system. The Unity Linux UTSA-2026-001467 advisory and related Nessus plugins reiterate this issue, referencing a vu...

5.5CVSS6.1AI score0.00479EPSS
CVE
CVE
added 2021/05/05 10:31 p.m.258 views

CVE-2021-3501

CVE-2021-3501 affects Linux kernels prior to 5.12. The vulnerability arises from the KVM API: the internal.ndata value is mapped to an array index and can be updated by a user process at any time, enabling an out-of-bounds write. Documented impact is data integrity and system availability. A patc...

7.1CVSS6.3AI score0.00374EPSS
CVE
CVE
added 2017/10/19 5:0 p.m.257 views

CVE-2017-10350

CVE-2017-10350 is an OpenJDK/Oracle Java SE vulnerability in the JAX-WS subcomponent that could allow an unauthenticated network attacker to cause a partial denial of service in Java SE/Java SE Embedded deployments (clients loading untrusted code in sandbox). Affected versions per initial descrip...

5.3CVSS5.4AI score0.03305EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.256 views

CVE-2017-10116

CVE-2017-10116 affects Oracle Java SE / Java SE Embedded / JRockit (OpenJDK-related vulnerabilities also reflected in various advisories). The vulnerability arises in the Security component’s LDAPCertStore where LDAP referrals to arbitrary URLs could be used by an unauthenticated network attacker...

8.3CVSS8.5AI score0.03524EPSS
CVE
CVE
added 2020/11/28 6:20 a.m.256 views

CVE-2020-29370

CVE-2020-29370 (Linux kernel): An issue in kmem_cache_alloc_bulk (mm/slub.c) before 5.5.11 where the slowpath path does not increment the TID as required (CID-fd4d9c7d0c71). Affected: Linux kernel prior to 5.5.11. Impact described in connected advisories as a vulnerability in the kernel memory al...

7CVSS7.5AI score0.00608EPSS
CVE
CVE
added 2017/10/19 5:0 p.m.254 views

CVE-2017-10388

CVE-2017-10388 affects the OpenJDK Kerberos client: the sname field from the plain-text KDC reply was used instead of the encrypted part, enabling a potential MITM impersonation of Kerberos services for Java applications acting as Kerberos clients. This vulnerability is documented across multiple...

7.5CVSS7.7AI score0.03206EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.252 views

CVE-2017-10067

CVE-2017-10067 affects Java SE Security in OpenJDK (targets: Java 6u151, 7u141, 8u131). The vulnerability allows a network-accessing, unauthenticated attacker to take control of the Java runtime via multiple protocols; exploitation requires user interaction. Impact aligns with the CVSS 3.0 base s...

7.5CVSS7.9AI score0.03236EPSS
CVE
CVE
added 2017/10/19 5:0 p.m.252 views

CVE-2017-10348

CVE-2017-10348 affects OpenJDK/OpenJDK-derived Java SE/Embedded libraries. The vulnerability, exploitable over the network by unauthenticated attackers, can lead to a partial denial of service on Java SE and Java SE Embedded. Public details in the provided materials indicate affected versions var...

5.3CVSS5.4AI score0.03305EPSS
CVE
CVE
added 2017/10/19 5:0 p.m.248 views

CVE-2017-10285

CVE-2017-10285 is confirmed to affect Oracle/OpenJDK Java SE and Java SE Embedded, specifically the RMI (Remote Method Invocation) component. The vulnerability allows an unauthenticated attacker with network access via multiple protocols to compromise Java SE/Embedded, with exploitation described...

9.6CVSS9AI score0.03143EPSS
CVE
CVE
added 2020/04/02 6:0 p.m.248 views

CVE-2020-8835

CVE-2020-8835 affects Linux kernel 5.5.0 and newer, with backports to 5.4.x. The issue is in the BPF verifier (kernel/bpf/verifier.c): it truncates 64-bit values to 32-bit for 32-bit operations, causing the verifier’s checked bounds to diverge from actual execution. This can lead to out-of-bounds...

7.8CVSS7.2AI score0.0601EPSS
CVE
CVE
added 2017/10/19 5:0 p.m.246 views

CVE-2017-10346

CVE-2017-10346 is an OpenJDK/Java SE vulnerability affecting multiple OpenJDK components (Hotspot, OpenJDK sandboxes) across affected Java versions (OpenJDK6/7/8/9 in various advisories). The public records in connected documents indicate the issue includes bypassing Java sandbox restrictions via...

