Lucene search
K
NetappCloud Secure Agent

57 matches found

CVE
CVE
added 2021/12/10 12:0 a.m.6787 views

CVE-2021-44228

CVE-2021-44228 (Log4Shell) affects Apache Log4j2 2.0-beta9 through 2.15.0 (excluding some security releases) and is specific to log4j-core. The vulnerability arises from JNDI features used in configuration, log messages, and parameters, which can be exploited when an attacker can control log mess...

10CVSS10AI score0.99999EPSS
In wild
CVE
CVE
added 2022/07/19 12:0 a.m.1363 views

CVE-2022-21540

CVE-2022-21540 applies to Oracle Java SE (Hotspot) and Oracle GraalVM Enterprise Edition; affected versions include Oracle Java SE 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1 and GraalVM EE 20.3.6, 21.3.2, 22.1.0. The connected documents provide concrete details: the vulnerability can be exploite...

5.3CVSS5AI score0.0296EPSS
CVE
CVE
added 2022/07/19 12:0 a.m.1360 views

CVE-2022-21541

CVE-2022-21541 affects Oracle Java SE (Hotspot) and Oracle GraalVM Enterprise Edition. Affected Java SE versions include 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; GraalVM EE: 20.3.6, 21.3.2, 22.1.0. The vulnerability is described as difficult to exploit but allows an unauthenticated networked ...

5.9CVSS5.8AI score0.02062EPSS
CVE
CVE
added 2022/05/12 7:30 p.m.1125 views

CVE-2022-22971

CVE-2022-22971 affects Spring Framework/Tanzu with a vulnerability in the STOMP over WebSocket endpoint that can allow authenticated users to trigger a denial-of-service. The connected IBM bulletin shows affected IBM Storage Copy Data Management versions (2.2.x) and provides a fixed release path:...

6.5CVSS6.2AI score0.03126EPSS
CVE
CVE
added 2022/07/19 12:0 a.m.1109 views

CVE-2022-21549

CVE-2022-21549 affects Oracle Java SE Libraries with affected binaries: Oracle Java SE 17.0.3.1 and Oracle GraalVM Enterprise Edition 21.3.2 and 22.1.0. The entry notes network‑accessible exploitation by an unauthenticated attacker, potentially enabling unauthorized update/insert/delete of data i...

5.3CVSS5AI score0.01804EPSS
CVE
CVE
added 2022/07/19 12:0 a.m.671 views

CVE-2022-34169

CVE-2022-34169 affects the Apache Xalan Java XSLT library. It describes an integer truncation vulnerability when processing malicious XSLT stylesheets, which can corrupt Java class files generated by the internal XSLTC compiler and allow execution of arbitrary Java bytecode. Public references in ...

7.5CVSS8.2AI score0.17673EPSS
CVE
CVE
added 2019/07/26 12:0 a.m.585 views

CVE-2019-13990

CVE-2019-13990 affects Terracotta Quartz Scheduler within Atlassian Jira Service Management Data Center/Server and related Oracle Fusion Middleware deployments, via XXE in the Terracotta Quartz Scheduler component when parsing a job description. The root cause is an XML External Entity condition ...

9.8CVSS9AI score0.162EPSS
CVE
CVE
added 2022/04/19 8:37 p.m.540 views

CVE-2022-21426

CVE-2022-21426 affects Oracle Java SE and GraalVM Enterprise Edition, with vulnerable components in Java SE (JAXP, Libraries, Serialization) and GraalVM CE surface. Public advisories list affected versions including Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18 and GraalVM CE: 20.3.5, 21.3.1,...

5.3CVSS5.3AI score0.03203EPSS
CVE
CVE
added 2021/02/08 8:10 p.m.524 views

CVE-2021-21290

CVE-2021-21290 relates to Netty before 4.1.59.Final, where an insecure temp file in Unix-like systems could lead to local information disclosure when uploads are stored on disk via multipart decoders. The Unix temp dir is shared among users, and files created with File.createTempFile may have ins...

