Lucene search
+L
NetappElement Software

100 matches found

CVE
CVE
added 2017/08/08 3:0 p.m.258 views

CVE-2017-10087

CVE-2017-10087 is a vulnerability in Oracle Java SE/Java SE Embedded Libraries affecting Java SE 6u151, 7u141, and 8u131, and Java SE Embedded 8u131. The issue is an access-control bypass in the Libraries component that could allow a network-facilitated, unauthenticated attacker to take control o...

9.6CVSS9AI score0.02555EPSS
CVE
CVE
added 2017/10/19 5:0 p.m.258 views

CVE-2017-10295

CVE-2017-10295 affects OpenJDK (Java SE/Java SE Embedded) Networking: HttpURLConnection/HttpsURLConnection failed to detect newline characters in URLs, enabling potential HTTP header injection via attacker-provided URLs. Public notices in connected docs show affected package openjdk-7/openjdk-8 w...

4.3CVSS5.1AI score0.02199EPSS
CVE
CVE
added 2017/10/19 5:0 p.m.257 views

CVE-2017-10350

CVE-2017-10350 is an OpenJDK/Oracle Java SE vulnerability in the JAX-WS subcomponent that could allow an unauthenticated network attacker to cause a partial denial of service in Java SE/Java SE Embedded deployments (clients loading untrusted code in sandbox). Affected versions per initial descrip...

5.3CVSS5.4AI score0.03305EPSS
CVE
CVE
added 2019/05/23 1:42 p.m.257 views

CVE-2019-0201

CVE-2019-0201 affects Apache ZooKeeper up to versions 3.4.13 and 3.5.4-beta, where getACL() does not enforce permissions and returns the ACL Id in plaintext. When Digest Authentication is in use, the unsalted hash value contained in the Id field can be disclosed to unauthenticated or unprivileged...

5.9CVSS5.8AI score0.09634EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.256 views

CVE-2017-10116

CVE-2017-10116 affects Oracle Java SE / Java SE Embedded / JRockit (OpenJDK-related vulnerabilities also reflected in various advisories). The vulnerability arises in the Security component’s LDAPCertStore where LDAP referrals to arbitrary URLs could be used by an unauthenticated network attacker...

8.3CVSS8.5AI score0.03524EPSS
CVE
CVE
added 2019/01/28 9:0 p.m.255 views

CVE-2019-3462

CVE-2019-3462 affects apt 1.4.8 and earlier due to incorrect sanitation of the 302 redirect field in the HTTP transport, enabling content injection by a MITM attacker and potentially leading to remote code execution. Public docs confirm the flaw is in apt’s redirect handling and that exploitation...

9.3CVSS7.1AI score0.14555EPSS
CVE
CVE
added 2017/10/19 5:0 p.m.254 views

CVE-2017-10388

CVE-2017-10388 affects the OpenJDK Kerberos client: the sname field from the plain-text KDC reply was used instead of the encrypted part, enabling a potential MITM impersonation of Kerberos services for Java applications acting as Kerberos clients. This vulnerability is documented across multiple...

7.5CVSS7.7AI score0.03206EPSS
CVE
CVE
added 2017/10/19 5:0 p.m.253 views

CVE-2017-10348

CVE-2017-10348 affects OpenJDK/OpenJDK-derived Java SE/Embedded libraries. The vulnerability, exploitable over the network by unauthenticated attackers, can lead to a partial denial of service on Java SE and Java SE Embedded. Public details in the provided materials indicate affected versions var...

5.3CVSS5.4AI score0.03305EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.252 views

CVE-2017-10067

CVE-2017-10067 affects Java SE Security in OpenJDK (targets: Java 6u151, 7u141, 8u131). The vulnerability allows a network-accessing, unauthenticated attacker to take control of the Java runtime via multiple protocols; exploitation requires user interaction. Impact aligns with the CVSS 3.0 base s...

7.5CVSS7.9AI score0.03236EPSS
CVE
CVE
added 2018/03/06 8:0 p.m.249 views

CVE-2018-7182

The CVE-2018-7182 vulnerability affects ntp ntpd versions 4.2.8p6–4.2.8p10, where the ctl_getitem() function can read past the end of its buffer. A remote attacker can send a crafted mode 6 packet to trigger an out-of-bounds read, causing denial of service. Public references include Exploit-DB’s ...