9.6CVSS9.1AI score0.02962EPSS
CVE
CVE
added 2018/10/08 6:0 p.m.246 views

CVE-2018-18066

Net-SNMP CVE-2018-18066 is a NULL pointer dereference in snmp_oid_compare() within snmplib/snmp_api.c, affecting Net-SNMP versions before 5.8. An unauthenticated remote attacker can crash the agent by sending a crafted UDP packet, enabling a Denial of Service. Affected product scope includes Net-...

7.5CVSS7.2AI score0.04298EPSS
CVE
CVE
added 2019/12/24 4:3 p.m.246 views

CVE-2019-19925

CVE-2019-19925 concerns SQLite 3.30.1. The connected documents identify the vulnerable function as zipfileUpdate in ext/misc/zipfile.c, where a NULL pathname is mishandled during an update of a ZIP archive. The material does not provide additional technical details such as version ranges beyond S...

7.5CVSS7.8AI score0.0681EPSS
CVE
CVE
added 2020/08/19 6:28 p.m.246 views

CVE-2020-15861

Net-SNMP up to 5.7.3 is vulnerable to privilege escalation via UNIX symbolic link following (CVE-2020-15861). The flaw enables local attackers to escalate privileges; impact is described as escalation of privileges with local access. Connected advisories note Net-SNMP updates exist (e.g., Net-SNM...

7.8CVSS7.5AI score0.00459EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.245 views

CVE-2017-10243

CVE-2017-10243 affects Oracle Java SE, Java SE Embedded, and JRockit (JAX-WS subcomponent). Affected: Java SE 6u151, 7u141, 8u131; Java SE Embedded 8u131; JRockit R28.3.14. Exploitation: unauthenticated attacker with network access via multiple protocols can read a subset of data and cause a part...

6.5CVSS5.9AI score0.02862EPSS
CVE
CVE
added 2018/10/08 6:0 p.m.244 views

CVE-2018-18065

CVE-2018-18065 affects Net-SNMP before 5.8. The vulnerability is a NULL pointer dereference in _set_key within agent/helpers/table_container.c, which an authenticated attacker can exploit by sending a crafted UDP packet to remotely crash the SNMP service (DoS). Documented CVSS v3 base score is 6....

6.5CVSS6.2AI score0.17189EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.242 views

CVE-2017-10081

CVE-2017-10081 is a Sandbox/Access-Restriction bypass in the Hotspot component of OpenJDK. Affected Java runtimes include Java SE 6u151, 7u141, and 8u131 (Java SE Embedded 8u131). Several connected advisories note this as part of a broader OpenJDK set of issues (RMI, JAXP, ImageIO, Libraries, AWT...

4.3CVSS4.5AI score0.0222EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.241 views

CVE-2017-10109

CVE-2017-10109 concerns a serialization flaw in Oracle/OpenJDK Java SE components (Java SE, Java SE Embedded, JRockit). The vulnerability, tied to the Serialization subcomponent, can allow an unauthenticated, network-scoped attacker to trigger a denial of service (partial DoS) by loading untruste...

5.3CVSS5.4AI score0.03114EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.240 views

CVE-2017-10101

CVE-2017-10101 is a concrete OpenJDK/OpenJDK JAXP vulnerability. Affected: Java SE (6u151, 7u141, 8u131) and Java SE Embedded (8u131). Issue: untrusted code loaded in sandboxed deployments can bypass protections and lead to full takeover of Java SE/Embedded via JAXP. Exploitation is network-based...

9.6CVSS9AI score0.02555EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.239 views

CVE-2017-10053

CVE-2017-10053 is an OpenJDK/OpenJDK 2D JPEGImageReader vulnerability. The issue affects Java SE components (Java SE, Java SE Embedded, JRockit) with affected versions including Java 6u151, 7u141, 8u131 (and 8u131 for Java SE Embedded; JRockit R28.3.14). The vulnerability could allow an unauthent...

5.3CVSS5.3AI score0.0345EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.239 views

CVE-2017-10096

CVE-2017-10096 – OpenJDK/JAXP vulnerability (CWE-style) shows a flaw in the Java SE/Java SE Embedded stack, specifically the JAXP component. Affected are Oracle Java SE versions 6u151, 7u141, 8u131 and Java SE Embedded 8u131. The vulnerability can allow an unauthenticated attacker with network ac...

