Lucene search
K
NetappOncommand Insight

971 matches found

cve
cve
added 2017/08/08 3:0 p.m.261 views

CVE-2017-10115

CVE-2017-10115 is a covert timing-channel vulnerability in the DSA implementation of the JCE in OpenJDK/OpenJRE/JRockit, affecting Java SE 6u151, 7u141, 8u131 and related packages (e.g., OpenJDK 7 on Debian/Ubuntu, RHEL/CentOS, Arch Linux advisories). A remote attacker could potentially exploit t...

7.5CVSS7.2AI score0.02737EPSS
cve
cve
added 2017/10/19 5:0 p.m.261 views

CVE-2017-10268

CVE-2017-10268 affects Oracle MySQL Server (Server: Replication) with affected versions 5.5.57 and earlier, 5.6.37 and earlier, and 5.7.19 and earlier. The vulnerability allows a high-privilege attacker with logon to the infrastructure where MySQL Server executes to compromise the server, potenti...

4.1CVSS4.2AI score0.00697EPSS
cve
cve
added 2017/10/19 5:0 p.m.260 views

CVE-2017-10356

CVE-2017-10356 affects OpenJDK/OpenJDK Security component. The root cause is weak password-based encryption keys used to protect private keys stored in keystores, enabling an unauthenticated attacker with sufficient access to compromise protected data. Affected: Java SE components (OpenJDK/OpenJD...

6.2CVSS6.5AI score0.00754EPSS
cve
cve
added 2021/03/26 4:28 p.m.260 views

CVE-2021-20289

CVE-2021-20289 affects RESTEasy: REST endpoints reveal endpoint class and method names in exception responses when a URI path/query value cannot be mapped, potentially leaking sensitive information and impacting data confidentiality (highest threat: partial confidentiality). Affected: RESTEasy up...

5.3CVSS5.3AI score0.01439EPSS
cve
cve
added 2017/10/19 5:0 p.m.259 views

CVE-2017-10281

CVE-2017-10281 affects Oracle/OpenJDK components (Java SE, Java SE Embedded, JRockit) with the Serialization subcomponent. The vulnerability is exploitable remotely via network protocols and can be triggered by sandboxed Web Start/Applet use or by supplying data to APIs, potentially causing parti...

5.3CVSS5.3AI score0.03305EPSS
cve
cve
added 2017/08/08 3:0 p.m.258 views

CVE-2017-10087

CVE-2017-10087 is a vulnerability in Oracle Java SE/Java SE Embedded Libraries affecting Java SE 6u151, 7u141, and 8u131, and Java SE Embedded 8u131. The issue is an access-control bypass in the Libraries component that could allow a network-facilitated, unauthenticated attacker to take control o...

9.6CVSS9AI score0.02555EPSS
cve
cve
added 2017/10/19 5:0 p.m.258 views

CVE-2017-10295

CVE-2017-10295 affects OpenJDK (Java SE/Java SE Embedded) Networking: HttpURLConnection/HttpsURLConnection failed to detect newline characters in URLs, enabling potential HTTP header injection via attacker-provided URLs. Public notices in connected docs show affected package openjdk-7/openjdk-8 w...

4.3CVSS5.1AI score0.02199EPSS
cve
cve
added 2018/01/18 2:0 a.m.258 views

CVE-2018-2622

CVE-2018-2622 affects MySQL Server (Server: DDL) with affected versions 5.5.58 and earlier, 5.6.38 and earlier, and 5.7.20 and earlier. It allows a network-based attacker with low privileges to cause a hang or complete denial-of-service. Multiple connected advisories (ALAS-2018-969, CentOS/CESA-2...

6.8CVSS6.3AI score0.03952EPSS
cve
cve
added 2017/10/19 5:0 p.m.257 views

CVE-2017-10350

CVE-2017-10350 is an OpenJDK/Oracle Java SE vulnerability in the JAX-WS subcomponent that could allow an unauthenticated network attacker to cause a partial denial of service in Java SE/Java SE Embedded deployments (clients loading untrusted code in sandbox). Affected versions per initial descrip...

5.3CVSS5.4AI score0.03305EPSS
cve
cve
added 2017/08/08 3:0 p.m.256 views

CVE-2017-10116

CVE-2017-10116 affects Oracle Java SE / Java SE Embedded / JRockit (OpenJDK-related vulnerabilities also reflected in various advisories). The vulnerability arises in the Security component’s LDAPCertStore where LDAP referrals to arbitrary URLs could be used by an unauthenticated network attacker...

