Lucene search
+L
NetappCloud Backup

345 matches found

CVE
CVE
added 2018/04/19 2:0 a.m.199 views

CVE-2018-2826

CVE-2018-2826 affects Oracle Java SE Libraries in Java SE 10. The vulnerability allows an unauthenticated network-based attacker to compromise Java SE, with potential takeover of the Java Runtime, per the description. CVSS 3.1 indicates HIGH impact (C, I, A HIGH) with NETWORK attack vector and re...

8.3CVSS8AI score0.04979EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.198 views

CVE-2017-10176

CVE-2017-10176 affects Oracle Java SE/SE Embedded/JRockit (OpenJDK/OpenJDK components) with affected releases including Java SE 7u141 and 8u131, SE Embedded 8u131, JRockit R28.3.14. The vulnerability enables an unauthenticated network attacker to access or take data via multiple protocols and can...

7.5CVSS7AI score0.05034EPSS
CVE
CVE
added 2017/10/19 5:0 p.m.198 views

CVE-2017-10293

CVE-2017-10293 is a vulnerability in the Oracle Java SE Javadoc component affecting Java SE versions 6u161, 7u151, 8u144, and 9. It permits an unauthenticated attacker with network access via HTTP to potentially read and modify Java data and read data, with user interaction required for exploitat...

6.1CVSS6.1AI score0.01489EPSS
CVE
CVE
added 2019/02/26 2:0 a.m.197 views

CVE-2018-20796

CVE-2018-20796 (glibc) : Affected: GNU C Library (glibc) up to 2.29. Root cause: check_dst_limits_calc_pos_1 in posix/regexec.c experiences Uncontrolled Recursion. Evidence from IBM/NVD entry confirms the CWE-674 Uncontrolled Recursion and the vulnerable component/file. Impact details are stated ...

7.5CVSS5.2AI score0.05804EPSS
CVE
CVE
added 2021/12/08 4:47 a.m.194 views

CVE-2018-25020

Summary of CVE-2018-25020 (Linux kernel BPF): The vulnerability is in the BPF subsystem where a long jump over an instruction sequence can cause an overflow. It specifically affects the kernel's BPF implementations in files kernel/bpf/core.c and net/core/filter.c, for Linux kernels prior to 4.17....

7.8CVSS7.1AI score0.00505EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.191 views

CVE-2017-10114

CVE-2017-10114 affects the Java SE/JavaFX component; specifically Java SE 7u141 and 8u131. The vulnerability is described as difficult to exploit, requiring network access via multiple protocols and user interaction, with potential takeover of Java SE and possible impact on other products relying...

8.3CVSS8.5AI score0.0229EPSS
CVE
CVE
added 2021/04/29 3:3 a.m.190 views

CVE-2021-31879

CVE-2021-31879 affects GNU Wget by not omitting the Authorization header when redirecting to a different origin. Public details show: upstream GNU Wget up to 1.21.1 is vulnerable; Alpine Linux advisories indicate wget older than 1.21.2-1 are affected and that upgrading resolves the issue; other e...

6.1CVSS7.8AI score0.01104EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.189 views

CVE-2017-10118

CVE-2017-10118 affects Oracle Java SE/JRockit/JCE with a timing-channel vulnerability in ECDSA within the JCE component. A remote attacker could potentially recover private keys by observing timing differences, enabling unauthenticated network-remote exploitation on affected OpenJDK/JRockit confi...

7.5CVSS7AI score0.02972EPSS
CVE
CVE
added 2021/01/04 2:24 p.m.188 views

CVE-2020-35507

CVE-2020-35507 (binutils) concerns a NULL pointer dereference in bfd_pef_parse_function_stubs in bfd/pef.c when processing crafted files with objdump, affecting versions prior to 2.34. This is a Binutils issue that can impact availability. The Astra Linux security bulletin mirrors this flaw and c...

5.5CVSS5.7AI score0.01234EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.187 views

CVE-2017-10105

CVE-2017-10105 is a vulnerability in the Oracle Java SE Deployment component affecting Java SE 6u151, 7u141, and 8u131. The connected CHAINGUARD entry confirms a vulnerability in Oracle Java SE Deployment with unspecified root cause and a potential impact to data integrity, but does not provide p...