9.6CVSS9.1AI score0.02555EPSS
CVE
CVE
added 2017/10/19 5:0 p.m.239 views

CVE-2017-10349

CVE-2017-10349 affects the OpenJDK/JAXP component (Java SE and Java SE Embedded) where the vulnerability stems from unbounded memory growth during object creation from serialized data, enabling unauthenticated network access to cause a partial denial of service. Multiple connected advisories (IBM...

5.3CVSS5.4AI score0.03305EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.238 views

CVE-2017-10107

CVE-2017-10107 affects OpenJDK/OpenJDK-based packages (RMI) with vulnerable components in Java SE/Java SE Embedded. The connected security data confirms multiple OpenJDK subcomponents are vulnerable, including RMI-related sandbox bypass issues, and lists affected versions such as Java 6u151, 7u14...

9.6CVSS9AI score0.02555EPSS
CVE
CVE
added 2017/10/19 5:0 p.m.237 views

CVE-2017-10274

CVE-2017-10274 affects Oracle Java SE Smart Card IO. According to connected IBM advisories, the flaw can be exploited by an unauthenticated attacker over multiple protocols to compromise confidentiality and integrity (C/H, I/H) with high impact, though no availability impact is stated. Affected J...

6.8CVSS6.8AI score0.02635EPSS
CVE
CVE
added 2017/10/19 5:0 p.m.237 views

CVE-2017-10347

CVE-2017-10347 is a serialization-related vulnerability in Oracle Java SE/JRockit that affects Java SE 6u161, 7u151, 8u144 and 9, and Java SE Embedded 8u144. The issue allows an unauthenticated, networked attacker to cause a partial denial of service in vulnerable deployments that load untrusted ...

5.3CVSS5.5AI score0.03114EPSS
CVE
CVE
added 2021/11/15 12:0 a.m.237 views

CVE-2021-42376

CVE-2021-42376 is a BusyBox vulnerability affecting the hush applet where a NULL pointer dereference can cause denial of service when processing a crafted command due to missing validation after a delimiter. Public disclosures and vendor advisories across multiple distributions (Debian, Alpine, F...

5.5CVSS6.9AI score0.00399EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.236 views

CVE-2017-10089

CVE-2017-10089 affects Oracle Java SE ImageIO in OpenJDK/OpenJDK-derived disclosures: 6u151, 7u141, 8u131 are vulnerable. The issue allows a network-based, unauthenticated attacker to take control of the Java SE runtime, with UI interaction required, potentially impacting additional products. Aff...

9.6CVSS9.1AI score0.02415EPSS
CVE
CVE
added 2017/10/19 5:0 p.m.236 views

CVE-2017-10357

CVE-2017-10357 is a Java SE/OpenJDK vulnerability affecting the Serialization component in Oracle Java SE and Java SE Embedded. The Initial document lists affected versions as Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. The Connected documents corroborate multiple OpenJDK/OpenJDK...

5.3CVSS5.4AI score0.03305EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.235 views

CVE-2017-10108

CVE-2017-10108 affects Oracle Java SE, Java SE Embedded, and JRockit (Serialization). Affected versions include Java SE 6u151, 7u141, 8u131; Java SE Embedded 8u131; JRockit R28.3.14. The vulnerability allows unauthenticated remote exploitation via multiple protocols, potentially causing a partial...

5.3CVSS5.3AI score0.03114EPSS
CVE
CVE
added 2021/05/06 2:18 p.m.235 views

CVE-2020-35519

CVE-2020-35519 is an out-of-bounds memory access in the Linux kernel, specifically in x25_bind() within net/x25/af_x25.c of v5.12-rc5. The bounds-check failure enables a local user to access out-of-bounds memory, potentially crashing the system or leaking kernel data. Connected advisories confirm...

7.8CVSS7.6AI score0.00408EPSS
CVE
CVE
added 2020/04/09 11:50 p.m.235 views

CVE-2020-8832

The CVE-2020-8832 entry concerns the Ubuntu 18.04 LTS Linux kernel where the fix for CVE-2019-14615 (clearing data structures on context switches for certain Intel graphics processors) was incomplete. The vulnerability affects kernels prior to 4.15.0-91.92, enabling a local attacker to expose sen...

