Lucene search
K
NetappOncommand Insight

971 matches found

CVE
CVE
added 2017/08/10 4:0 p.m.210 views

CVE-2016-0762

CVE-2016-0762 affects Apache Tomcat realms across multiple branches (Tomcat 9.0.x, 8.5.x, 8.0.x, 7.0.x, 6.0.x). The root cause: Realm implementations did not process the supplied password when the username did not exist, enabling a timing attack to determine valid usernames. The default LockOutRe...

5.9CVSS7.3AI score0.07991EPSS
CVE
CVE
added 2017/10/19 5:0 p.m.206 views

CVE-2017-10379

CVE-2017-10379 concerns the MySQL Server client-side component of Oracle MySQL. Affected versions are 5.5.57 and earlier, 5.6.37 and earlier, and 5.7.19 and earlier. The vulnerability can be exploited by a low-privileged attacker with network access via multiple protocols, potentially leading to ...

6.5CVSS5.2AI score0.0228EPSS
CVE
CVE
added 2018/07/18 1:0 p.m.206 views

CVE-2018-3070

CVE-2018-3070 affects Oracle MySQL Server (MySQL client mysqldump component). Affected versions are 5.5.60 and earlier, 5.6.40 and earlier, and 5.7.22 and earlier. The vulnerability is described as easily exploitable, requiring network access via multiple protocols, and can allow a low-privileged...

6.5CVSS5.1AI score0.03637EPSS
CVE
CVE
added 2023/07/18 8:18 p.m.206 views

CVE-2023-22053

CVE-2023-22053 affects Oracle MySQL: vulnerability in the MySQL Client programs that can allow a low-privilege attacker with network access to cause a hang/complete DoS and unauthorized read of a subset of data. Affected releases include MySQL 5.7.42 and earlier and 8.0.33 and earlier. Connected ...

5.9CVSS5.8AI score0.01152EPSS
CVE
CVE
added 2022/04/19 8:38 p.m.205 views

CVE-2022-21489

CVE-2022-21489 affects Oracle MySQL Cluster, specifically the Cluster: General component. Affected versions are 7.4.35 and prior, 7.5.25 and prior, 7.6.21 and prior, and 8.0.28 and prior. The root cause is a vulnerability in MySQL Cluster that, under certain conditions, could allow a high-privile...

6.3CVSS5.6AI score0.78854EPSS
CVE
CVE
added 2018/07/18 1:0 p.m.204 views

CVE-2018-2964

CVE-2018-2964 affects Oracle Java SE Deployment. Affected are Java SE 8u172 and 10.0.1; the flaw is exploitable over the network via multiple protocols and may allow takeover of Java SE, with client deployments using untrusted code in sandboxed environments being at risk. Exploitation is reported...

8.3CVSS8.6AI score0.02767EPSS
CVE
CVE
added 2017/08/10 4:0 p.m.200 views

CVE-2016-6794

CVE-2016-6794 affects Apache Tomcat across multiple branches (7.x, 8.x, 9.x) and versions, where the system property replacement feature for configuration files can bypass a configured SecurityManager to read restricted system properties. Connected advisories show concrete impact and suggested fi...

5.3CVSS7AI score0.07152EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.200 views

CVE-2017-10078

CVE-2017-10078 affects Oracle Java SE 8u131 (Scripting) and can be exploited over network with multiple protocols, enabling high-impact confidentiality and integrity violations and data access. The vulnerability can be triggered by sandboxed Web Start/Applet use or via APIs without sandboxing. Th...

8.1CVSS7.8AI score0.02402EPSS
CVE
CVE
added 2022/10/18 12:0 a.m.198 views

CVE-2022-39399

CVE-2022-39399 affects Oracle Java SE and GraalVM Enterprise Edition (Networking component). Affected versions: Oracle Java SE 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM EE 20.3.7, 21.3.3, 22.2.0. The vulnerability allows unauthenticated, network-based access via HTTP to compromise data integrity, p...

3.7CVSS3.9AI score0.01473EPSS
CVE
CVE
added 2017/10/19 5:0 p.m.197 views

CVE-2017-10293

CVE-2017-10293 is a vulnerability in the Oracle Java SE Javadoc component affecting Java SE versions 6u161, 7u151, 8u144, and 9. It permits an unauthenticated attacker with network access via HTTP to potentially read and modify Java data and read data, with user interaction required for exploitat...