4.3CVSS4.4AI score0.01913EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.186 views

CVE-2017-10111

CVE-2017-10111 affects Oracle Java OpenJDK’s Libraries component (Java SE). The connected advisories confirm vulnerable versions include Java SE 8u131 and Java SE Embedded 8u131, with exploitation described as arbitrary code execution via the LambdaFormEditor bounds checks in the Libraries, enabl...

9.6CVSS9AI score0.02132EPSS
CVE
CVE
added 2019/12/05 1:53 p.m.186 views

CVE-2019-19317

CVE-2019-19317 affects SQLite 3.30.1 where lookupName in resolve.c omits bits from the colUsed bitmask for generated columns, enabling denial of service and potentially other impacts. The issue is tied to the underlying bitmask logic in the generated column path and has been addressed by multiple...

9.8CVSS9.5AI score0.04276EPSS
CVE
CVE
added 2018/01/18 2:0 a.m.185 views

CVE-2018-2638

CVE-2018-2638 is addressed in IBM product advisories for IBM Netezza and IBM InfoSphere Optim. The IBM Netezza Platform Software requires upgrading to 11.2.1.2 (Fix Central link provided in the bulletin). Separately, IBM InfoSphere Optim solutions (11.3.0) should apply fix pack 11.3.0.7 to mitiga...

8.3CVSS8AI score0.03328EPSS
CVE
CVE
added 2021/09/20 5:25 a.m.185 views

CVE-2021-38300

CVE-2021-38300 affects the Linux kernel on MIPS through arch/mips/net/bpf_jit.c, where the BPF JIT can emit incorrect machine code when transforming unprivileged cBPF programs. Root cause: conditional branches can exceed the 128 KB limit, enabling a local user to execute arbitrary code in kernel ...

7.8CVSS7.5AI score0.00621EPSS
CVE
CVE
added 2018/07/18 1:0 p.m.179 views

CVE-2018-2941

CVE-2018-2941 affects Oracle Java SE (JavaFX) with affected products Java SE 7u181, 8u172, and 10.0.1. The vulnerability is difficult to exploit, requires network access via multiple protocols and user interaction, and can lead to takeover of Java SE. It principally concerns Java deployments runn...

8.3CVSS8.5AI score0.02239EPSS
CVE
CVE
added 2021/06/24 12:0 p.m.179 views

CVE-2020-28097

CVE-2020-28097 affects the Linux kernel’s vgacon subsystem; versions before 5.8.10 mishandle software scrollback, causing a vgacon_scrolldelta out-of-bounds read . This is a local issue that can read kernel memory via the vgacon pathway. The public references note the fix in kernel release 5.8.10...

5.9CVSS6.3AI score0.00519EPSS
CVE
CVE
added 2021/11/15 12:0 a.m.179 views

CVE-2021-42374

CVE-2021-42374 is an out-of-bounds heap read in BusyBox’s unlzma applet that can lead to information leakage and denial of service when decompressing crafted LZMA input. Connected sources confirm impact on BusyBox broadly (unlzma) across multiple distributions and variants (e.g., Debian/BusyBox a...

5.3CVSS5.9AI score0.00579EPSS
CVE
CVE
added 2021/11/15 12:0 a.m.178 views

CVE-2021-42377

CVE-2021-42377 (BusyBox) is one of multiple vulnerabilities affecting BusyBox, specifically in the hush applet. The issue is an attacker-controlled pointer free that can cause denial of service and, under rare crafted inputs, may enable remote code execution. The vulnerability is categorized unde...

9.8CVSS9.5AI score0.03379EPSS
CVE
CVE
added 2021/06/29 11:30 a.m.177 views

CVE-2021-28691

Summary (CVE-2021-28691) In the Linux kernel Xen hypervisor integration, xen-netback may suffer a use-after-free when tearing down the backend. The root cause is that the RX task thread can be freed if the frontend triggers a thread stop during backend teardown, leading to a stale pointer being u...

7.8CVSS7.3AI score0.00361EPSS
CVE
CVE
added 2021/03/26 4:39 p.m.172 views

CVE-2021-20284

CVE-2021-20284 affects GNU Binutils (version 2.35.1) with a heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section (elf.c) caused by incorrect calculation of the number of symbols. The vulnerability is described as having a highest impact on availability. The provided materials iden...