6.2CVSS6.2AI score0.01777EPSS
CVE
CVE
added 2020/07/15 5:34 p.m.499 views

CVE-2020-14556

CVE-2020-14556 and related CVEs (e.g., 14577, 14578, 14579, 14581, 14583, 14593, 14621, 14664) pertain to Oracle Java SE/OpenJDK/OpenJDK-derived runtimes across multiple components (Libraries, JSSE, 2D, JAXP, JavaFX, etc.). The primary 2020 issue affects Java SE and Java SE Embedded on various ve...

5.8CVSS4.9AI score0.03022EPSS
CVE
CVE
added 2022/04/19 8:38 p.m.470 views

CVE-2022-21476

CVE-2022-21476 affects Oracle Java SE and Oracle GraalVM Enterprise Edition. Vulnerable components include Libraries, JAXP, ImageIO, 2D, JNDI, and serialization-related paths, with exploitation achievable by unauthenticated network access and potentially leading to data confidentiality breach or ...

7.5CVSS7AI score0.04046EPSS
CVE
CVE
added 2022/10/18 12:0 a.m.458 views

CVE-2022-21626

CVE-2022-21626 affects Oracle Java SE (components: Security and JNDI) and Oracle GraalVM Enterprise Edition, with affected Java SE versions including 8u341, 8u345-perf, 11.0.16.1 (and related GraalVM versions 20.3.7, 21.3.3, 22.2.0). The vulnerability is exploitable remotely over HTTPS (and other...

5.3CVSS5.1AI score0.01746EPSS
CVE
CVE
added 2022/05/12 7:28 p.m.450 views

CVE-2022-22970

CVE-2022-22970 is described in IBM and related bulletins as a Spring Framework DoS via data binding of file-upload types (MultipartFile/javax.servlet.Part) when running on affected Spring Framework versions. The root cause involves binding such fields to model objects, enabling resource-exhaustio...

5.3CVSS5.6AI score0.01978EPSS
CVE
CVE
added 2022/10/18 12:0 a.m.441 views

CVE-2022-21628

CVE-2022-21628 affects Oracle Java SE ( Lightweight HTTP Server) and Oracle GraalVM Enterprise Edition; affected Java SE versions include 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19 and GraalVM EE: 20.3.7, 21.3.3, 22.2.0. Description states an unauthenticated attacker with network access via HTTP ...

5.3CVSS5AI score0.02038EPSS
CVE
CVE
added 2022/10/18 12:0 a.m.437 views

CVE-2022-21624

CVE-2022-21624 is an Oracle Java SE/GraalVM EE vulnerability in the JNDI component (also described across connected advisories) that allows unauthenticated network access to potentially update/insert/delete data. Affected products/versions include Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17....

3.7CVSS4AI score0.01401EPSS
CVE
CVE
added 2020/07/15 5:34 p.m.434 views

CVE-2020-14621

CVE-2020-14621 details (connected data) : The vulnerability concerns Oracle Java SE/OpenJDK JAXP in Java SE/Embedded. Affected versions include Java SE: 7u261, 8u251, 11.0.7, 14.0.1; Java SE Embedded: 8u251. The issue is described as an easily exploitable flaw in the JAXP component that allows an...

5.3CVSS5.2AI score0.04315EPSS
CVE
CVE
added 2020/07/15 5:34 p.m.429 views

CVE-2020-14577

CVE-2020-14577 is a TLS/JSSE-related issue in Oracle Java SE and Java SE Embedded (affecting Java 7u261, 8u251, 11.0.7 and 14.0.1; Embedded 8u251) enabling unauthenticated network access to read some data. Connected advisories show vendor-specific mitigations: for example, Amazon Linux ALAS advis...

