Lucene search

K
NetappE-series Performance Analyzer

61 matches found

CVE
CVE
added 2019/07/17 1:15 p.m.1474 views

CVE-2019-13272

In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a par...

7.8CVSS7.7AI score0.78254EPSS
In wild
CVE
CVE
added 2022/07/15 1:15 p.m.1455 views

CVE-2022-31107

Grafana is an open-source platform for monitoring and observability. In versions 5.3 until 9.0.3, 8.5.9, 8.4.10, and 8.3.10, it is possible for a malicious user who has authorization to log into a Grafana instance via a configured OAuth IdP which provides a login name to take over the account of an...

7.5CVSS7.1AI score0.00479EPSS
CVE
CVE
added 2022/02/08 9:15 p.m.1153 views

CVE-2022-21703

Grafana is an open-source platform for monitoring and observability. Affected versions are subject to a cross site request forgery vulnerability which allows attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users (for example, Edito...

8.8CVSS7.3AI score0.01362EPSS
CVE
CVE
added 2022/02/08 9:15 p.m.1104 views

CVE-2022-21713

Grafana is an open-source platform for monitoring and observability. Affected versions of Grafana expose multiple API endpoints which do not properly handle user authorization. /teams/:teamId will allow an authenticated attacker to view unintended data by querying for the specific team ID, /teams/:...

4.3CVSS6.2AI score0.00123EPSS
Web
CVE
CVE
added 2022/02/08 8:15 p.m.1027 views

CVE-2022-21702

Grafana is an open-source platform for monitoring and observability. In affected versions an attacker could serve HTML content thru the Grafana datasource or plugin proxy and trick a user to visit this HTML page using a specially crafted link and execute a Cross-site Scripting (XSS) attack. The att...

6.5CVSS6.5AI score0.00968EPSS
CVE
CVE
added 2021/03/25 3:15 p.m.757 views

CVE-2021-3449

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a...

5.9CVSS6.7AI score0.09906EPSS
CVE
CVE
added 2020/04/21 2:15 p.m.708 views

CVE-2020-1967

Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorit...

7.5CVSS7.5AI score0.67225EPSS
CVE
CVE
added 2022/10/13 10:15 p.m.692 views

CVE-2022-31123

Grafana is an open source observability and data visualization platform. Versions prior to 9.1.8 and 8.5.14 are vulnerable to a bypass in the plugin signature verification. An attacker can convince a server admin to download and successfully run a malicious plugin even though unsigned plugins are n...

7.8CVSS6.6AI score0.00009EPSS
CVE
CVE
added 2021/04/01 3:15 p.m.524 views

CVE-2021-28165

In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame.

7.8CVSS7.3AI score0.10227EPSS
CVE
CVE
added 2022/11/09 7:15 a.m.499 views

CVE-2022-45061

An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often su...

7.5CVSS7.7AI score0.00089EPSS
CVE
CVE
added 2021/02/15 5:15 p.m.459 views

CVE-2021-27219

An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption.

7.5CVSS7.7AI score0.0029EPSS
CVE
CVE
added 2021/04/01 3:15 p.m.450 views

CVE-2021-28164

In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. For example a request to /context/%2e/WEB-INF/web.xml can retrieve the web.xml file. This can ...

5.3CVSS5.2AI score0.93484EPSS
Web
CVE
CVE
added 2020/07/15 6:15 p.m.438 views

CVE-2020-14556

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple p...

5.8CVSS4.9AI score0.00397EPSS
CVE
CVE
added 2021/04/01 3:15 p.m.400 views

CVE-2021-28163

In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that dir...

4CVSS5.1AI score0.00152EPSS
In wild
CVE
CVE
added 2020/07/15 6:15 p.m.394 views

CVE-2020-14577

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to c...

4.3CVSS4.4AI score0.002EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.392 views

CVE-2020-14621

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple p...

5.3CVSS5.2AI score0.00313EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.384 views

CVE-2020-14581

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocol...

4.3CVSS4AI score0.00261EPSS
CVE
CVE
added 2020/04/15 2:15 p.m.378 views

CVE-2020-2803

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multipl...

8.3CVSS8.2AI score0.02824EPSS
CVE
CVE
added 2020/04/15 2:15 p.m.374 views

CVE-2020-2830

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via multipl...

5.3CVSS5AI score0.00218EPSS
CVE
CVE
added 2021/02/15 5:15 p.m.367 views

CVE-2021-27218

An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation.

7.5CVSS7.7AI score0.04301EPSS
CVE
CVE
added 2021/03/18 8:15 p.m.366 views

CVE-2021-27358

The snapshot feature in Grafana 6.7.3 through 7.4.1 can allow an unauthenticated remote attackers to trigger a Denial of Service via a remote API call if a commonly used configuration is set.

7.5CVSS7.3AI score0.79637EPSS
CVE
CVE
added 2020/04/15 2:15 p.m.364 views

CVE-2020-2800

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Lightweight HTTP Server). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network acce...