5.5CVSS6AI score0.01287EPSS
CVE
CVE
added 2018/04/19 2:0 a.m.171 views

CVE-2018-2825

CVE-2018-2825 concerns Oracle Java SE Libraries with affected Java SE 10, allowing network-based attacks that may compromise confidentiality, integrity, and availability; the exploitation requires user interaction. The connected documents largely discuss IBM-specific advisories (IBM i, Netcool Ag...

8.3CVSS8AI score0.04146EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.170 views

CVE-2017-10125

CVE-2017-10125 is described in the initial document as a vulnerability in the Oracle Java SE Deployment component affecting Java SE 7u141 and 8u131. The impact is stated as potentially allowing takeover of Java SE, with CVSS 3.0/3.1 metrics indicating a physical access prerequisite (HPC: PHYSICAL...

7.1CVSS7.6AI score0.0063EPSS
CVE
CVE
added 2020/12/09 9:6 p.m.169 views

CVE-2020-16599

CVE-2020-16599 concerns a NULL pointer dereference in the GNU Binutils library (libbfd) distributed with Binutils 2.35, specifically in _bfd_elf_get_symbol_version_string used by nm-new, which can cause a denial of service via a crafted ELF file. The connected Nessus entries note an “illegal memo...

5.5CVSS5.4AI score0.01042EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.167 views

CVE-2017-10086

CVE-2017-10086 affects Oracle Java SE (JavaFX) in Java 7u141 and 8u131. Descriptions indicate an easily exploitable, network-accessible vulnerability that can be exploited with no authentication and user interaction, potentially leading to takeover of Java SE. The connected documents cite this CV...

9.6CVSS9AI score0.02132EPSS
CVE
CVE
added 2020/07/15 5:34 p.m.167 views

CVE-2020-14664

CVE-2020-14664 affects Oracle Java SE (component: JavaFX ) with affected version Java SE 8u251 . The vulnerability is exploitable over the network and can be triggered by loading untrusted code in client-side Java deployments (Web Start/applets). It requires user interaction and could lead to tak...

8.3CVSS8.1AI score0.04245EPSS
CVE
CVE
added 2020/03/27 2:35 p.m.167 views

CVE-2020-5863

NGINX Controller (versions before 3.2.0) is affected by an access-control vulnerability in the Controller API: an unauthenticated remote attacker can create unprivileged user accounts and upload a license, with no ability to view or modify other components. Root cause is improper API access contr...

8.6CVSS8.6AI score0.01122EPSS
CVE
CVE
added 2022/02/09 10:4 p.m.160 views

CVE-2021-0060

CVE-2021-0060 affects Intel Chipset Firmware’s Server Platform Services (SPS) HECI, where insufficient compartmentalization could let an authenticated user escalate privileges with physical access. Affected products include Intel SPS firmwares, before versions SPS_E5_04.01.04.516.0, SPS_E5_04.04....

7.2CVSS6.5AI score0.00323EPSS
CVE
CVE
added 2018/01/18 2:0 a.m.159 views

CVE-2018-2581

CVE-2018-2581 affects Oracle Java SE (JavaFX) with Java SE versions 7u161, 8u152, and 9.0.1. An unauthenticated attacker with network access via multiple protocols can read a subset of Java SE data; exploitation requires user interaction. The issue is tied to JavaFX within client deployments (Web...

4.7CVSS4.4AI score0.02541EPSS
CVE
CVE
added 2018/01/18 2:0 a.m.158 views

CVE-2018-2627

CVE-2018-2627 : Vulnerability in the Oracle Java SE component (Installer) for Windows installer only. Affected: Java SE 8u152 and 9.0.1. Exploitation is described as difficult and requires a logged-on, low-privilege user with user interaction; successful exploitation could lead to takeover of Jav...

7.5CVSS7.4AI score0.00491EPSS
CVE
CVE
added 2020/02/25 5:55 p.m.157 views

CVE-2020-9391

CVE-2020-9391 affects the Linux kernel on AArch64 (versions 5.4 to 5.5.6). The top byte of the address passed to brk is ignored, potentially moving the program break downward instead of upward, which can cause heap corruption in glibc malloc. Public sources in the connected documents consistently...

5.5CVSS5.4AI score0.00497EPSS
CVE
CVE
added 2021/11/15 12:0 a.m.157 views

CVE-2021-42373

CVE-2021-42373 is a NULL pointer dereference in BusyBox's man applet triggered when a section name is supplied but no page argument is given, causing a denial of service via local access. Affected product: BusyBox (man applet). Root cause: NULL pointer dereference in mq_handle logic; impact: loca...