7.5CVSS7AI score0.2932EPSS
CVE
CVE
added 2017/10/19 5:0 p.m.248 views

CVE-2017-10285

CVE-2017-10285 is confirmed to affect Oracle/OpenJDK Java SE and Java SE Embedded, specifically the RMI (Remote Method Invocation) component. The vulnerability allows an unauthenticated attacker with network access via multiple protocols to compromise Java SE/Embedded, with exploitation described...

9.6CVSS9AI score0.03143EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.247 views

CVE-2017-10090

CVE-2017-10090 affects Oracle/OpenJDK libraries (Java SE and Java SE Embedded). The connected documents confirm affected components and versions (Java SE: 7u141, 8u131; Java SE Embedded: 8u131) and describe the root cause as gaps in the Libraries/RMI-related areas that can bypass sandbox restrict...

9.6CVSS9AI score0.02555EPSS
CVE
CVE
added 2017/10/19 5:0 p.m.247 views

CVE-2017-10346

CVE-2017-10346 is an OpenJDK/Java SE vulnerability affecting multiple OpenJDK components (Hotspot, OpenJDK sandboxes) across affected Java versions (OpenJDK6/7/8/9 in various advisories). The public records in connected documents indicate the issue includes bypassing Java sandbox restrictions via...

9.6CVSS9.1AI score0.02962EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.246 views

CVE-2017-10243

CVE-2017-10243 affects Oracle Java SE, Java SE Embedded, and JRockit (JAX-WS subcomponent). Affected: Java SE 6u151, 7u141, 8u131; Java SE Embedded 8u131; JRockit R28.3.14. Exploitation: unauthenticated attacker with network access via multiple protocols can read a subset of data and cause a part...

6.5CVSS5.9AI score0.02862EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.243 views

CVE-2017-10081

CVE-2017-10081 is a Sandbox/Access-Restriction bypass in the Hotspot component of OpenJDK. Affected Java runtimes include Java SE 6u151, 7u141, and 8u131 (Java SE Embedded 8u131). Several connected advisories note this as part of a broader OpenJDK set of issues (RMI, JAXP, ImageIO, Libraries, AWT...

4.3CVSS4.5AI score0.0222EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.241 views

CVE-2017-10053

CVE-2017-10053 is an OpenJDK/OpenJDK 2D JPEGImageReader vulnerability. The issue affects Java SE components (Java SE, Java SE Embedded, JRockit) with affected versions including Java 6u151, 7u141, 8u131 (and 8u131 for Java SE Embedded; JRockit R28.3.14). The vulnerability could allow an unauthent...

5.3CVSS5.3AI score0.0345EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.241 views

CVE-2017-10109

CVE-2017-10109 concerns a serialization flaw in Oracle/OpenJDK Java SE components (Java SE, Java SE Embedded, JRockit). The vulnerability, tied to the Serialization subcomponent, can allow an unauthenticated, network-scoped attacker to trigger a denial of service (partial DoS) by loading untruste...

5.3CVSS5.4AI score0.03114EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.240 views

CVE-2017-10101

CVE-2017-10101 is a concrete OpenJDK/OpenJDK JAXP vulnerability. Affected: Java SE (6u151, 7u141, 8u131) and Java SE Embedded (8u131). Issue: untrusted code loaded in sandboxed deployments can bypass protections and lead to full takeover of Java SE/Embedded via JAXP. Exploitation is network-based...

9.6CVSS9AI score0.02555EPSS
CVE
CVE
added 2017/10/19 5:0 p.m.240 views

CVE-2017-10349

CVE-2017-10349 affects the OpenJDK/JAXP component (Java SE and Java SE Embedded) where the vulnerability stems from unbounded memory growth during object creation from serialized data, enabling unauthenticated network access to cause a partial denial of service. Multiple connected advisories (IBM...

5.3CVSS5.4AI score0.03305EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.239 views

CVE-2017-10096

CVE-2017-10096 – OpenJDK/JAXP vulnerability (CWE-style) shows a flaw in the Java SE/Java SE Embedded stack, specifically the JAXP component. Affected are Oracle Java SE versions 6u151, 7u141, 8u131 and Java SE Embedded 8u131. The vulnerability can allow an unauthenticated attacker with network ac...