4.3CVSS4.4AI score0.03284EPSS
CVE
CVE
added 2020/07/15 5:34 p.m.419 views

CVE-2020-14581

CVE-2020-14581 affects Oracle Java SE/Java SE Embedded (component: 2D) with affected versions Java SE: 8u251, 11.0.7, 14.0.1 and Java SE Embedded: 8u251. The CVE is listed with a low overall base score (CVSS 3.1: 3.7) and confidentiality impact (C:L) and no impact on integrity/availability (I:N/A...

4.3CVSS4AI score0.03284EPSS
CVE
CVE
added 2022/10/18 12:0 a.m.415 views

CVE-2022-21619

CVE-2022-21619 affects Oracle Java SE (Security) and Oracle GraalVM Enterprise Edition. Affected Java SE versions: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; GraalVM Enterprise Edition: 20.3.7, 21.3.3, 22.2.0. The vulnerability allows unauthenticated network access to compromise affected product...

3.7CVSS3.9AI score0.02376EPSS
CVE
CVE
added 2020/04/15 1:29 p.m.403 views

CVE-2020-2757

CVE-2020-2757 affects Oracle Java SE/SE Embedded (Serialization). Vulnerable: Java SE: 7u251, 8u241, 11.0.6, 14; SE Embedded: 8u241. Impact: unauthenticated network access leading to partial DoS on Java SE/SE Embedded. Root cause: serialization-related handling in the affected component; sandboxe...

4.3CVSS4.2AI score0.04211EPSS
CVE
CVE
added 2020/04/15 1:29 p.m.400 views

CVE-2020-2773

CVE-2020-2773 is a vulnerability in Oracle Java SE and Java SE Embedded (component: Security) that can be exploited remotely by unauthenticated attackers to cause a partial denial of service on affected Java runtimes. Affected versions include Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedde...

4.3CVSS4.2AI score0.03625EPSS
CVE
CVE
added 2020/07/15 5:34 p.m.395 views

CVE-2020-14593

CVE-2020-14593 is a vulnerability in the 2D component of Oracle Java SE/SE Embedded. Affected: Java SE 7u261, 8u251, 11.0.7, 14.0.1; Java SE Embedded 8u251. Vulnerability type is unspecified in the provided sources, but exploitation is described as unauthenticated with network access via multiple...

7.4CVSS7.1AI score0.03864EPSS
CVE
CVE
added 2020/07/15 5:34 p.m.391 views

CVE-2020-14583

CVE-2020-14583 affects Oracle Java SE/Java SE Embedded (Libraries component). Affected: Java SE 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded 8u251. Exploitation requires network access with user interaction and can lead to takeover of Java SE/Embedded with high impact on confidentiality, int...

8.3CVSS8.2AI score0.04029EPSS
CVE
CVE
added 2020/04/15 1:29 p.m.389 views

CVE-2020-2781

CVE-2020-2781 concerns Oracle/OpenJDK Java SE JSSE vulnerability that allows unauthenticated network access to degrade availability in Java SE and Java SE Embedded (client/server deployment). The Chainguard data confirms affected OpenJDK JSSE components and versions, aligning with the CVE descrip...

5.3CVSS5.3AI score0.04948EPSS
CVE
CVE
added 2020/04/15 1:29 p.m.387 views

CVE-2020-2756

CVE-2020-2756 affects Oracle Java SE/Java SE Embedded (component: Serialization). Affected: Java SE 7u251, 8u241, 11.0.6, 14; Java SE Embedded 8u241. An unauthenticated, network-exposed attacker can exploit to cause a partial Denial of Service. Connected advisories show remediation via updating t...

4.3CVSS4.2AI score0.04211EPSS
CVE
CVE
added 2020/07/15 5:34 p.m.384 views

CVE-2020-14579

CVE-2020-14579 affects Oracle Java SE/Embedded (Libraries component) with affected Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. The connected advisories confirm network-remote, unauthenticated access leading to a partial denial of service via multiple protocols, per CVSS 3.1 Base Score 3.7 ...