5.5CVSS6.8AI score0.00377EPSS
CVE
CVE
added 2021/05/14 10:57 p.m.155 views

CVE-2019-25044

The CVE-2019-25044 issue affects the Linux kernel before 5.2, specifically the block subsystem. A use-after-free in the blk_mq_free_rqs/blk_cleanup_queue path can lead to arbitrary code execution in kernel context and local privilege escalation. Affected component: block subsystem of the Linux ke...

7.8CVSS7.6AI score0.00645EPSS
CVE
CVE
added 2021/11/15 12:0 a.m.155 views

CVE-2021-42375

CVE-2021-42375 concerns BusyBox ash applet: incorrect handling of a special element can trigger a denial of service when processing a crafted shell command. Affected product: Cloud Pak for Security (CP4S) versions 1.8.1.0, 1.8.0.0, and 1.7.2.0. Remediation: upgrade to CP4S 1.9.0.0 per IBM guidanc...

5.5CVSS7AI score0.00378EPSS
CVE
CVE
added 2021/06/07 7:19 p.m.154 views

CVE-2019-25045

CVE-2019-25045 is a Linux kernel use-after-free in the XFRM subsystem (xfrm_state_fini panic) reported for kernels before 5.0.19. Publicly documented references from EulerOS and Unity Linux advisories confirm the issue and link the fix to kernel 5.0.19 (and related upstream commit). The impact is...

7.8CVSS7AI score0.00503EPSS
CVE
CVE
added 2018/07/18 1:0 p.m.153 views

CVE-2018-2942

CVE-2018-2942 affects Oracle Java SE (Windows DLL) with vulnerable Java SE versions 7u181 and 8u172. The vulnerability is exploitable over a network via multiple protocols and can lead to Java SE takeover; exploitation requires user interaction. CVSSv3.1 base score 8.3 (HIGH) with impacts to conf...

8.3CVSS8.3AI score0.01835EPSS
CVE
CVE
added 2021/01/04 2:24 p.m.153 views

CVE-2020-35496

CVE-2020-35496 describes a vulnerability in binutils’ bfd_pef_scan_start_address() that could trigger a NULL pointer dereference when processing a crafted file with the BFD/PEF code, impacting affected binutils versions prior to 2.34. The issue arises from a flaw in how the function handles dwarf...

5.5CVSS5.5AI score0.01141EPSS
CVE
CVE
added 2021/01/04 2:22 p.m.151 views

CVE-2020-35493

CVE-2020-35493 is a Binutils vulnerability in bfd/pef.c that can cause a heap-based buffer overflow and an out-of-bounds read, potentially impacting availability. It affects binutils versions prior to 2.34. Remediation: upgrade Binutils to version 2.34 or newer (or apply vendor-specific patches i...

5.5CVSS5.8AI score0.01129EPSS
CVE
CVE
added 2019/01/16 8:0 p.m.146 views

CVE-2018-5736

CVE-2018-5736 is an ISC BIND vulnerability affecting versions 9.12.0 and 9.12.1. The issue is an error in the zone database reference counting that can trigger an assertion failure when a vulnerable server performs several slave-zone transfers in quick succession (for example after valid NOTIFY m...

5.3CVSS5.7AI score0.17879EPSS
CVE
CVE
added 2019/11/18 5:23 a.m.142 views

CVE-2019-19053

CVE-2019-19053 affects the Linux kernel (through 5.3.11). A memory leak in the function rpmsg_eptdev_write_iter() (drivers/rpmsg/rpmsg_char.c) can be triggered when copy_from_iter_full() fails, leading to a denial of service via memory consumption. The connected Nessus entries (Unity Linux UTSA a...

7.8CVSS7.5AI score0.03286EPSS
CVE
CVE
added 2021/03/05 12:0 a.m.133 views

CVE-2021-28039

CVE-2021-28039 affects the Linux kernel 5.9.x–5.11.3 (used with Xen). In some configurations, an x86 PV guest OS user can crash the Dom0 or a driver domain by generating a large amount of I/O. Root cause is the misuse of guest physical addresses when CONFIG_XEN_UNPOPULATED_ALLOC is set but CONFIG...

