Lucene search
K
NetappOncommand Unified Manager

169 matches found

CVE
CVE
added 2019/04/08 9:31 p.m.14646 views

CVE-2019-0211

CVE-2019-0211 affects Apache HTTP Server 2.4.17–2.4.38 when using MPM event, worker, or prefork. The issue arises from code executing in less-privileged child processes/threads (including in-process scripting interpreters) that could be exploited to run arbitrary code with the privileges of the p...

7.8CVSS7.2AI score0.65005EPSS
In wildWeb
CVE
CVE
added 2017/06/20 1:0 a.m.7613 views

CVE-2017-3167

CVE-2017-3167 affects Apache httpd 2.2.x prior to 2.2.33 and 2.4.x prior to 2.4.26. The issue is that third‑party modules using ap_get_basic_auth_pw() outside the authentication phase can bypass authentication requirements. Connected sources confirm the impact and upstream fixes: update to httpd ...

9.8CVSS9.6AI score0.20231EPSS
CVE
CVE
added 2017/06/20 1:0 a.m.6044 views

CVE-2017-7668

CVE-2017-7668: Apache httpd contains a buffer over-read in ap_find_token() caused by strict HTTP parsing changes in 2.2.32 and 2.4.24. A remote attacker can craft headers to crash the httpd process or have ap_find_token() return an incorrect value. Affected distributions have addressed this by up...

7.5CVSS8.4AI score0.57472EPSS
CVE
CVE
added 2018/08/17 12:0 a.m.5609 views

CVE-2018-15473

OpenSSH vulnerability CVE-2018-15473 affects OpenSSH up to version 7.7, where the server may enumerate valid usernames by returning different responses for invalid authentication attempts due to not delaying bailout until after the request packet is parsed (auth2-gss.c, auth2-hostbased.c, auth2-p...

5.9CVSS5.8AI score0.98631EPSS
CVE
CVE
added 2018/01/21 10:0 p.m.4209 views

CVE-2016-10708

OpenSSH sshd before 7.4 is vulnerable to a denial of service caused by a NULL pointer dereference when processing an out-of-sequence NEWKEYS message (kex.c/packet.c). This affects the OpenSSH server; exploitation leads to daemon crash as demonstrated by Honggfuzz. Affected products include OpenSS...

7.5CVSS5.9AI score0.15716EPSS
CVE
CVE
added 2019/04/08 8:11 p.m.3442 views

CVE-2019-0217

This CVE affects Apache HTTP Server 2.4.x up to 2.4.38, where a race condition in mod_auth_digest could allow an authenticated user to act as another user and bypass access control. The issue is tied to running in threaded MPMs; the underlying cause is a race condition in authentication handling....

7.5CVSS7.5AI score0.17666EPSS
CVE
CVE
added 2017/07/13 4:0 p.m.3288 views

CVE-2017-9788

Apache httpd vulnerability CVE-2017-9788 stems from mod_auth_digest not initializing or resetting the value placeholder in Digest Proxy-Authorization headers between key=value assignments, which can leak previous memory data or cause a segfault/DoS. Affected: httpd 2.2.34 and 2.4.x prior to 2.4.2...

9.1CVSS8.4AI score0.5677EPSS
CVE
CVE
added 2017/07/27 9:0 p.m.2274 views

CVE-2016-8743

The CVE-2016-8743 issue affects Apache HTTP Server. It concerns how whitespace is accepted in requests and sent in response lines and headers in all releases before 2.2.32 and 2.4.25. The root problem is liberal whitespace handling, which can enable request smuggling, response splitting, and cach...

7.5CVSS7.7AI score0.13252EPSS
CVE
CVE
added 2010/08/04 7:0 p.m.1088 views

CVE-2010-1871

CVE-2010-1871 affects JBoss Seam 2 (jboss-seam2) as used in Red Hat Linux’s JBoss Enterprise Application Platform 4.3.0. The vulnerability stems from inadequate sanitization of inputs to JBoss Expression Language (EL) expressions, enabling remote code execution via a crafted URL when the Java Sec...