9.6CVSS9.1AI score0.02555EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.239 views

CVE-2017-10107

CVE-2017-10107 affects OpenJDK/OpenJDK-based packages (RMI) with vulnerable components in Java SE/Java SE Embedded. The connected security data confirms multiple OpenJDK subcomponents are vulnerable, including RMI-related sandbox bypass issues, and lists affected versions such as Java 6u151, 7u14...

9.6CVSS9AI score0.02555EPSS
CVE
CVE
added 2017/10/19 5:0 p.m.238 views

CVE-2017-10347

CVE-2017-10347 is a serialization-related vulnerability in Oracle Java SE/JRockit that affects Java SE 6u161, 7u151, 8u144 and 9, and Java SE Embedded 8u144. The issue allows an unauthenticated, networked attacker to cause a partial denial of service in vulnerable deployments that load untrusted ...

5.3CVSS5.5AI score0.03114EPSS
CVE
CVE
added 2017/10/19 5:0 p.m.237 views

CVE-2017-10274

CVE-2017-10274 affects Oracle Java SE Smart Card IO. According to connected IBM advisories, the flaw can be exploited by an unauthenticated attacker over multiple protocols to compromise confidentiality and integrity (C/H, I/H) with high impact, though no availability impact is stated. Affected J...

6.8CVSS6.8AI score0.02635EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.236 views

CVE-2017-10089

CVE-2017-10089 affects Oracle Java SE ImageIO in OpenJDK/OpenJDK-derived disclosures: 6u151, 7u141, 8u131 are vulnerable. The issue allows a network-based, unauthenticated attacker to take control of the Java SE runtime, with UI interaction required, potentially impacting additional products. Aff...

9.6CVSS9.1AI score0.02415EPSS
CVE
CVE
added 2017/10/19 5:0 p.m.236 views

CVE-2017-10357

CVE-2017-10357 is a Java SE/OpenJDK vulnerability affecting the Serialization component in Oracle Java SE and Java SE Embedded. The Initial document lists affected versions as Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. The Connected documents corroborate multiple OpenJDK/OpenJDK...

5.3CVSS5.4AI score0.03305EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.235 views

CVE-2017-10108

CVE-2017-10108 affects Oracle Java SE, Java SE Embedded, and JRockit (Serialization). Affected versions include Java SE 6u151, 7u141, 8u131; Java SE Embedded 8u131; JRockit R28.3.14. The vulnerability allows unauthenticated remote exploitation via multiple protocols, potentially causing a partial...

5.3CVSS5.3AI score0.03114EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.235 views

CVE-2017-10110

CVE-2017-10110 affects the Java SE AWT component in Oracle Java SE and is reported in multiple advisories referencing OpenJDK/OpenJDK-derived packages. Affected versions noted across sources include Java SE 6u151, 7u141 and 8u131 (and related OpenJDK/OpenJDK7 packaging in Debian/CentOS/Arch Linux...

9.6CVSS9.1AI score0.02415EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.226 views

CVE-2017-10074

CVE-2017-10074 affects OpenJDK/OpenJDK Hotspot in Java SE and Java SE Embedded. Affected: Java SE 6u151, 7u141, 8u131; Java SE Embedded 8u131. Root cause per advisories: Hotspot range-checking overflow in OpenJDK leading to possible arbitrary-code execution under a sandbox-compiled Java applet/ru...

8.3CVSS8.6AI score0.03117EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.225 views

CVE-2017-10193

CVE-2017-10193 affects the Java SE and Java SE Embedded components (OpenJDK) with affected Java SE versions 6u151, 7u141, 8u131 and Java SE Embedded 8u131. The vulnerability enables a network-accessible attacker to compromise Java SE/Embedded when running untrusted code in sandboxed client deploy...

3.1CVSS3.7AI score0.02224EPSS
CVE
CVE
added 2017/10/19 5:0 p.m.221 views

CVE-2017-10309

CVE-2017-10309 involves the Deployment subcomponent of Oracle Java SE. Public details in the provided documents indicate an XML External Entity/Information Disclosure style vulnerability affecting Java 8u144 and Java 9 deployments, with network-accessible exploitation requiring user interaction. ...