6.1CVSS6.1AI score0.01489EPSS
CVE
CVE
added 2018/04/19 2:0 a.m.197 views

CVE-2018-2826

CVE-2018-2826 affects Oracle Java SE Libraries in Java SE 10. The vulnerability allows an unauthenticated network-based attacker to compromise Java SE, with potential takeover of the Java Runtime, per the description. CVSS 3.1 indicates HIGH impact (C, I, A HIGH) with NETWORK attack vector and re...

8.3CVSS8AI score0.04979EPSS
CVE
CVE
added 2020/01/15 4:34 p.m.197 views

CVE-2020-2585

CVE-2020-2585 is referenced in connected security advisories as affecting Oracle Java SE (component JavaFX) with affected Java SE 8u231. The advisory notes that exploitation is difficult but possible by a network-access attacker through multiple protocols, potentially allowing unauthorized creati...

5.9CVSS5.6AI score0.03321EPSS
CVE
CVE
added 2021/10/20 10:50 a.m.197 views

CVE-2021-35560

CVE-2021-35560 is an Oracle Java SE Deployment vulnerability (Java SE 8u301 affected) that allows an unauthenticated attacker with network access to takeover Java SE, with user interaction required. Connected docs confirm the CVE and provide affected products (e.g., IBM advisories referencing Jav...

7.5CVSS8AI score0.04495EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.195 views

CVE-2017-10176

CVE-2017-10176 affects Oracle Java SE/SE Embedded/JRockit (OpenJDK/OpenJDK components) with affected releases including Java SE 7u141 and 8u131, SE Embedded 8u131, JRockit R28.3.14. The vulnerability enables an unauthenticated network attacker to access or take data via multiple protocols and can...

7.5CVSS7AI score0.05034EPSS
CVE
CVE
added 2022/04/19 8:37 p.m.192 views

CVE-2022-21440

CVE-2022-21440 affects Oracle MySQL Server (Optimizer) up to version 8.0.28 and earlier. A high-privilege attacker with network access via multiple protocols can cause a hang or crash (DoS) and may modify data. Remediation in related advisories points to upgrading to a fixed release (e.g., MySQL ...

5.5CVSS5.4AI score0.01116EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.190 views

CVE-2017-10114

CVE-2017-10114 affects the Java SE/JavaFX component; specifically Java SE 7u141 and 8u131. The vulnerability is described as difficult to exploit, requiring network access via multiple protocols and user interaction, with potential takeover of Java SE and possible impact on other products relying...

8.3CVSS8.5AI score0.0229EPSS
CVE
CVE
added 2022/04/19 8:37 p.m.188 views

CVE-2022-21459

CVE-2022-21459 affects Oracle MySQL Server (component: Server: Optimizer). Affected: MySQL 8.0.28 and prior. Issue allows a high-privilege attacker with network access to cause a hang or crash (DOS) and unauthorized updates/deletes to some data. Publicly available connected advisories corroborate...

5.5CVSS5.4AI score0.01116EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.185 views

CVE-2017-10118

CVE-2017-10118 affects Oracle Java SE/JRockit/JCE with a timing-channel vulnerability in ECDSA within the JCE component. A remote attacker could potentially recover private keys by observing timing differences, enabling unauthenticated network-remote exploitation on affected OpenJDK/JRockit confi...

7.5CVSS7AI score0.02972EPSS
CVE
CVE
added 2018/01/18 2:0 a.m.185 views

CVE-2018-2638

CVE-2018-2638 is addressed in IBM product advisories for IBM Netezza and IBM InfoSphere Optim. The IBM Netezza Platform Software requires upgrading to 11.2.1.2 (Fix Central link provided in the bulletin). Separately, IBM InfoSphere Optim solutions (11.3.0) should apply fix pack 11.3.0.7 to mitiga...

8.3CVSS8AI score0.03328EPSS
CVE
CVE
added 2017/08/11 2:0 a.m.184 views

CVE-2016-6796

CVE-2016-6796 affects Apache Tomcat across multiple lines: a malicious web application could bypass the SecurityManager by manipulating the configuration parameters for the JSP Servlet. Affected versions include Tomcat 9.0.0.M1–9.0.0.M9, 8.5.0–8.5.4, 8.0.0.RC1–8.0.36, 7.0.0–7.0.70, and 6.0.0–6.0....