4.3CVSS4.3AI score0.04044EPSS
CVE
CVE
added 2022/01/19 11:23 a.m.381 views

CVE-2022-21305

CVE-2022-21305 is present across multiple Oracle Java SE and GraalVM Enterprise Edition components (Hotspot, Serialization, JAXP, ImageIO, Libraries, 2D/3D) affecting Java versions 7u321, 8u311, 11.0.13, 17.0.1 (and GraalVM EE 20.3.4/21.3.0). Public advisories describe unauthenticated network-bas...

5.3CVSS4.7AI score0.02755EPSS
CVE
CVE
added 2020/04/15 1:29 p.m.377 views

CVE-2020-2755

CVE-2020-2755 is reported in the Oracle Java SE scripting component affecting Java SE 8u241, 11.0.6 and 14 (and Java SE Embedded 8u241). The vulnerability allows an unauthenticated attacker with network access to cause a partial denial of service in Java SE/Java SE Embedded. The CVSS base score i...

4.3CVSS4.2AI score0.03899EPSS
CVE
CVE
added 2022/04/19 8:38 p.m.377 views

CVE-2022-21496

CVE-2022-21496 affects Oracle Java SE and Oracle GraalVM Enterprise Edition across multiple components (JNDI, JAXP, Libraries, Hotspot) with listed affected versions. The vulnerability enables network-accessible, unauthenticated attackers to modify or access data (integrity/availability impacts) ...

5.3CVSS5.3AI score0.02805EPSS
CVE
CVE
added 2022/01/19 11:22 a.m.373 views

CVE-2022-21248

CVE-2022-21248 affects Oracle Java SE and GraalVM Enterprise Edition via the Serialization component. Affected Oracle Java SE versions: 7u321, 8u311, 11.0.13, 17.0.1; GraalVM Enterprise Edition: 20.3.4 and 21.3.0. The vulnerability is exploitable over the network and allows an unauthenticated att...

4.3CVSS3.8AI score0.03763EPSS
CVE
CVE
added 2022/01/19 11:23 a.m.370 views

CVE-2022-21299

CVE-2022-21299 is reported across multiple feeds as affecting Oracle Java SE and GraalVM Enterprise Edition, involving several components (JAXP, Serialization, Libraries, ImageIO, Hotspot, 2D). Affected Java SE versions include 7u321, 8u311, 11.0.13, 17.0.1; GraalVM EE versions 20.3.4 and 21.3.0....

5.3CVSS4.9AI score0.03458EPSS
CVE
CVE
added 2020/07/15 5:34 p.m.368 views

CVE-2020-14578

CVE-2020-14578 affects Oracle Java SE and Java SE Embedded (Libraries component) with Java SE 7u261 and 8u251; Java SE Embedded 8u251. It is exploitable over a network (multiple protocols) by unauthenticated attackers, including via sandboxed Java Web Start apps, applets, or direct API input, lea...

4.3CVSS4.3AI score0.04044EPSS
CVE
CVE
added 2022/01/19 11:24 a.m.358 views

CVE-2022-21340

CVE-2022-21340 concerns Oracle Java SE and GraalVM Enterprise Edition. The vulnerability affects Oracle Java SE components (Libraries) and GraalVM Enterprise Edition libraries listed as affected: Java SE 7u321, 8u311, 11.0.13, 17.0.1; GraalVM Enterprise Edition 20.3.4 and 21.3.0. The description ...

5.3CVSS4.8AI score0.07748EPSS
CVE
CVE
added 2022/04/19 8:37 p.m.357 views

CVE-2022-21443

CVE-2022-21443 is an Oracle Java SE/GraalVM EE vulnerability affecting the Libraries component. Affected: Oracle Java SE 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM EE 20.3.5, 21.3.1, 22.0.0.2. Exploitation is network-based and can lead to a partial denial of service, with unauthenticated a...