5.5CVSS6.2AI score0.00452EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.234 views

CVE-2017-10110

CVE-2017-10110 affects the Java SE AWT component in Oracle Java SE and is reported in multiple advisories referencing OpenJDK/OpenJDK-derived packages. Affected versions noted across sources include Java SE 6u151, 7u141 and 8u131 (and related OpenJDK/OpenJDK7 packaging in Debian/CentOS/Arch Linux...

9.6CVSS9.1AI score0.02415EPSS
CVE
CVE
added 2019/02/26 2:0 a.m.231 views

CVE-2009-5155

CVE-2009-5155 affects the GNU C Library (glibc) prior to 2.28. The vulnerability is in parse_reg_exp (posix/regcomp.c) where misparsing alternatives can cause a denial of service (assertion failure and process exit) or yield an incorrect match result. Affected products include glibc in systems us...

7.5CVSS6.9AI score0.03906EPSS
CVE
CVE
added 2019/12/24 3:53 p.m.229 views

CVE-2019-19924

CVE-2019-19924 affects SQLite 3.30.1 with faulty error handling in sqlite3WindowRewrite() during parser-tree rewriting (expr.c, vdbeaux.c, window.c). The connected Astra Linux note reproduces the vulnerability description, and IBM CP4S remediation states CP4S 1.9.0 fixes this by upgrading from CP...

5.3CVSS6.9AI score0.07856EPSS
CVE
CVE
added 2020/04/29 6:52 p.m.228 views

CVE-2020-12465

CVE-2020-12465: An array overflow in mt76_add_fragment (drivers/net/wireless/mediatek/mt76/dma.c) of the Linux kernel before 5.5.10 can cause memory corruption by an oversized packet with too many RX fragments. The issue is documented in the Uniti/Miracle Linux advisories referencing CVE-2020-124...

7.2CVSS6.6AI score0.00382EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.226 views

CVE-2017-10074

CVE-2017-10074 affects OpenJDK/OpenJDK Hotspot in Java SE and Java SE Embedded. Affected: Java SE 6u151, 7u141, 8u131; Java SE Embedded 8u131. Root cause per advisories: Hotspot range-checking overflow in OpenJDK leading to possible arbitrary-code execution under a sandbox-compiled Java applet/ru...

8.3CVSS8.6AI score0.03117EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.224 views

CVE-2017-10193

CVE-2017-10193 affects the Java SE and Java SE Embedded components (OpenJDK) with affected Java SE versions 6u151, 7u141, 8u131 and Java SE Embedded 8u131. The vulnerability enables a network-accessible attacker to compromise Java SE/Embedded when running untrusted code in sandboxed client deploy...

3.1CVSS3.7AI score0.02224EPSS
CVE
CVE
added 2019/12/09 3:15 p.m.222 views

CVE-2019-19645

CVE-2019-19645 affects SQLite. Vulnerable component: alter.c in SQLite up to version 3.30.1. Description: attackers can trigger infinite recursion through certain self-referential views when used with ALTER TABLE statements. Impact stated as infinite recursion, implying potential crash/denial of ...

5.5CVSS7AI score0.00566EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.219 views

CVE-2017-10198

CVE-2017-10198 affects Oracle Java SE, Java SE Embedded, and JRockit. Vulnerability in the Security component (and related areas) allows unauthenticated network-based access to compromise affected Java runtimes (Java SE 6u151, 7u141, 8u131; Embedded 8u131; JRockit R28.3.14). Exploitation is possi...

6.8CVSS6.8AI score0.02598EPSS
CVE
CVE
added 2017/10/19 5:0 p.m.219 views

CVE-2017-10309

CVE-2017-10309 involves the Deployment subcomponent of Oracle Java SE. Public details in the provided documents indicate an XML External Entity/Information Disclosure style vulnerability affecting Java 8u144 and Java 9 deployments, with network-accessible exploitation requiring user interaction. ...

7.1CVSS7AI score0.08794EPSS
CVE
CVE
added 2019/12/09 6:36 p.m.219 views

CVE-2019-19646

SQLite: CVE-2019-19646 affects SQLite 3.30.1 and earlier; pragma.c mishandles NOT NULL in an integrity_check PRAGMA when used with generated columns. This is a generated-column-related NOT NULL handling issue in the integrity_check PRAGMA, per the description. It is high-severity (per CVSS) and m...