8.8CVSS9.5AI score0.83397EPSS
In wild
CVE
CVE
added 2019/02/27 11:0 p.m.920 views

CVE-2019-1559

OpenSSL vulnerability CVE-2019-1559 describes a padding-oracle weakness where, if an application encounters a fatal protocol error and then calls SSL_shutdown() twice (to send close_notify and to receive one), the server may respond differently to a 0-byte record with invalid padding versus inval...

5.9CVSS6.3AI score0.17139EPSS
CVE
CVE
added 2018/05/16 4:0 p.m.872 views

CVE-2018-8014

CVE-2018-8014 affects the default configuration of Tomcat’s CORS filter, where default settings enable supportsCredentials for all origins across multiple releases (9.0.0.M1–9.0.8, 8.5.0–8.5.31, 8.0.0.RC1–8.0.52, 7.0.41–7.0.88). The issue is that environments relying on the default CORS configura...

9.8CVSS8.6AI score0.21979EPSS
CVE
CVE
added 2016/04/21 10:0 a.m.779 views

CVE-2016-3427

CVE-2016-3427 is an unspecified vulnerability in Oracle Java SE (affecting 6u113, 7u99, 8u77) and JRockit, tied to the Java Management Extensions (JMX) component. Exploitation can affect confidentiality, integrity, and availability via JMX-related vectors; the issue is described as an unspecified...

10CVSS6.8AI score0.92334EPSS
In wild
CVE
CVE
added 2019/09/16 6:6 p.m.694 views

CVE-2019-5482

CVE-2019-5482 is a heap buffer overflow in curl/libcurl’s TFTP handler (tftp_receive_packet) affecting curl versions up to 7.65.3. Public advisories detail that a small TFTP blocksize can trigger overflow, potentially enabling DoS or arbitrary code execution. Public fixes exist across distributio...

9.8CVSS9.7AI score0.17939EPSS
CVE
CVE
added 2019/01/16 7:0 p.m.665 views

CVE-2019-2537

CVE-2019-2537 affects the MySQL Server component (subcomponent: Server: DDL) of Oracle MySQL. Affected: 5.6.42 and prior, 5.7.24 and prior, 8.0.13 and prior. Description in connected docs confirms an easily exploitable, network-accessible vulnerability that can cause the MySQL Server to hang or c...

4.9CVSS5.1AI score0.04457EPSS
CVE
CVE
added 2019/01/16 7:0 p.m.638 views

CVE-2019-2529

CVE-2019-2529 affects Oracle MySQL Server (Server: Optimizer). Affected: 5.6.42 and prior, 5.7.24 and prior, 8.0.13 and prior. Low-privilege, network-access attacker can cause a hang or complete DOS. Remediation: advisories/applicable updates exist (e.g., ALAS/CentOS/RHSA); update mariadb/mysql p...

6.5CVSS6.2AI score0.0436EPSS
CVE
CVE
added 2017/05/23 3:56 a.m.609 views

CVE-2016-9841

CVE-2016-9841 is a vulnerability in zlib 1.2.8 related to improper pointer arithmetic in inffast.c that could have context-dependent impact. Connected advisories confirm public details and show remediation by upgrading zlib to a newer version (e.g., 1.2.11) across affected products and distributi...

9.8CVSS9.9AI score0.07489EPSS
CVE
CVE
added 2018/10/29 1:0 p.m.567 views

CVE-2018-0735

CVE-2018-0735 corresponds to a timing side-channel vulnerability in OpenSSL’s ECDSA signature generation. An attacker could exploit variations in signing to recover the private key. Affected: OpenSSL 1.1.0 (1.1.0-1.1.0i) and OpenSSL 1.1.1 (1.1.1) prior to the fixes. Fixes were released in OpenSSL...

5.9CVSS5.7AI score0.04763EPSS
CVE
CVE
added 2018/10/30 12:0 p.m.536 views

CVE-2018-0734

CVE-2018-0734 (OpenSSL) describes a timing side-channel in the DSA signature algorithm that could enable private key recovery. The initial entry notes fixes in OpenSSL releases 1.1.1a (and 1.1.0j, 1.0.2q) for affected branches. Connected advisories (CloudLinux, Arch Linux, Amazon/Linux distributi...