7.5CVSS8.4AI score0.08321EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.184 views

CVE-2017-10111

CVE-2017-10111 affects Oracle Java OpenJDK’s Libraries component (Java SE). The connected advisories confirm vulnerable versions include Java SE 8u131 and Java SE Embedded 8u131, with exploitation described as arbitrary code execution via the LambdaFormEditor bounds checks in the Libraries, enabl...

9.6CVSS9AI score0.02132EPSS
CVE
CVE
added 2022/08/31 12:0 a.m.184 views

CVE-2022-1259

CVE-2022-1259 is an Undertow-related denial-of-service issue. The root cause is an incomplete fix for CVE-2021-3629, causing potential DoS from HTTP/2 flow-control handling. Connected documents (Nessus plugin references and IBM/Red Hat advisories) confirm this in context of Undertow and note that...

7.5CVSS6.3AI score0.01072EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.183 views

CVE-2017-10105

CVE-2017-10105 is a vulnerability in the Oracle Java SE Deployment component affecting Java SE 6u151, 7u141, and 8u131. The connected CHAINGUARD entry confirms a vulnerability in Oracle Java SE Deployment with unspecified root cause and a potential impact to data integrity, but does not provide p...

4.3CVSS4.4AI score0.01913EPSS
CVE
CVE
added 2021/01/20 2:50 p.m.182 views

CVE-2021-2014

CVE-2021-2014 is a vulnerability in Oracle MySQL Server (Server: PAM Auth Plugin) affecting 5.7.32 and earlier. An authenticated attacker with network access via multiple protocols can exploit this to cause a denial of service (hang or crash) with an availability impact. The initial data lists a ...

6.8CVSS4.9AI score0.02157EPSS
CVE
CVE
added 2021/07/20 10:44 p.m.182 views

CVE-2021-2417

CVE-2021-2417 is a vulnerability in Oracle MySQL Server (component: GIS) affecting MySQL 8.0.25 and earlier. The cited description states that a highly privileged attacker with network access via multiple protocols can cause a hang or a frequently repeated crash (complete DOS) and may also gain u...

8CVSS5.6AI score0.01729EPSS
CVE
CVE
added 2021/07/20 10:43 p.m.181 views

CVE-2021-2342

CVE-2021-2342 affects Oracle MySQL Server (Server: Optimizer). Affected: MySQL 5.7.34 and earlier; 8.0.25 and earlier. Impact: high-privilege attacker on the network can cause a hang or crash (DoS) via multiple protocols; CVSS 3.1 base 4.9 (A). No explicit remediation version provided in the supp...

4.9CVSS4.9AI score0.02588EPSS
CVE
CVE
added 2020/09/23 12:28 p.m.180 views

CVE-2020-10714

CVE-2020-10714 concerns WildFly Elytron prior to 1.11.3.Final. A flaw in FORM authentication with a session ID in the URL enables a session fixation attack, affecting confidentiality, integrity, and availability. The impact is stated in the sources as high (CVSS 3.1) with network access and user ...

7.5CVSS7.3AI score0.01454EPSS
CVE
CVE
added 2022/07/19 9:6 p.m.180 views

CVE-2022-21515

Oracle MySQL Server vulnerability CVE-2022-21515 affects MySQL Server (component: Server: Options). Affected versions: 5.7.38 and earlier; 8.0.29 and earlier. Exploitation allows a high-privilege attacker with network access via multiple protocols to cause the server to hang or crash (DoS). Conne...

4.9CVSS4.9AI score0.01418EPSS
CVE
CVE
added 2018/07/18 1:0 p.m.179 views

CVE-2018-2941

CVE-2018-2941 affects Oracle Java SE (JavaFX) with affected products Java SE 7u181, 8u172, and 10.0.1. The vulnerability is difficult to exploit, requires network access via multiple protocols and user interaction, and can lead to takeover of Java SE. It principally concerns Java deployments runn...

8.3CVSS8.5AI score0.02239EPSS
CVE
CVE
added 2021/07/20 10:43 p.m.177 views

CVE-2021-2367

CVE-2021-2367 is a vulnerability in Oracle MySQL Server (component: Server: Optimizer) affecting MySQL 8.0.25 and earlier. It enables a high-privilege attacker with network access via multiple protocols to cause a hang or complete denial of service (DOS) of MySQL Server. Some connected advisories...