8.3CVSS8.5AI score0.03524EPSS
cve
cve
added 2017/10/19 5:0 p.m.254 views

CVE-2017-10388

CVE-2017-10388 affects the OpenJDK Kerberos client: the sname field from the plain-text KDC reply was used instead of the encrypted part, enabling a potential MITM impersonation of Kerberos services for Java applications acting as Kerberos clients. This vulnerability is documented across multiple...

7.5CVSS7.7AI score0.03206EPSS
cve
cve
added 2018/01/18 2:0 a.m.253 views

CVE-2018-2665

CVE-2018-2665 affects Oracle MySQL Server (Server: Optimizer). Affected releases include MySQL 5.5.58 and older, 5.6.38 and older, and 5.7.20 and older. The vulnerability is exploitable by a low-privileged attacker who can access the server over the network, and can lead to an unauthorized hang o...

6.8CVSS6.3AI score0.03952EPSS
cve
cve
added 2017/08/08 3:0 p.m.252 views

CVE-2017-10067

CVE-2017-10067 affects Java SE Security in OpenJDK (targets: Java 6u151, 7u141, 8u131). The vulnerability allows a network-accessing, unauthenticated attacker to take control of the Java runtime via multiple protocols; exploitation requires user interaction. Impact aligns with the CVSS 3.0 base s...

7.5CVSS7.9AI score0.03236EPSS
cve
cve
added 2017/10/19 5:0 p.m.252 views

CVE-2017-10348

CVE-2017-10348 affects OpenJDK/OpenJDK-derived Java SE/Embedded libraries. The vulnerability, exploitable over the network by unauthenticated attackers, can lead to a partial denial of service on Java SE and Java SE Embedded. Public details in the provided materials indicate affected versions var...

5.3CVSS5.4AI score0.03305EPSS
cve
cve
added 2018/05/11 8:0 p.m.251 views

CVE-2018-1258

CVE-2018-1258 affects Spring Framework 5.0.5 when used with any Spring Security version, enabling an authorization bypass for method security. An unauthorized user could access restricted methods. The connected advisory from F5 reiterates the same vulnerability description and lists affected prod...

8.8CVSS9AI score0.02427EPSS
cve
cve
added 2020/05/26 2:57 p.m.251 views

CVE-2020-10719

Undertow under CVE-2020-10719 is vulnerable in versions before 2.1.1.Final due to improper handling of invalid HTTP requests with large chunk sizes, enabling HTTP request smuggling. Several connected sources (Red Hat advisories, Mageia security advisory) confirm a fix/update to Undertow 2.1.1.Fin...

6.5CVSS6AI score0.01005EPSS
cve
cve
added 2022/10/18 12:0 a.m.249 views

CVE-2022-21618

CVE-2022-21618 affects Oracle Java SE (JGSS, Security, JNDI, Lightweight HTTP Server, Networking) and Oracle GraalVM Enterprise Edition (versions affected: Oracle Java SE 17.0.4.1 and 19; GraalVM EE 21.3.3 and 22.2.0). The vulnerability allows unauthenticated network access via Kerberos (and othe...

5.3CVSS4.8AI score0.02034EPSS
cve
cve
added 2018/04/19 2:0 a.m.248 views

CVE-2018-2771

CVE-2018-2771 affects the MySQL Server component (subcomponent: Server: Locking) across Oracle MySQL releases. Affected series include 5.5.59 and earlier, 5.6.39 and earlier, and 5.7.21 and earlier. The vulnerability is described as difficult to exploit but can allow a high-privilege attacker wit...

4.4CVSS5AI score0.03592EPSS
cve
cve
added 2017/08/08 3:0 p.m.247 views

CVE-2017-10090

CVE-2017-10090 affects Oracle/OpenJDK libraries (Java SE and Java SE Embedded). The connected documents confirm affected components and versions (Java SE: 7u141, 8u131; Java SE Embedded: 8u131) and describe the root cause as gaps in the Libraries/RMI-related areas that can bypass sandbox restrict...

9.6CVSS9AI score0.02555EPSS
cve
cve
added 2017/10/19 5:0 p.m.247 views

CVE-2017-10285

CVE-2017-10285 is confirmed to affect Oracle/OpenJDK Java SE and Java SE Embedded, specifically the RMI (Remote Method Invocation) component. The vulnerability allows an unauthenticated attacker with network access via multiple protocols to compromise Java SE/Embedded, with exploitation described...