4.3CVSS4.5AI score0.02707EPSS
CVE
CVE
added 2022/01/19 11:23 a.m.356 views

CVE-2022-21291

CVE-2022-21291 affects Oracle Java SE (Hotspot) and Oracle GraalVM Enterprise Edition. Affected versions include Oracle Java SE 7u321, 8u311, 11.0.13, 17.0.1 and GraalVM EE 20.3.4/21.3.0. It is exploitable over network via multiple protocols and can lead to unauthorized updates/deletes of data or...

5.3CVSS4.7AI score0.02896EPSS
CVE
CVE
added 2022/01/19 11:25 a.m.354 views

CVE-2022-21341

CVE-2022-21341 is an openly documented vulnerability affecting Oracle Java SE and Oracle GraalVM Enterprise Edition across multiple components (Serialization, JAXP, ImageIO, Hotspot, Libraries, 2D, etc.). Affected versions include Java SE 7u321, 8u311, 11.0.13, 17.0.1 and GraalVM EE 20.3.4/21.3.0...

5.3CVSS4.8AI score0.03765EPSS
CVE
CVE
added 2022/01/19 11:23 a.m.348 views

CVE-2022-21293

CVE-2022-21293 affects Oracle Java SE (Libraries) and Oracle GraalVM Enterprise Edition as listed: Java SE 7u321, 8u311, 11.0.13, 17.0.1; GraalVM EE 20.3.4 and 21.3.0. The issue allows unauthenticated network-based exploitation via multiple protocols, potentially enabling a partial denial of serv...

5.3CVSS4.8AI score0.08346EPSS
CVE
CVE
added 2022/01/19 11:23 a.m.343 views

CVE-2022-21282

CVE-2022-21282 is a combined Java/Oracle Java SE/GraalVM issue reported across multiple advisories. The connected documents identify assorted affected components and versions, notably: Serialization , JAXP , Libraries , Hotspot , and ImageIO within Oracle Java SE and GraalVM Enterprise Edition. A...

5.3CVSS4.5AI score0.02877EPSS
CVE
CVE
added 2022/01/19 11:23 a.m.340 views

CVE-2022-21294

CVE-2022-21294 is a network-exploitable vulnerability in Oracle Java SE (Libraries) and Oracle GraalVM Enterprise Edition Libraries, allowing an unauthenticated attacker to trigger a partial denial of service. Affected products/versions include Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1 and Or...

5.3CVSS4.8AI score0.0335EPSS
CVE
CVE
added 2022/04/19 8:37 p.m.339 views

CVE-2022-21434

CVE-2022-21434 affects Oracle Java SE and GraalVM Enterprise Edition. Connected advisories list multiple vulnerable components and affected versions: Oracle Java SE libraries and JAXP, as well as GraalVM EE components (Libraries, JAXP, Hotspot, 2D, ImageIO, etc.). Exploitation is described as net...

5.3CVSS5.3AI score0.02541EPSS
CVE
CVE
added 2022/01/19 11:25 a.m.335 views

CVE-2022-21365

CVE-2022-21365 is discussed across multiple connected advisories as affecting Oracle Java SE and GraalVM EE components (ImageIO, JAXP, Libraries, Hotspot) with affected Java versions including 7u321, 8u311, 11.0.13, 17.0.1 (and later 17.01 in some entries); GraalVM EE: 20.3.4 and 21.3.0. The desc...

5.3CVSS4.8AI score0.03486EPSS
CVE
CVE
added 2022/01/19 11:23 a.m.331 views

CVE-2022-21296

CVE-2022-21296 affects Oracle Java SE (JAXP, Serialization, Libraries, 2D/Hotspot) and Oracle GraalVM Enterprise Edition. Affected Java SE versions: 7u321, 8u311, 11.0.13, 17.0.1; GraalVM EE: 20.3.4, 21.3.0. The issue allows unauthenticated, network-accessible exploitation that can lead to readin...