6.5CVSS5.9AI score0.00424EPSS
CVE
CVE
added 2020/11/12 6:9 p.m.132 views

CVE-2020-8747

CVE-2020-8747 is an out-of-bounds read in the Intel AMT subsystem (and related CSME/ISM/TXE components) affecting Intel AMT/CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45. The issue can enable information disclosure and/or denial of service via network access by an unauthen...

9.1CVSS8.7AI score0.01675EPSS
CVE
CVE
added 2019/11/18 5:23 a.m.131 views

CVE-2019-19044

CVE-2019-19044 affects the Linux kernel prior to 5.3.11, via two memory leaks in v3d_submit_cl_ioctl() in drivers/gpu/drm/v3d/v3d_gem.c. The leaks can cause memory exhaustion and denial of service when kcalloc() or v3d_job_init() fail. The issue is addressed by upgrading to kernel 5.3.11 or apply...

7.8CVSS7AI score0.04146EPSS
CVE
CVE
added 2020/11/12 6:5 p.m.131 views

CVE-2020-8752

CVE-2020-8752 affects Intel AMT/ISM IPv6 subsystem: out-of-bounds write in IPv6 can allow unauthenticated privilege escalation via network access on Intel AMT/ISM firmware versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 14.0.45. Intel INTEL-SA-00391 describes mitigation; affected products i...

9.8CVSS9.5AI score0.01634EPSS
CVE
CVE
added 2022/02/09 10:4 p.m.129 views

CVE-2021-0103

CVE-2021-0103: Insufficient control flow management in Intel processor firmware can enable a local privilege escalation. Documents flag VELOS CX410 and VELOS BX110 Blade as affected; IBM/HP/F5 advisories reference Intel CPU vulnerabilities and firmware updates as mitigations. The connected source...

6.7CVSS6.6AI score0.00299EPSS
CVE
CVE
added 2022/02/09 10:4 p.m.128 views

CVE-2021-33068

CVE-2021-33068 is a null pointer dereference in the Intel AMT subsystem. Intel SPS/AMT/PMC chipset firmware before certain versions may allow an authenticated remote attacker to cause a denial-of-service via network access. Public documents from NVD/Intel/Red Hat/IBM describe affected components ...

6.5CVSS6.2AI score0.0084EPSS
CVE
CVE
added 2019/09/16 3:59 p.m.126 views

CVE-2019-11184

CVE-2019-11184 describes a race condition in Intel DDIO cache allocation with RDMA that may allow an authenticated user to cause partial information disclosure via adjacent access. The vulnerability affects microprocessors using DDIO/RDMA and is characterized by an adjacent-access exposure with m...

4.8CVSS4.6AI score0.00753EPSS
CVE
CVE
added 2021/06/09 6:50 p.m.126 views

CVE-2020-12358

CVE-2020-12358 involves a firmware out-of-bounds write in Intel processors that can allow a privileged local attacker to cause a denial of service. The vulnerability affects Intel processor firmware via local access and is documented in Intel’s advisory Intel-SA-00463, which also lists related CV...

4.4CVSS5.5AI score0.00298EPSS
CVE
CVE
added 2022/02/09 10:4 p.m.125 views

CVE-2021-0116

CVE-2021-0116 is an Intel firmware vulnerability described as an out-of-bounds write in the affected Intel processors’ firmware that could allow a local, privileged escalation. Connected documents confirm the CVE details and provide context across multiple vendor advisories (IBM QRadar, F5 adviso...

7.8CVSS7.5AI score0.00301EPSS
CVE
CVE
added 2021/11/02 10:5 p.m.124 views

CVE-2017-5123

CVE-2017-5123 is a Linux kernel local privilege-escalation vulnerability in the waitid path. The waitid handler in kernel/exit.c writes to user memory by calling unsafe_put_user without performing an access_ok() check, and without wrapping user-space writes in the required user_access_begin()/use...

8.8CVSS7.4AI score0.03714EPSS
CVE
CVE
added 2020/11/12 6:9 p.m.123 views

CVE-2020-8749

CVE-2020-8749 is an Intel AMT/CSME-related issue described as an out-of-bounds read in the AMT subsystem that may let an unauthenticated, adjacent user escalate privileges. Affected are Intel AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45. The CVE is part of a broader set of...

8.8CVSS9.2AI score0.01118EPSS
Total number of security vulnerabilities345