Hci Compute Node Security Vulnerabilities and Issues — Hci Compute Node CVE List

Lucene search

NetappHci Compute Node

17 matches found

CVE•added 2020/07/24 2:15 p.m.•29460 views

CVE-2020-15778

scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a grea...

7.8CVSS7.8AI score0.66112EPSS

CVE•added 2022/03/25 9:15 a.m.•3065 views

CVE-2018-25032

zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.

7.5CVSS8.1AI score0.00095EPSS

CVE•added 2019/07/17 1:15 p.m.•1437 views

CVE-2019-13272

In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a par...

7.8CVSS7.7AI score0.79601EPSS

CVE•added 2022/04/19 9:15 p.m.•1213 views

CVE-2022-21449

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 17.0.2 and 18; Oracle GraalVM Enterprise Edition: 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenti...

7.5CVSS6.9AI score0.2539EPSS

CVE•added 2022/02/09 11:15 p.m.•756 views

CVE-2022-0391

A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the URL path. This flaw allows an a...

7.5CVSS7.4AI score0.00715EPSS

CVE•added 2022/07/19 6:15 p.m.•585 views

CVE-2022-34169

The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or ...

7.5CVSS8.2AI score0.10575EPSS

CVE•added 2022/03/03 7:15 p.m.•555 views

CVE-2022-0492

A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.

7.8CVSS8AI score0.06994EPSS

CVE•added 2022/05/12 5:15 a.m.•333 views

CVE-2022-30594

The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag.

7.8CVSS7.7AI score0.00024EPSS

CVE•added 2020/04/29 6:15 p.m.•321 views

CVE-2020-12464

usb_sg_cancel in drivers/usb/core/message.c in the Linux kernel before 5.6.8 has a use-after-free because a transfer occurs without a reference, aka CID-056ad39ee925.

7.2CVSS6.6AI score0.00056EPSS

CVE•added 2022/07/07 9:15 p.m.•309 views

CVE-2022-2048

In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a Denial of Service scenario where there are no enough resources left ...

7.5CVSS7.3AI score0.01326EPSS

CVE•added 2022/07/27 8:15 p.m.•289 views

CVE-2022-36946

nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len.

7.5CVSS7.2AI score0.04985EPSS

CVE•added 2022/06/02 2:15 p.m.•268 views

CVE-2022-27781

libcurl provides the CURLOPT_CERTINFO option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation.

7.5CVSS7.4AI score0.00063EPSS

CVE•added 2020/11/28 7:15 a.m.•203 views

CVE-2020-29369

An issue was discovered in mm/mmap.c in the Linux kernel before 5.7.11. There is a race condition between certain expand functions (expand_downwards and expand_upwards) and page-table free operations from an munmap call, aka CID-246c320a8cfe.

7CVSS6.7AI score0.00079EPSS

CVE•added 2020/04/29 7:15 p.m.•154 views

CVE-2020-12465

An array overflow was discovered in mt76_add_fragment in drivers/net/wireless/mediatek/mt76/dma.c in the Linux kernel before 5.5.10, aka CID-b102f0c522cf. An oversized packet with too many rx fragments can corrupt memory of adjacent pages.

7.2CVSS6.6AI score0.00169EPSS

CVE•added 2019/11/18 6:15 a.m.•150 views

CVE-2019-19050

A memory leak in the crypto_reportstat() function in crypto/crypto_user_stat.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypto_reportstat_alg() failures, aka CID-c03b04dcdba1.

7.8CVSS7.5AI score0.00909EPSS

CVE•added 2019/11/18 6:15 a.m.•110 views

CVE-2019-19069

A memory leak in the fastrpc_dma_buf_attach() function in drivers/misc/fastrpc.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering dma_get_sgtable() failures, aka CID-fc739a058d99.

7.8CVSS6.8AI score0.00932EPSS

CVE•added 2020/09/10 2:15 p.m.•63 views

CVE-2020-25221

get_gate_page in mm/gup.c in the Linux kernel 5.7.x and 5.8.x before 5.8.7 allows privilege escalation because of incorrect reference counting (caused by gate page mishandling) of the struct page that backs the vsyscall page. The result is a refcount underflow. This can be triggered by any 64-bit p...

7.8CVSS7.5AI score0.00193EPSS