9.6CVSS9AI score0.03143EPSS
cve
cve
added 2017/10/19 5:0 p.m.246 views

CVE-2017-10346

CVE-2017-10346 is an OpenJDK/Java SE vulnerability affecting multiple OpenJDK components (Hotspot, OpenJDK sandboxes) across affected Java versions (OpenJDK6/7/8/9 in various advisories). The public records in connected documents indicate the issue includes bypassing Java sandbox restrictions via...

9.6CVSS9.1AI score0.02962EPSS
cve
cve
added 2018/04/19 2:0 a.m.246 views

CVE-2018-2819

CVE-2018-2819 affects the MySQL Server component (InnoDB) of Oracle MySQL. Affected versions are 5.5.59 and earlier, 5.6.39 and earlier, and 5.7.21 and earlier. The vulnerability enables a low-privileged attacker with network access via multiple protocols to cause a hang or a frequent crash (comp...

6.5CVSS6AI score0.03171EPSS
cve
cve
added 2017/08/08 3:0 p.m.244 views

CVE-2017-10243

CVE-2017-10243 affects Oracle Java SE, Java SE Embedded, and JRockit (JAX-WS subcomponent). Affected: Java SE 6u151, 7u141, 8u131; Java SE Embedded 8u131; JRockit R28.3.14. Exploitation: unauthenticated attacker with network access via multiple protocols can read a subset of data and cause a part...

6.5CVSS5.9AI score0.02862EPSS
cve
cve
added 2017/08/08 3:0 p.m.242 views

CVE-2017-10081

CVE-2017-10081 is a Sandbox/Access-Restriction bypass in the Hotspot component of OpenJDK. Affected Java runtimes include Java SE 6u151, 7u141, and 8u131 (Java SE Embedded 8u131). Several connected advisories note this as part of a broader OpenJDK set of issues (RMI, JAXP, ImageIO, Libraries, AWT...

4.3CVSS4.5AI score0.0222EPSS
cve
cve
added 2018/04/19 2:0 a.m.242 views

CVE-2018-2761

CVE-2018-2761 affects the MySQL Server component (Client programs) of Oracle MySQL. Affected ranges are 5.5.59 and earlier, 5.6.39 and earlier, and 5.7.21 and earlier. It enables an unauthenticated, network-accessible attacker to cause the MySQL Server to hang or crash (partial DOS). The descript...

5.9CVSS5.6AI score0.0401EPSS
cve
cve
added 2017/08/08 3:0 p.m.241 views

CVE-2017-10109

CVE-2017-10109 concerns a serialization flaw in Oracle/OpenJDK Java SE components (Java SE, Java SE Embedded, JRockit). The vulnerability, tied to the Serialization subcomponent, can allow an unauthenticated, network-scoped attacker to trigger a denial of service (partial DoS) by loading untruste...

5.3CVSS5.4AI score0.03114EPSS
cve
cve
added 2017/10/19 5:0 p.m.241 views

CVE-2017-10378

CVE-2017-10378 affects the MySQL Server component (Server: Optimizer) with affected versions 5.5.57 and earlier, 5.6.37 and earlier, and 5.7.11 and earlier. The vulnerability is exploitable remotely over multiple protocols by a low-privilege user and can cause the MySQL Server to hang or crash (D...

6.5CVSS6.2AI score0.03237EPSS
cve
cve
added 2018/04/19 2:0 a.m.241 views

CVE-2018-2781

CVE-2018-2781 is a vulnerability in the MySQL Server component (subcomponent: Server: Optimizer). Affected versions are 5.5.59 and earlier, 5.6.39 and earlier, and 5.7.21 and earlier. The fixed text indicates an easily exploitable issue that allows a high-privileged attacker with network access v...

4.9CVSS5.4AI score0.03294EPSS
cve
cve
added 2017/08/08 3:0 p.m.239 views

CVE-2017-10096

CVE-2017-10096 – OpenJDK/JAXP vulnerability (CWE-style) shows a flaw in the Java SE/Java SE Embedded stack, specifically the JAXP component. Affected are Oracle Java SE versions 6u151, 7u141, 8u131 and Java SE Embedded 8u131. The vulnerability can allow an unauthenticated attacker with network ac...

9.6CVSS9.1AI score0.02555EPSS
cve
cve
added 2017/08/08 3:0 p.m.239 views

CVE-2017-10101

CVE-2017-10101 is a concrete OpenJDK/OpenJDK JAXP vulnerability. Affected: Java SE (6u151, 7u141, 8u131) and Java SE Embedded (8u131). Issue: untrusted code loaded in sandboxed deployments can bypass protections and lead to full takeover of Java SE/Embedded via JAXP. Exploitation is network-based...