5.9CVSS5.9AI score0.12154EPSS
CVE
CVE
added 2018/10/17 1:0 a.m.481 views

CVE-2018-3133

CVE-2018-3133 concerns Oracle MySQL Server (subcomponent: Server: Parser). Affected are MySQL Server versions 5.5.61 and earlier, 5.6.41 and earlier, 5.7.23 and earlier, and 8.0.12 and earlier. An attacker with network access via multiple protocols and low privileges can trigger a hang or frequen...

6.5CVSS6.3AI score0.029EPSS
CVE
CVE
added 2019/01/16 7:0 p.m.475 views

CVE-2019-2481

CVE-2019-2481 affects Oracle MySQL Server (Server: Optimizer). Affected versions are 5.6.42 and prior, 5.7.24 and prior, and 8.0.13 and prior. The vulnerability can be exploited by a high-privileged attacker over the network to cause a hang or a frequently repeating crash (complete DoS) of MySQL ...

4.9CVSS4.8AI score0.03169EPSS
CVE
CVE
added 2019/01/16 7:0 p.m.474 views

CVE-2019-2534

CVE-2019-2534 affects Oracle MySQL Server (subcomponent: Server: Replication). Affected versions are 5.6.42 and earlier, 5.7.24 and earlier, and 8.0.13 and earlier. The vulnerability is exploitable by a low-privileged attacker with network access via multiple protocols, potentially leading to una...

7.1CVSS6.4AI score0.02113EPSS
CVE
CVE
added 2018/10/17 12:0 p.m.471 views

CVE-2018-10933

CVE-2018-10933 affects libssh, specifically the server-side state machine, where versions prior to 0.7.6 and 0.8.4 allow an unauthenticated attacker to create channels and gain unauthorized access. The underlying issue is an authentication bypass in the server code, reported by multiple vendors a...

9.1CVSS8.5AI score0.91789EPSS
CVE
CVE
added 2019/01/16 7:0 p.m.464 views

CVE-2019-2422

CVE-2019-2422 affects Oracle Java SE Libraries in Java SE 7u201, 8u192, 11.0.1 (and Java SE Embedded 8u191). The issue is a memory disclosure in FileChannelImpl that could allow an unauthenticated, network-reachable attacker to read a subset of data, with user interaction required in some context...

3.1CVSS2.4AI score0.03468EPSS
CVE
CVE
added 2018/10/17 1:0 a.m.458 views

CVE-2018-3251

CVE-2018-3251 affects Oracle MySQL Server (InnoDB). Affected: 5.6.41 and earlier, 5.7.23 and earlier, 8.0.12 and earlier. Exploitation via network against multiple protocols can cause a hang or crash (DOS). Several advisories reference fixes in corresponding OS/package updates (e.g., ALAS and Deb...

6.5CVSS6.9AI score0.03053EPSS
CVE
CVE
added 2018/10/17 1:0 a.m.455 views

CVE-2018-3156

CVE-2018-3156 affects Oracle MySQL Server (subcomponents: InnoDB; also referenced in multiple advisories) with affected versions: 5.6.41 and earlier, 5.7.23 and earlier, and 8.0.12 and earlier. According to the connected advisories for Linux distributions, the vulnerability enables network-access...

6.5CVSS6.9AI score0.03716EPSS
CVE
CVE
added 2018/10/17 1:0 a.m.452 views

CVE-2018-3143

CVE-2018-3143 is a vulnerability in the MySQL Server component (subcomponent: InnoDB) affecting Oracle MySQL. Affected versions are 5.6.41 and prior, 5.7.23 and prior, and 8.0.12 and prior. It allows a low-privilege, network-attacker to cause a hang or crash (DoS) via multiple protocols. The issu...

6.5CVSS6.9AI score0.03716EPSS
CVE
CVE
added 2019/01/16 7:0 p.m.447 views

CVE-2019-2531

CVE-2019-2531 affects the MySQL Server component (subcomponent: Server: Replication) of Oracle MySQL. Affected versions are 5.6.42 and earlier, 5.7.24 and earlier, and 8.0.13 and earlier. The vulnerability allows a high-privileged, network-access attacker to cause a hang or a frequent crash (DOS)...