5.3CVSS4.5AI score0.02825EPSS
CVE
CVE
added 2022/01/19 11:25 a.m.320 views

CVE-2022-21360

CVE-2022-21360 affects Oracle Java SE and Oracle GraalVM Enterprise Edition (ImageIO component). Affected: Oracle Java SE 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition 20.3.4 and 21.3.0. Description: an easily exploitable, unauthenticated remote vulnerability could allow partia...

5.3CVSS4.8AI score0.03486EPSS
CVE
CVE
added 2022/04/14 8:5 p.m.296 views

CVE-2022-22968

CVE-2022-22968 affects Spring Framework where DataBinder’s disallowedFields patterns are case sensitive in versions 5.3.0–5.3.18, 5.2.0–5.2.20, and older unsupported releases. The issue means a field is not fully protected unless every first character (and nested path) is listed in both uppercase...

5.3CVSS5.4AI score0.05666EPSS
CVE
CVE
added 2020/04/15 1:29 p.m.292 views

CVE-2020-2767

CVE-2020-2767 affects Oracle Java SE JSSE: vulnerable in Java SE 11.0.6 and 14 (client/server deployment). The vulnerability allows unauthenticated network access over HTTPS to modify or read Java SE data due to TLS/JSSE handling flaws, with potential for unauthorized updates, insertions, deletio...

5.8CVSS4.6AI score0.02108EPSS
CVE
CVE
added 2020/04/15 1:29 p.m.292 views

CVE-2020-2778

CVE-2020-2778 affects Oracle Java SE JSSE (Java 11.0.6 and 14). It can be triggered over HTTPS by unauthenticated remote attackers, potentially enabling read access to a subset of Java SE data. The related connected advisories (e.g., CentOS/RH/OpenJDK tracking) describe the issue as an incomplete...

4.3CVSS3.7AI score0.02298EPSS
CVE
CVE
added 2022/01/19 11:23 a.m.291 views

CVE-2022-21283

CVE-2022-21283 affects Oracle Java SE (Libraries) and GraalVM Enterprise Edition, with affected versions including Java SE 11.0.13 and 17.0.1, and GraalVM EE 20.3.4/21.3.0. The vulnerability allows unauthenticated network-based access and can cause a partial denial of service (A: PARTIAL) per CVS...

5.3CVSS4.8AI score0.03782EPSS
CVE
CVE
added 2022/01/19 11:25 a.m.283 views

CVE-2022-21366

CVE-2022-21366 affects Oracle Java SE (ImageIO) and Oracle GraalVM Enterprise Edition. The Oracle advisory describes affected versions: Java SE 11.0.13 and 17.0.1; GraalVM EE 20.3.4 and 21.3.0. Exploitation could allow an unauthenticated network attacker to cause a partial denial of service or, d...

5.3CVSS4.7AI score0.03216EPSS
CVE
CVE
added 2022/08/26 12:0 a.m.277 views

CVE-2021-3859

CVE-2021-3859 corresponds to an Undertow flaw that triggers a client-side invocation timeout for certain HTTP/2 calls, enabling denial-of-service conditions. Connected advisories (e.g., RHSA-2024:10207) explicitly reference Undertow and cite the issue as the cause for DoS when HTTP2 client invoca...

7.5CVSS7.1AI score0.01287EPSS
CVE
CVE
added 2022/01/19 11:22 a.m.277 views

CVE-2022-21277

CVE-2022-21277 affects Oracle Java SE and Oracle GraalVM Enterprise Edition via ImageIO, with additional related CVEs (CVE-2022-21248, CVE-2022-21282, CVE-2022-21283, CVE-2022-21291, CVE-2022-21293, CVE-2022-21294, CVE-2022-21299, CVE-2022-21305, CVE-2022-21341, CVE-2022-21360, CVE-2022-21365, CV...

5.3CVSS4.7AI score0.03091EPSS
Total number of security vulnerabilities57