Lucene search

K
NetappHci Management Node

15 matches found

CVE
CVE
added 2019/02/11 7:29 p.m.673 views

CVE-2019-5736

runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attack...

9.3CVSS8.8AI score0.55263EPSS
CVE
CVE
added 2021/08/24 3:15 p.m.630 views

CVE-2021-3711

In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size req...

9.8CVSS9.9AI score0.02876EPSS
CVE
CVE
added 2019/04/10 8:29 p.m.473 views

CVE-2019-11068

libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.

9.8CVSS9.4AI score0.01109EPSS
CVE
CVE
added 2019/06/14 2:29 p.m.413 views

CVE-2019-10126

A flaw was found in the Linux kernel. A heap based buffer overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c might lead to memory corruption and possibly other consequences.

9.8CVSS9.8AI score0.00873EPSS
CVE
CVE
added 2019/05/08 2:29 p.m.368 views

CVE-2019-11815

An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8. There is a race condition leading to a use-after-free, related to net namespace cleanup.

9.3CVSS7.5AI score0.01592EPSS
CVE
CVE
added 2021/07/22 6:15 p.m.364 views

CVE-2021-35942

The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs because atoi was used but ...

9.1CVSS9.4AI score0.01204EPSS
CVE
CVE
added 2022/05/16 9:15 p.m.278 views

CVE-2022-1587

An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers.

9.1CVSS8.9AI score0.00146EPSS
CVE
CVE
added 2022/05/16 9:15 p.m.258 views

CVE-2022-1586

An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in ca...

9.1CVSS9.1AI score0.00359EPSS
CVE
CVE
added 2022/07/07 1:15 p.m.258 views

CVE-2022-32207

When curl

9.8CVSS8.9AI score0.00144EPSS
CVE
CVE
added 2019/11/07 2:15 p.m.214 views

CVE-2019-18805

An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before 5.0.11. There is a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of service or possibly unsp...

9.8CVSS9.1AI score0.00567EPSS
CVE
CVE
added 2019/12/17 6:15 a.m.202 views

CVE-2019-19816

In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image and performing some operations can cause slab-out-of-bounds write access in __btrfs_map_block in fs/btrfs/volumes.c, because a value of 1 for the number of data stripes is mishandled.

9.3CVSS7.1AI score0.00188EPSS
CVE
CVE
added 2018/06/26 5:29 p.m.187 views

CVE-2017-7658

In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations), when presented with two content-lengths headers, Jetty ignored the second. When presented with a content-length and a chunked encoding header, the content-length was ...

9.8CVSS9.2AI score0.10686EPSS
CVE
CVE
added 2021/11/15 9:15 p.m.151 views

CVE-2021-42377

An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the &&& string. This may be used for remote code execution under rare conditions of filtered command input.

9.8CVSS9.5AI score0.03035EPSS
CVE
CVE
added 2023/07/10 4:15 p.m.87 views

CVE-2023-32254

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_TREE_DISCONNECT commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerabil...

9.8CVSS8.6AI score0.00068EPSS
CVE
CVE
added 2023/07/18 12:15 a.m.58 views

CVE-2023-38430

An issue was discovered in the Linux kernel before 6.3.9. ksmbd does not validate the SMB request protocol ID, leading to an out-of-bounds read.

9.1CVSS8.8AI score0.00066EPSS