9.8CVSS9.3AI score0.05231EPSS
CVE
CVE
added 2021/03/26 4:47 p.m.217 views

CVE-2021-20197

CVE-2021-20197 is a local race-condition vulnerability in GNU Binutils (affecting ar, objcopy, strip, ranlib) up to version 2.35. An unprivileged user can exploit a symlink-based race window when these tools run as a privileged user to gain ownership of arbitrary files. The provided documents con...

6.3CVSS6.3AI score0.00307EPSS
CVE
CVE
added 2019/11/29 3:55 p.m.208 views

CVE-2019-19377

CVE-2019-19377 concerns Linux kernel 5.0.21 where mounting a crafted btrfs image, performing actions, and unmounting can trigger a use-after-free in btrfs_queue_work (fs/btrfs/async-thread.c). Connected Nessus advisories for Unity Linux (UTSA-2026-004393) reiterate this, tying the issue to kernel...

7.8CVSS7.1AI score0.034EPSS
CVE
CVE
added 2018/03/06 8:0 p.m.205 views

CVE-2018-7184

CVE-2018-7184 affects ntpd 4.2.8p4 through 4.2.8p10, where a zero-origin timestamp in certain packets can disrupt the association and cause DoS. This is described as a result of an incomplete fix for CVE-2015-7704. Remediation available: upgrade to ntpd 4.2.8p11 or later; several advisories (e.g....

7.5CVSS7.5AI score0.08687EPSS
CVE
CVE
added 2021/03/20 7:53 p.m.205 views

CVE-2021-28951

CVE-2021-28951 is a Linux kernel flaw affecting fs/io_uring.c up to 5.11.8 that can cause a denial of service (deadlock) when exit waits for a SQPOLL thread while the thread awaits a start signal. The issue is documented in multiple advisories (e.g., ALAS2KERNEL entries for Kernel-5.10/5.15 and r...

5.5CVSS5.6AI score0.00279EPSS
CVE
CVE
added 2018/07/18 1:0 p.m.204 views

CVE-2018-2964

CVE-2018-2964 affects Oracle Java SE Deployment. Affected are Java SE 8u172 and 10.0.1; the flaw is exploitable over the network via multiple protocols and may allow takeover of Java SE, with client deployments using untrusted code in sandboxed environments being at risk. Exploitation is reported...

8.3CVSS8.6AI score0.02767EPSS
CVE
CVE
added 2019/11/18 5:24 a.m.204 views

CVE-2019-19061

CVE-2019-19061 is tied to a memory leak in the Linux kernel’s ADIS16400 IIO IMU driver: adis_update_scan_mode_burst() in drivers/iio/imu/adis_buffer.c before 5.3.9. The issue can cause denial of service via memory exhaustion. Affected component: Linux kernel (ADIS16400 IIO IMU driver). Root cause...

7.8CVSS6.7AI score0.03255EPSS
CVE
CVE
added 2021/06/11 3:49 p.m.202 views

CVE-2021-22897

CVE-2021-22897 affects curl/libcurl when built with Schannel TLS. A bug stores the CURLOP SSL_CIPHER_LIST selection in a single static variable, causing the last cipher set to apply to all concurrent transfers. This can lead to exposure of data to the wrong session and weaker transport security. ...

5.3CVSS5.5AI score0.02979EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.201 views

CVE-2017-10078

CVE-2017-10078 affects Oracle Java SE 8u131 (Scripting) and can be exploited over network with multiple protocols, enabling high-impact confidentiality and integrity violations and data access. The vulnerability can be triggered by sandboxed Web Start/Applet use or via APIs without sandboxing. Th...

8.1CVSS7.8AI score0.02402EPSS
CVE
CVE
added 2020/01/15 4:34 p.m.200 views

CVE-2020-2585

CVE-2020-2585 is referenced in connected security advisories as affecting Oracle Java SE (component JavaFX) with affected Java SE 8u231. The advisory notes that exploitation is difficult but possible by a network-access attacker through multiple protocols, potentially allowing unauthorized creati...

5.9CVSS5.6AI score0.03321EPSS
Total number of security vulnerabilities345