5.8CVSS4.9AI score0.00368EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.361 views

CVE-2020-14583

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via mul...

8.3CVSS8.2AI score0.00941EPSS
CVE
CVE
added 2020/01/15 5:15 p.m.360 views

CVE-2020-2654

Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Succ...

4.3CVSS4.5AI score0.00158EPSS
CVE
CVE
added 2020/04/15 2:15 p.m.357 views

CVE-2020-2757

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via mul...

4.3CVSS4.2AI score0.00276EPSS
CVE
CVE
added 2020/04/15 2:15 p.m.353 views

CVE-2020-2781

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compr...

5.3CVSS5.3AI score0.00219EPSS
CVE
CVE
added 2020/04/15 2:15 p.m.350 views

CVE-2020-2773

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

4.3CVSS4.2AI score0.002EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.348 views

CVE-2020-14593

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple pro...

7.4CVSS7.1AI score0.00278EPSS
CVE
CVE
added 2020/04/15 2:15 p.m.347 views

CVE-2020-2755

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple proto...

4.3CVSS4.2AI score0.00152EPSS
CVE
CVE
added 2020/01/15 5:15 p.m.346 views

CVE-2020-2583

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

4.3CVSS4.3AI score0.00287EPSS
CVE
CVE
added 2020/01/15 5:15 p.m.345 views

CVE-2020-2590

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerb...

4.3CVSS4.4AI score0.00286EPSS
CVE
CVE
added 2020/04/15 2:15 p.m.345 views

CVE-2020-2756

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via mul...

4.3CVSS4.2AI score0.00276EPSS
CVE
CVE
added 2020/01/15 5:15 p.m.341 views

CVE-2020-2604

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

8.1CVSS7.7AI score0.01549EPSS
CVE
CVE
added 2020/04/15 2:15 p.m.341 views

CVE-2020-2805

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multipl...

8.3CVSS8.2AI score0.01164EPSS
CVE
CVE
added 2022/08/24 4:15 p.m.341 views

CVE-2021-3999

A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arb...

7.8CVSS9.2AI score0.0102EPSS
CVE
CVE
added 2020/10/21 3:15 p.m.337 views

CVE-2020-14782

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multipl...

4.3CVSS3.8AI score0.00165EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.336 views

CVE-2020-14579

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols ...

4.3CVSS4.3AI score0.0011EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.331 views

CVE-2020-14578

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols ...

4.3CVSS4.3AI score0.0011EPSS
CVE
CVE
added 2020/01/15 5:15 p.m.330 views

CVE-2020-2659

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241 and 8u231; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols...

4.3CVSS4.3AI score0.00192EPSS
CVE
CVE
added 2020/06/03 7:15 p.m.319 views

CVE-2020-13379

The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. This vulnerability allows any unauthenticated user/client to make Grafana send HTTP requests to any URL and return its result to the user/client. This can be used to gain information about the network that...

8.2CVSS8.1AI score0.92743EPSS
In wild
CVE
CVE
added 2021/03/03 6:15 p.m.316 views

CVE-2021-22884

Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes “localhost6”. When “localhost6” is not present in /etc/hosts, it is just an ordinary domain that is resolved via DNS, i.e., over network. If the attacker controls the victim's DNS ...

7.5CVSS7.5AI score0.01471EPSS
CVE
CVE
added 2021/03/03 6:15 p.m.313 views

CVE-2021-22883

Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection attempts with an 'unknownProtocol' are established. This leads to a leak of file descriptors. If a file descriptor limit is configured on the system, then the server is unable ...

7.8CVSS7.4AI score0.87361EPSS
CVE
CVE
added 2020/01/15 5:15 p.m.308 views

CVE-2020-2601

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerb...

6.8CVSS6.7AI score0.00478EPSS
CVE
CVE
added 2020/01/15 5:15 p.m.305 views

CVE-2020-2593

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via mu...

5.8CVSS4.9AI score0.00398EPSS
CVE
CVE
added 2019/07/01 2:15 a.m.299 views

CVE-2019-13118

In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data.

5.3CVSS6.1AI score0.00836EPSS
CVE
CVE
added 2021/12/14 7:15 p.m.291 views

CVE-2021-4044

Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error (for example out of memory). Such a negative return value is mishandled by OpenSSL and will cause an ...

7.5CVSS7.2AI score0.18807EPSS
CVE
CVE
added 2020/04/15 2:15 p.m.289 views

CVE-2020-2816

Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability c...

7.5CVSS6.8AI score0.00541EPSS
CVE
CVE
added 2021/03/12 7:15 p.m.285 views

CVE-2021-20231

A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences.

9.8CVSS9.5AI score0.00917EPSS
CVE
CVE
added 2022/12/07 10:15 p.m.271 views

CVE-2022-23491

Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust sto...

7.5CVSS7AI score0.00041EPSS
CVE
CVE
added 2020/04/15 2:15 p.m.269 views

CVE-2020-2767

Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability...

5.8CVSS4.6AI score0.00502EPSS
Total number of security vulnerabilities61