Lucene search

K
NetappCloud Backup

344 matches found

CVE
CVE
added 2020/03/27 3:15 p.m.149 views

CVE-2020-5863

In NGINX Controller versions prior to 3.2.0, an unauthenticated attacker with network access to the Controller API can create unprivileged user accounts. The user which is created is only able to upload a new license to the system but cannot view or modify any other components of the system.

8.6CVSS8.6AI score0.01111EPSS
CVE
CVE
added 2021/03/26 5:15 p.m.146 views

CVE-2021-20284

A flaw was found in GNU Binutils 2.35.1, where there is a heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c due to the number of symbols not calculated correctly. The highest threat from this vulnerability is to system availability.

5.5CVSS6AI score0.00114EPSS
CVE
CVE
added 2017/08/08 3:29 p.m.145 views

CVE-2017-10193

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

3.1CVSS3.7AI score0.00379EPSS
CVE
CVE
added 2020/12/09 9:15 p.m.142 views

CVE-2020-16599

A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in _bfd_elf_get_symbol_version_string, as demonstrated in nm-new, that can cause a denial of service via a crafted file.

5.5CVSS5.4AI score0.00051EPSS
CVE
CVE
added 2017/10/19 5:29 p.m.139 views

CVE-2017-10309

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 8u144 and 9. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks r...

7.1CVSS7AI score0.01768EPSS
CVE
CVE
added 2022/02/09 11:15 p.m.138 views

CVE-2021-0060

Insufficient compartmentalization in HECI subsystem for the Intel(R) SPS before versions SPS_E5_04.01.04.516.0, SPS_E5_04.04.04.033.0, SPS_E5_04.04.03.281.0, SPS_E5_03.01.03.116.0, SPS_E3_05.01.04.309.0, SPS_02.04.00.101.0, SPS_SoC-A_05.00.03.114.0, SPS_SoC-X_04.00.04.326.0, SPS_SoC-X_03.00.03.117....

7.2CVSS6.5AI score0.00235EPSS
CVE
CVE
added 2017/08/08 3:29 p.m.133 views

CVE-2017-10176

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network ...

7.5CVSS7AI score0.0147EPSS
CVE
CVE
added 2021/09/20 6:15 a.m.133 views

CVE-2021-38300

arch/mips/net/bpf_jit.c in the Linux kernel before 5.4.10 can generate undesirable machine code when transforming unprivileged cBPF programs, allowing execution of arbitrary code within the kernel context. This occurs because conditional branches can exceed the 128 KB limit of the MIPS architecture...

7.8CVSS7.5AI score0.00045EPSS
CVE
CVE
added 2021/06/24 12:15 p.m.132 views

CVE-2020-28097

The vgacon subsystem in the Linux kernel before 5.8.10 mishandles software scrollback. There is a vgacon_scrolldelta out-of-bounds read, aka CID-973c096f6a85.

5.9CVSS6.3AI score0.00147EPSS
CVE
CVE
added 2021/05/14 11:15 p.m.131 views

CVE-2019-25044

The block subsystem in the Linux kernel before 5.2 has a use-after-free that can lead to arbitrary code execution in the kernel context and privilege escalation, aka CID-c3e2219216c9. This is related to blk_mq_free_rqs and blk_cleanup_queue.

7.8CVSS7.6AI score0.00133EPSS
CVE
CVE
added 2021/11/15 9:15 p.m.130 views

CVE-2021-42373

A NULL pointer dereference in Busybox's man applet leads to denial of service when a section name is supplied but no page argument is given

5.5CVSS6.8AI score0.00052EPSS
CVE
CVE
added 2017/08/08 3:29 p.m.129 views

CVE-2017-10078

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Scripting). The supported version that is affected is Java SE: 8u131. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this ...

8.1CVSS7.8AI score0.00892EPSS
CVE
CVE
added 2020/02/25 6:15 p.m.129 views

CVE-2020-9391

An issue was discovered in the Linux kernel 5.4 and 5.5 through 5.5.6 on the AArch64 architecture. It ignores the top byte in the address passed to the brk system call, potentially moving the memory break downwards when the application expects it to move upwards, aka CID-dcde237319e6. This has been...

5.5CVSS5.4AI score0.00161EPSS
CVE
CVE
added 2021/11/15 9:15 p.m.129 views

CVE-2021-42375

An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due to the shell mistaking specific characters for reserved characters. This may be used for DoS under rare conditions of filtered command input.

5.5CVSS7AI score0.00051EPSS
CVE
CVE
added 2021/01/04 3:15 p.m.128 views

CVE-2020-35493

A flaw exists in binutils in bfd/pef.c. An attacker who is able to submit a crafted PEF file to be parsed by objdump could cause a heap buffer overflow -> out-of-bounds read that could lead to an impact to application availability. This flaw affects binutils versions prior to 2.34.