9.6CVSS9AI score0.02555EPSS
cve
cve
added 2017/10/19 5:0 p.m.239 views

CVE-2017-10349

CVE-2017-10349 affects the OpenJDK/JAXP component (Java SE and Java SE Embedded) where the vulnerability stems from unbounded memory growth during object creation from serialized data, enabling unauthenticated network access to cause a partial denial of service. Multiple connected advisories (IBM...

5.3CVSS5.4AI score0.03305EPSS
cve
cve
added 2017/08/08 3:0 p.m.238 views

CVE-2017-10107

CVE-2017-10107 affects OpenJDK/OpenJDK-based packages (RMI) with vulnerable components in Java SE/Java SE Embedded. The connected security data confirms multiple OpenJDK subcomponents are vulnerable, including RMI-related sandbox bypass issues, and lists affected versions such as Java 6u151, 7u14...

9.6CVSS9AI score0.02555EPSS
cve
cve
added 2022/04/19 8:37 p.m.238 views

CVE-2022-21423

CVE-2022-21423 affects Oracle MySQL Server, component InnoDB, with affected versions 8.0.28 and prior. The connected advisories corroborate that an attacker with network access via multiple protocols can exploit this to cause a partial denial of service in MySQL Server. The vulnerability is descr...

4CVSS3.3AI score0.01279EPSS
cve
cve
added 2017/08/08 3:0 p.m.237 views

CVE-2017-10053

CVE-2017-10053 is an OpenJDK/OpenJDK 2D JPEGImageReader vulnerability. The issue affects Java SE components (Java SE, Java SE Embedded, JRockit) with affected versions including Java 6u151, 7u141, 8u131 (and 8u131 for Java SE Embedded; JRockit R28.3.14). The vulnerability could allow an unauthent...

5.3CVSS5.3AI score0.0345EPSS
cve
cve
added 2017/10/19 5:0 p.m.237 views

CVE-2017-10347

CVE-2017-10347 is a serialization-related vulnerability in Oracle Java SE/JRockit that affects Java SE 6u161, 7u151, 8u144 and 9, and Java SE Embedded 8u144. The issue allows an unauthenticated, networked attacker to cause a partial denial of service in vulnerable deployments that load untrusted ...

5.3CVSS5.5AI score0.03114EPSS
cve
cve
added 2017/10/19 5:0 p.m.236 views

CVE-2017-10357

CVE-2017-10357 is a Java SE/OpenJDK vulnerability affecting the Serialization component in Oracle Java SE and Java SE Embedded. The Initial document lists affected versions as Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. The Connected documents corroborate multiple OpenJDK/OpenJDK...

5.3CVSS5.4AI score0.03305EPSS
cve
cve
added 2017/08/08 3:0 p.m.235 views

CVE-2017-10089

CVE-2017-10089 affects Oracle Java SE ImageIO in OpenJDK/OpenJDK-derived disclosures: 6u151, 7u141, 8u131 are vulnerable. The issue allows a network-based, unauthenticated attacker to take control of the Java SE runtime, with UI interaction required, potentially impacting additional products. Aff...

9.6CVSS9.1AI score0.02415EPSS
cve
cve
added 2017/08/08 3:0 p.m.235 views

CVE-2017-10108

CVE-2017-10108 affects Oracle Java SE, Java SE Embedded, and JRockit (Serialization). Affected versions include Java SE 6u151, 7u141, 8u131; Java SE Embedded 8u131; JRockit R28.3.14. The vulnerability allows unauthenticated remote exploitation via multiple protocols, potentially causing a partial...

5.3CVSS5.3AI score0.03114EPSS
cve
cve
added 2017/08/08 3:0 p.m.233 views

CVE-2017-10110

CVE-2017-10110 affects the Java SE AWT component in Oracle Java SE and is reported in multiple advisories referencing OpenJDK/OpenJDK-derived packages. Affected versions noted across sources include Java SE 6u151, 7u141 and 8u131 (and related OpenJDK/OpenJDK7 packaging in Debian/CentOS/Arch Linux...

9.6CVSS9.1AI score0.02415EPSS
cve
cve
added 2017/10/19 5:0 p.m.233 views

CVE-2017-10274

CVE-2017-10274 affects Oracle Java SE Smart Card IO. According to connected IBM advisories, the flaw can be exploited by an unauthenticated attacker over multiple protocols to compromise confidentiality and integrity (C/H, I/H) with high impact, though no availability impact is stated. Affected J...