7.1CVSS7AI score0.08794EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.220 views

CVE-2017-10198

CVE-2017-10198 affects Oracle Java SE, Java SE Embedded, and JRockit. Vulnerability in the Security component (and related areas) allows unauthenticated network-based access to compromise affected Java runtimes (Java SE 6u151, 7u141, 8u131; Embedded 8u131; JRockit R28.3.14). Exploitation is possi...

6.8CVSS6.8AI score0.02598EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.202 views

CVE-2017-10078

CVE-2017-10078 affects Oracle Java SE 8u131 (Scripting) and can be exploited over network with multiple protocols, enabling high-impact confidentiality and integrity violations and data access. The vulnerability can be triggered by sandboxed Web Start/Applet use or via APIs without sandboxing. Th...

8.1CVSS7.8AI score0.02402EPSS
CVE
CVE
added 2019/02/24 12:0 a.m.201 views

CVE-2019-9077

CVE-2019-9077 : GNU Binutils 2.32 contains a heap-based buffer overflow in readelf.c (process_mips_specific) triggered by a malformed MIPS option section. Public sources describe potential outcomes as arbitrary code execution or denial of service. Affected users should upgrade Binutils to a non-v...

7.8CVSS7.7AI score0.01976EPSS
CVE
CVE
added 2018/03/08 8:0 p.m.199 views

CVE-2018-7183

CVE-2018-7183 affects ntp’s ntpq decodearr function. A buffer overflow in decodearr (ntpd/ntp 4.2.8p6–4.2.8p10) can be triggered by a crafted response to an ntpq query, potentially allowing remote code execution or crash. Public details confirm the vulnerability exists in ntp and is associated wi...

9.8CVSS7.9AI score0.10404EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.198 views

CVE-2017-10176

CVE-2017-10176 affects Oracle Java SE/SE Embedded/JRockit (OpenJDK/OpenJDK components) with affected releases including Java SE 7u141 and 8u131, SE Embedded 8u131, JRockit R28.3.14. The vulnerability enables an unauthenticated network attacker to access or take data via multiple protocols and can...

7.5CVSS7AI score0.05034EPSS
CVE
CVE
added 2017/10/19 5:0 p.m.198 views

CVE-2017-10293

CVE-2017-10293 is a vulnerability in the Oracle Java SE Javadoc component affecting Java SE versions 6u161, 7u151, 8u144, and 9. It permits an unauthenticated attacker with network access via HTTP to potentially read and modify Java data and read data, with user interaction required for exploitat...

6.1CVSS6.1AI score0.01489EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.192 views

CVE-2017-10114

CVE-2017-10114 affects the Java SE/JavaFX component; specifically Java SE 7u141 and 8u131. The vulnerability is described as difficult to exploit, requiring network access via multiple protocols and user interaction, with potential takeover of Java SE and possible impact on other products relying...

8.3CVSS8.5AI score0.0229EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.189 views

CVE-2017-10118

CVE-2017-10118 affects Oracle Java SE/JRockit/JCE with a timing-channel vulnerability in ECDSA within the JCE component. A remote attacker could potentially recover private keys by observing timing differences, enabling unauthenticated network-remote exploitation on affected OpenJDK/JRockit confi...

7.5CVSS7AI score0.02972EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.188 views

CVE-2017-10105

CVE-2017-10105 is a vulnerability in the Oracle Java SE Deployment component affecting Java SE 6u151, 7u141, and 8u131. The connected CHAINGUARD entry confirms a vulnerability in Oracle Java SE Deployment with unspecified root cause and a potential impact to data integrity, but does not provide p...

4.3CVSS4.4AI score0.01913EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.187 views

CVE-2017-10111

CVE-2017-10111 affects Oracle Java OpenJDK’s Libraries component (Java SE). The connected advisories confirm vulnerable versions include Java SE 8u131 and Java SE Embedded 8u131, with exploitation described as arbitrary code execution via the LambdaFormEditor bounds checks in the Libraries, enabl...