5.5CVSS5.8AI score0.00359EPSS
CVE
CVE
added 2021/12/08 5:15 a.m.127 views

CVE-2018-25020

The BPF subsystem in the Linux kernel before 4.17 mishandles situations with a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions, leading to an overflow. This affects kernel/bpf/core.c and net/core/filter.c.

7.8CVSS7.1AI score0.00028EPSS
CVE
CVE
added 2020/01/15 5:15 p.m.126 views

CVE-2020-2585

Vulnerability in the Java SE product of Oracle Java SE (component: JavaFX). The supported version that is affected is Java SE: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulne...

5.9CVSS5.6AI score0.01472EPSS
CVE
CVE
added 2017/10/19 5:29 p.m.125 views

CVE-2017-10293

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Javadoc). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Java SE. Successful attacks requ...

6.1CVSS6.1AI score0.00608EPSS
CVE
CVE
added 2019/11/18 6:15 a.m.125 views

CVE-2019-19053

A memory leak in the rpmsg_eptdev_write_iter() function in drivers/rpmsg/rpmsg_char.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering copy_from_iter_full() failures, aka CID-bbe692e349e2.

7.8CVSS7.5AI score0.00422EPSS
CVE
CVE
added 2021/01/04 3:15 p.m.125 views

CVE-2020-35496

There's a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. This flaw affects binutils vers...

5.5CVSS5.5AI score0.00085EPSS
CVE
CVE
added 2017/08/08 3:29 p.m.124 views

CVE-2017-10118

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network acces...

7.5CVSS7AI score0.00446EPSS
CVE
CVE
added 2018/07/18 1:29 p.m.123 views

CVE-2018-2964

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 8u172 and 10.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful at...

8.3CVSS8.6AI score0.00953EPSS
CVE
CVE
added 2019/01/16 8:29 p.m.122 views

CVE-2018-5736

An error in zone database reference counting can lead to an assertion failure if a server which is running an affected version of BIND attempts several transfers of a slave zone in quick succession. This defect could be deliberately exercised by an attacker who is permitted to cause a vulnerable se...

5.3CVSS5.7AI score0.44156EPSS
CVE
CVE
added 2017/08/08 3:29 p.m.118 views

CVE-2017-10105

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successfu...

4.3CVSS4.4AI score0.00393EPSS
CVE
CVE
added 2017/08/08 3:29 p.m.117 views

CVE-2017-10111

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). The supported version that is affected is Java SE: 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to com...

9.6CVSS9AI score0.0126EPSS
CVE
CVE
added 2017/08/08 3:29 p.m.117 views

CVE-2017-10114

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE: 7u141 and 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks...

8.3CVSS8.5AI score0.01714EPSS
CVE
CVE
added 2018/04/19 2:29 a.m.117 views

CVE-2018-2826

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). The supported version that is affected is Java SE: 10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require ...

8.3CVSS8AI score0.02916EPSS
CVE
CVE
added 2018/01/18 2:29 a.m.115 views

CVE-2018-2638

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 8u152 and 9.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful att...

8.3CVSS8AI score0.00936EPSS
CVE
CVE
added 2021/06/29 12:15 p.m.114 views

CVE-2021-28691

Guest triggered use-after-free in Linux xen-netback A malicious or buggy network PV frontend can force Linux netback to disable the interface and terminate the receive kernel thread associated with queue 0 in response to the frontend sending a malformed packet. Such kernel thread termination will l...

7.8CVSS7.3AI score0.00036EPSS
CVE
CVE
added 2019/11/18 6:15 a.m.113 views

CVE-2019-19044

Two memory leaks in the v3d_submit_cl_ioctl() function in drivers/gpu/drm/v3d/v3d_gem.c in the Linux kernel before 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering kcalloc() or v3d_job_init() failures, aka CID-29cd13cfd762.

7.8CVSS7AI score0.00647EPSS
CVE
CVE
added 2020/11/12 6:15 p.m.113 views

CVE-2020-8747

Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information disclosure and/or denial of service via network access.

9.1CVSS8.7AI score0.00804EPSS
CVE
CVE
added 2020/11/12 6:15 p.m.113 views

CVE-2020-8752

Out-of-bounds write in IPv6 subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 14.0.45 may allow an unauthenticated user to potentially enable escalation of privileges via network access.