6.8CVSS6.8AI score0.02635EPSS
cve
cve
added 2022/06/01 7:3 p.m.230 views

CVE-2022-27778

CVE-2022-27778 is a vulnerability in curl/libcurl described as an “use of incorrectly resolved name” that may cause removal of the wrong file when using --no-clobber with --remove-on-error. Connected advisories confirm the issue exists in curl up to version 7.83.0 and is fixed in 7.83.1. Articles...

8.1CVSS7.8AI score0.03453EPSS
cve
cve
added 2019/07/02 6:31 p.m.227 views

CVE-2019-5443

Technical details about CVE-2019-5443 are not publicly provided in the provided documents. The available information is a high-level summary; monitor for updates.

7.8CVSS7.5AI score0.00717EPSS
cve
cve
added 2017/08/08 3:0 p.m.225 views

CVE-2017-10074

CVE-2017-10074 affects OpenJDK/OpenJDK Hotspot in Java SE and Java SE Embedded. Affected: Java SE 6u151, 7u141, 8u131; Java SE Embedded 8u131. Root cause per advisories: Hotspot range-checking overflow in OpenJDK leading to possible arbitrary-code execution under a sandbox-compiled Java applet/ru...

8.3CVSS8.6AI score0.03117EPSS
cve
cve
added 2017/08/08 3:0 p.m.223 views

CVE-2017-10193

CVE-2017-10193 affects the Java SE and Java SE Embedded components (OpenJDK) with affected Java SE versions 6u151, 7u141, 8u131 and Java SE Embedded 8u131. The vulnerability enables a network-accessible attacker to compromise Java SE/Embedded when running untrusted code in sandboxed client deploy...

3.1CVSS3.7AI score0.02224EPSS
cve
cve
added 2017/10/19 5:0 p.m.220 views

CVE-2017-10384

CVE-2017-10384 affects the MySQL Server component (Server: DDL) of Oracle MySQL. Affected versions include 5.5.57 and earlier, 5.6.37 and earlier, and 5.7.19 and earlier. An attacker with network access via multiple protocols and low privileges can cause a hang or a complete denial of service in ...

6.5CVSS5.5AI score0.03078EPSS
cve
cve
added 2017/08/10 10:0 p.m.219 views

CVE-2016-6797

CVE-2016-6797 stems from Apache Tomcat’s ResourceLinkFactory not restricting web app access to global JNDI resources, allowing a web application to access any global JNDI resource regardless of explicit ResourceLink. Affects Tomcat 6.x/7.x/8.x/9.x releases listed in the entry (various 6.0–9.0 lin...

7.5CVSS8.4AI score0.0807EPSS
cve
cve
added 2017/08/08 3:0 p.m.219 views

CVE-2017-10198

CVE-2017-10198 affects Oracle Java SE, Java SE Embedded, and JRockit. Vulnerability in the Security component (and related areas) allows unauthenticated network-based access to compromise affected Java runtimes (Java SE 6u151, 7u141, 8u131; Embedded 8u131; JRockit R28.3.14). Exploitation is possi...

6.8CVSS6.8AI score0.02598EPSS
cve
cve
added 2017/10/19 5:0 p.m.219 views

CVE-2017-10309

CVE-2017-10309 involves the Deployment subcomponent of Oracle Java SE. Public details in the provided documents indicate an XML External Entity/Information Disclosure style vulnerability affecting Java 8u144 and Java 9 deployments, with network-accessible exploitation requiring user interaction. ...

7.1CVSS7AI score0.08794EPSS
Web
cve
cve
added 2022/08/31 12:0 a.m.218 views

CVE-2022-1319

CVE-2022-1319 affects Undertow (via JBoss EAP 7) where an AJP 400 response can trigger two response packets that carry the reuse flag, and the connection reuse logic reads the second SEND_HEADERS instead of CPONG after a CPING. This can lead to a vulnerability in scenarios where connections are r...

7.5CVSS7.3AI score0.01258EPSS
cve
cve
added 2020/10/06 12:0 a.m.213 views

CVE-2020-25644

CVE-2020-25644 is a memory‑leak vulnerability in WildFly OpenSSL (WildFly OpenSSL natives) prior to 1.1.3.Final. The flaw causes a memory leak per HTTP session creation, which can lead to Out-Of-Memory and a denial of service, predominantly affecting availability. Affected component/file: WildFly...

7.5CVSS6.9AI score0.02183EPSS
Total number of security vulnerabilities971