9.6CVSS9AI score0.02132EPSS
CVE
CVE
added 2021/08/08 7:25 p.m.181 views

CVE-2021-38202

CVE-2021-38202 affects the Linux kernel before 5.13.4, where fs/nfsd/trace.h can allow remote attackers to trigger a denial-of-service via an out-of-bounds read in strlen when the trace event framework is used for nfsd. The vulnerability is triggered by NFS traffic sent over the network. A fix wa...

7.5CVSS6.9AI score0.0319EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.171 views

CVE-2017-10125

CVE-2017-10125 is described in the initial document as a vulnerability in the Oracle Java SE Deployment component affecting Java SE 7u141 and 8u131. The impact is stated as potentially allowing takeover of Java SE, with CVSS 3.0/3.1 metrics indicating a physical access prerequisite (HPC: PHYSICAL...

7.1CVSS7.6AI score0.0063EPSS
CVE
CVE
added 2021/08/08 7:25 p.m.170 views

CVE-2021-38203

CVE-2021-38203 affects the btrfs component in the Linux kernel, with the issue present in versions before 5.13.4. The root cause is a race condition during allocations of new system chunks when space is scarce in space_info, which can lead to a denial-of-service (deadlock) for local attackers. Pu...

5.5CVSS5.1AI score0.00365EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.169 views

CVE-2017-10086

CVE-2017-10086 affects Oracle Java SE (JavaFX) in Java 7u141 and 8u131. Descriptions indicate an easily exploitable, network-accessible vulnerability that can be exploited with no authentication and user interaction, potentially leading to takeover of Java SE. The connected documents cite this CV...

9.6CVSS9AI score0.02132EPSS
CVE
CVE
added 2019/01/16 8:0 p.m.161 views

CVE-2017-3137

CVE-2017-3137 is a denial-of-service issue in BIND where a response containing CNAME or DNAME records can cause named to exit with an assertion failure when records are in an unusual order. Affected upstream releases include multiple 9.x series (e.g., 9.9.9-P6 through 9.11.1rc1, 9.9.9-S8; also li...

7.5CVSS7.1AI score0.08902EPSS
CVE
CVE
added 2019/01/16 8:0 p.m.154 views

CVE-2017-3138

CVE-2017-3138 affects the BIND/named control channel. A regression can cause named to exit with a REQUIRE assertion failure when it receives a null command string on the control channel, potentially enabling denial-of-service. Affected versions in the CVE scope include BIND 9.9.9 through 9.11.1rc...

6.5CVSS6.3AI score0.05478EPSS
CVE
CVE
added 2018/06/22 7:0 p.m.147 views

CVE-2018-12538

CVE-2018-12538 affects Eclipse Jetty 9.4.0–9.4.8 when using the FileSessionDataStore for HttpSession persistence. A malicious user could hijack or delete other users’ sessions via the FileSystem storage, due to a flaw in the FileSessionDataStore. Remediation noted in public advisories: upgrade Je...

8.8CVSS8.4AI score0.02689EPSS
CVE
CVE
added 2018/09/21 4:0 p.m.139 views

CVE-2018-16597

CVE-2018-16597 affects the Linux kernel prior to version 4.8. The issue is an incorrect access check in overlayfs mounts, which could allow a local attacker to modify or truncate files on the underlying filesystem. The connected Nessus/OpenVAS advisories reference kernel updates to fix this vulne...

5.5CVSS5.7AI score0.00542EPSS
CVE
CVE
added 2022/05/25 2:49 p.m.127 views

CVE-2022-1678

CVE-2022-1678 affects Linux kernel 4.18–4.19, with memory/netns leaks due to improper sock reference handling in TCP pacing. Public Nessus/Unity advisories confirm the issue and reference kernel commits addressing the vulnerability; exploitation is described as remote via TCP pacing. Mitigation/r...

7.5CVSS7.2AI score0.02913EPSS
CVE
CVE
added 2019/01/16 8:0 p.m.116 views

CVE-2017-3140

CVE-2017-3140 describes an RPZ rule processing error in BIND that can cause named to enter an endless loop when handling a query. Affected BIND versions per sources include 9.9.10, 9.10.5, 9.11.0–9.11.1, 9.9.10-S1, 9.10.5-S1. Public advisories differ on impact to vendor products; F5 notes not aff...

5.9CVSS4.9AI score0.1213EPSS
Total number of security vulnerabilities100