9.8CVSS9.5AI score0.00733EPSS
CVE
CVE
added 2021/03/05 6:15 p.m.113 views

CVE-2021-28039

An issue was discovered in the Linux kernel 5.9.x through 5.11.3, as used with Xen. In some less-common configurations, an x86 PV guest OS user can crash a Dom0 or driver domain via a large amount of I/O activity. The issue relates to misuse of guest physical addresses when a configuration has CONF...

6.5CVSS5.9AI score0.0014EPSS
CVE
CVE
added 2021/06/09 7:15 p.m.111 views

CVE-2020-12358

Out of bounds write in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable denial of service via local access.

4.4CVSS5.5AI score0.00046EPSS
CVE
CVE
added 2022/02/09 11:15 p.m.109 views

CVE-2021-0103

Insufficient control flow management in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable an escalation of privilege via local access.

6.7CVSS6.6AI score0.00156EPSS
CVE
CVE
added 2017/08/08 3:29 p.m.107 views

CVE-2017-10125

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 7u141 and 8u131. Difficult to exploit vulnerability allows physical access to compromise Java SE. While the vulnerability is in Java SE, attacks may significantly i...

7.1CVSS7.6AI score0.00274EPSS
CVE
CVE
added 2020/11/12 6:15 p.m.105 views

CVE-2020-8749

Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.

8.8CVSS9.2AI score0.00536EPSS
CVE
CVE
added 2017/08/08 3:29 p.m.104 views

CVE-2017-10086

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE: 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks r...

9.6CVSS9AI score0.0126EPSS
CVE
CVE
added 2021/06/07 8:15 p.m.103 views

CVE-2019-25045

An issue was discovered in the Linux kernel before 5.0.19. The XFRM subsystem has a use-after-free, related to an xfrm_state_fini panic, aka CID-dbb2483b2a46.

7.8CVSS7AI score0.00139EPSS
CVE
CVE
added 2022/02/09 11:15 p.m.103 views

CVE-2021-33068

Null pointer dereference in subsystem for Intel(R) AMT before versions 15.0.35 may allow an authenticated user to potentially enable denial of service via network access.

6.5CVSS6.2AI score0.00366EPSS
CVE
CVE
added 2018/07/18 1:29 p.m.101 views

CVE-2018-2941

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE: 7u181, 8u172 and 10.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful...

8.3CVSS8.5AI score0.01278EPSS
CVE
CVE
added 2021/01/04 3:15 p.m.101 views

CVE-2020-35494

There's a flaw in binutils /opcodes/tic4x-dis.c. An attacker who is able to submit a crafted input file to be processed by binutils could cause usage of uninitialized memory. The highest threat is to application availability with a lower threat to data confidentiality. This flaw affects binutils ve...

6.1CVSS6AI score0.00355EPSS
CVE
CVE
added 2022/02/09 11:15 p.m.101 views

CVE-2021-0119

Improper initialization in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via physical access.

6.2CVSS6.4AI score0.00156EPSS
CVE
CVE
added 2018/07/18 1:29 p.m.100 views

CVE-2018-2942

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Windows DLL). Supported versions that are affected are Java SE: 7u181 and 8u172. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful at...

8.3CVSS8.3AI score0.00583EPSS
CVE
CVE
added 2022/02/09 11:15 p.m.100 views

CVE-2021-0124

Improper access control in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via physical access.

6.6CVSS6.6AI score0.00199EPSS
CVE
CVE
added 2018/04/19 2:29 a.m.99 views

CVE-2018-2825

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). The supported version that is affected is Java SE: 10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require ...

8.3CVSS8AI score0.01133EPSS
CVE
CVE
added 2018/01/18 2:29 a.m.97 views

CVE-2018-2627

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Installer). Supported versions that are affected are Java SE: 8u152 and 9.0.1. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Java SE executes to compromise Java SE. Suc...

7.5CVSS7.4AI score0.00373EPSS
CVE
CVE
added 2019/11/14 8:15 p.m.97 views

CVE-2019-14574

Out of bounds read in a subsystem for Intel(R) Graphics Driver versions before 26.20.100.7209 may allow an authenticated user to potentially enable denial of service via local access.

5.5CVSS5.5AI score0.00147EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.97 views

CVE-2020-14664

Vulnerability in the Java SE product of Oracle Java SE (component: JavaFX). The supported version that is affected is Java SE: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human...

8.3CVSS8.1AI score0.01002EPSS
CVE
CVE
added 2021/01/04 3:15 p.m.97 views

CVE-2020-35495

There's a flaw in binutils /bfd/pef.c. An attacker who is able to submit a crafted input file to be processed by the objdump program could cause a null pointer dereference. The greatest threat from this flaw is to application availability. This flaw affects binutils versions prior to 2.34.

5.5CVSS5.5AI score0.00355EPSS
Total number of security vulnerabilities344