4.9CVSS4.7AI score0.02588EPSS
CVE
CVE
added 2020/10/30 12:0 a.m.175 views

CVE-2020-25689

CVE-2020-25689 : In WildFly, all versions up to 21.0.0.Final exhibit a memory-leak in the host-controller when reconnection attempts loop, causing new connections to be created but not properly closed. This can trigger an Out of Memory (OOM) condition and denial of service, primarily affecting av...

6.8CVSS6.1AI score0.01469EPSS
CVE
CVE
added 2021/07/20 10:44 p.m.173 views

CVE-2021-2390

CVE-2021-2390 is a vulnerability in Oracle MySQL Server (InnoDB) affecting MySQL versions 5.7.34 and prior, and 8.0.25 and prior. The issue can be exploited by an unauthenticated attacker over network protocols to cause the server to hang or crash (complete DOS). Multiple connected advisories ref...

7.1CVSS5.5AI score0.04267EPSS
CVE
CVE
added 2020/09/01 8:49 p.m.171 views

CVE-2020-13946

CVE-2020-13946 relates to an Apache Cassandra RMI registry manipulation vulnerability enabling a local attacker to perform a man-in-the-middle attack to capture JMX credentials and gain unauthorized access. The connected CIRCL entry confirms affected ranges: Cassandra 4.0.2 through 5.0.2 (Java 11...

5.9CVSS6.8AI score0.02951EPSS
CVE
CVE
added 2021/07/20 10:43 p.m.171 views

CVE-2021-2374

CVE-2021-2374 affects Oracle MySQL Server (InnoDB) with affected versions 8.0.25 and prior. The vulnerability allows a high-privilege attacker with local access to compromise the server, potentially gaining unauthorized access to data. The CVSSv3.1 base score is 4.1 (Confidentiality impact: High;...

4.1CVSS3.9AI score0.00456EPSS
CVE
CVE
added 2021/07/20 10:44 p.m.171 views

CVE-2021-2385

CVE-2021-2385 affects Oracle MySQL Server, specifically the replication component. Affected versions are MySQL 5.7.34 and earlier and 8.0.25 and earlier. The issue allows a high-privilege attacker with network access (via multiple protocols) to cause a hang or crash (DoS) and may enable unauthori...

5CVSS5AI score0.0187EPSS
CVE
CVE
added 2018/04/19 2:0 a.m.170 views

CVE-2018-2825

CVE-2018-2825 concerns Oracle Java SE Libraries with affected Java SE 10, allowing network-based attacks that may compromise confidentiality, integrity, and availability; the exploitation requires user interaction. The connected documents largely discuss IBM-specific advisories (IBM i, Netcool Ag...

8.3CVSS8AI score0.04146EPSS
CVE
CVE
added 2021/07/20 10:44 p.m.170 views

CVE-2021-2399

CVE-2021-2399 is a MySQL Server (Oracle) vulnerability in the Server: DDL component. Affected versions are 8.0.25 and prior; exploitation via network with multiple protocols can cause a hang or complete denial of service. The connected advisories (MiracleLinux, ALINUX3, Rocky Linux, Red Hat, Orac...

4.9CVSS4.7AI score0.0171EPSS
CVE
CVE
added 2021/07/20 10:44 p.m.169 views

CVE-2021-2412

CVE-2021-2412 is a vulnerability in the Oracle MySQL Server, specifically the Server: Optimizer component. Affected are MySQL 8.0.x up to 8.0.21 and prior versions. The issue allows a high-privileged attacker with network access via multiple protocols to cause a hang or a frequent crash (complete...

4.9CVSS4.9AI score0.02088EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.168 views

CVE-2017-10125

CVE-2017-10125 is described in the initial document as a vulnerability in the Oracle Java SE Deployment component affecting Java SE 7u141 and 8u131. The impact is stated as potentially allowing takeover of Java SE, with CVSS 3.0/3.1 metrics indicating a physical access prerequisite (HPC: PHYSICAL...

7.1CVSS7.6AI score0.0063EPSS
CVE
CVE
added 2021/07/20 10:43 p.m.168 views

CVE-2021-2384

CVE-2021-2384 affects Oracle MySQL Server (component: Server: Optimizer). Affected: 8.0.25 and earlier. Vulnerability allows a high-privilege attacker with network access via multiple protocols to cause a hang or crash (Denial of Service). Remediation: vendor advisories show fixes in newer MySQL ...

4.9CVSS4.8AI score0.02196EPSS
CVE
CVE
added 2020/06/10 7:29 p.m.167 views

CVE-2020-10705

CVE-2020-10705 affects Undertow prior to 2.1.1.Final, where requests using the Expect: 100-continue header can trigger a memory exhaustion error, potentially causing a denial of service. The vulnerability is documented in the CVE page and appears in related advisories (e.g., Red Hat JBoss EAP 7.x...

7.5CVSS7.1AI score0.01192EPSS
CVE
CVE
added 2021/07/20 10:44 p.m.167 views

CVE-2021-2418

CVE-2021-2418 affects Oracle MySQL Server (Server: Optimizer). The vulnerability is exploitable in affected MySQL Server versions 8.0.25 and earlier, enabling a high-privilege attacker with network access via multiple protocols to cause a hang or crash (complete DOS). Public-document details cons...

4.9CVSS4.7AI score0.0171EPSS
CVE
CVE
added 2021/07/20 10:44 p.m.167 views

CVE-2021-2429

Technical details about CVE-2021-2429 are not publicly provided in the connected documents. The available material summarizes advisories but does not specify affected products/versions or fixes. Monitor for updates.

5.9CVSS5.4AI score0.41478EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.166 views

CVE-2017-10086

CVE-2017-10086 affects Oracle Java SE (JavaFX) in Java 7u141 and 8u131. Descriptions indicate an easily exploitable, network-accessible vulnerability that can be exploited with no authentication and user interaction, potentially leading to takeover of Java SE. The connected documents cite this CV...

9.6CVSS9AI score0.02132EPSS
CVE
CVE
added 2022/04/19 8:37 p.m.166 views

CVE-2022-21457

CVE-2022-21457 affects Oracle MySQL Server (component: PAM Auth Plugin). Affected versions: 8.0.28 and earlier. The vulnerability allows an unauthenticated attacker with network access via multiple protocols to gain access to critical data or full MySQL Server data. The published CVSS indicates C...

5.9CVSS5.4AI score0.02092EPSS
CVE
CVE
added 2021/07/20 10:44 p.m.165 views

CVE-2021-2422

CVE-2021-2422 affects Oracle MySQL Server (component: Server: PS); affected versions are 8.0.25 and prior. The vulnerability enables a high-privileged attacker with network access via multiple protocols to cause a hang or crash (complete DOS) of MySQL Server (CVSS v3.1 base 4.9). Public advisorie...

4.9CVSS4.8AI score0.02088EPSS
CVE
CVE
added 2022/07/19 9:7 p.m.165 views

CVE-2022-21553

CVE-2022-21553 affects Oracle MySQL Server (Component: Server: Optimizer). Public sources in connected docs describe affected versions as 8.0.29 and prior, with an attacker of HIGH privileges gaining network access via multiple protocols and potentially causing a hang or frequent crashes (complet...

4.9CVSS4.9AI score0.01135EPSS
CVE
CVE
added 2020/07/15 5:34 p.m.164 views

CVE-2020-14664

CVE-2020-14664 affects Oracle Java SE (component: JavaFX ) with affected version Java SE 8u251 . The vulnerability is exploitable over the network and can be triggered by loading untrusted code in client-side Java deployments (Web Start/applets). It requires user interaction and could lead to tak...

8.3CVSS8.1AI score0.04245EPSS
CVE
CVE
added 2021/07/20 10:43 p.m.164 views

CVE-2021-2370

CVE-2021-2370 affects Oracle MySQL Server (component: Server: DML). Affected versions: 8.0.25 and earlier. Risk: high-privilege attacker with network access can cause a hang or crash (DoS) of MySQL Server (CVSS v3.1: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Public advisories indicate the issue is ad...

4.9CVSS4.7AI score0.02518EPSS
CVE
CVE
added 2021/07/20 10:44 p.m.164 views

CVE-2021-2427

CVE-2021-2427 is a vulnerability in Oracle MySQL Server (Server: Optimizer). Affected are MySQL Server 8.0.25 and prior. The issue is exploitable over the network by a high-privilege attacker and can cause a hang or a crash (complete DOS) of MySQL Server. Connected advisories and Nessus plugins c...

4.9CVSS4.7AI score0.01999EPSS
Total number of security vulnerabilities971