4.9CVSS4.8AI score0.03232EPSS
CVE
CVE
added 2018/10/17 1:0 a.m.430 views

CVE-2018-3185

CVE-2018-3185 is a MySQL Server (InnoDB) vulnerability affecting 5.7.23 and earlier and 8.0.12 and earlier. The connected F5 advisory confirms exploitable remote access via multiple protocols by a high-privilege attacker, potentially causing a hang or crash (DoS) and unauthorized data updates. Th...

5.5CVSS5.5AI score0.02563EPSS
CVE
CVE
added 2018/07/18 1:0 p.m.428 views

CVE-2018-2952

CVE-2018-2952 affects OpenJDK/OpenJDK-derived Java runtimes (Java SE 7/8 and JRockit) in the Concurrency component. The root cause is insufficient index validation in PatternSyntaxException getMessage(), enabling unauthenticated network-based exploitation that can cause a denial of service via me...

4.3CVSS4AI score0.04184EPSS
CVE
CVE
added 2020/10/21 2:4 p.m.424 views

CVE-2020-14798

CVE-2020-14798 is a vulnerability in Oracle Java SE Libraries affecting Java SE versions 7u271, 8u261, 11.0.8 and 15, and Java SE Embedded 8u261. Exploitation is possible over network with multiple protocols and does not require authentication, but requires user interaction. Impact described as p...

3.1CVSS3.4AI score0.02684EPSS
CVE
CVE
added 2020/10/21 2:4 p.m.416 views

CVE-2020-14803

CVE-2020-14803 affects Oracle Java SE Libraries in Java SE 11.0.8 and 15. The vulnerability allows an unauthenticated attacker over network to read a subset of Java SE data due to an issue in Libraries handling, per the CVSS base score 5.3 (CONF). Affected advisories across platforms corroborate ...

5.3CVSS4.4AI score0.03122EPSS
CVE
CVE
added 2018/05/16 5:0 p.m.412 views

CVE-2018-11212

CVE-2018-11212 affects libjpeg/libjpeg-turbo: the alloc_sarray function in jmemmgr.c allows a remote attacker to cause a denial of service via a crafted file due to a divide-by-zero error. Public advisories (e.g., ALAS2-2019-1198, ALAS-2019-1286, AL2/ALSA-centos/CESA-2019:2052, Debian DLA-1638-1)...

6.5CVSS6.2AI score0.04898EPSS
CVE
CVE
added 2019/01/16 7:0 p.m.396 views

CVE-2019-2434

CVE-2019-2434 affects the Oracle MySQL Server component (subcomponent: Server: Parser). Affected versions include 5.7.24 and earlier and 8.0.13 and earlier. It is exploitable over the network by a low-privileged attacker and can cause a hang or a crash (availability impact) in MySQL Server. The C...

6.5CVSS6.1AI score0.03264EPSS
CVE
CVE
added 2019/01/16 7:0 p.m.394 views

CVE-2019-2539

In the provided connected documents, CVE-2019-2539 is described as a vulnerability in the MySQL Server component (subcomponent: Server: Connection). Affected versions are 8.0.13 and prior. The flaw can be exploited by a highly privileged attacker with network access via multiple protocols to caus...

4.9CVSS4.8AI score0.02726EPSS
CVE
CVE
added 2017/02/03 7:0 p.m.392 views

CVE-2016-10165

CVE-2016-10165 targets Little CMS (lcms2). The Type_MLU_Read function in cmstypes.c may trigger an out-of-bounds heap read when processing a crafted ICC profile, potentially allowing information disclosure or denial of service. Connected IBM advisories confirm the vulnerability details for produc...

7.1CVSS7.9AI score0.02772EPSS
CVE
CVE
added 2019/01/16 7:0 p.m.392 views

CVE-2019-2420

CVE-2019-2420 is a vulnerability in the Oracle MySQL Server: Optimizer subcomponent. Affected products/versions include MySQL Server 5.7.24 and prior and 8.0.13 and prior; exploitation requires network access and high privileges, via multiple protocols, to cause a hang or frequent crash (DoS). Co...

4.9CVSS4.8AI score0.03144EPSS
CVE
CVE
added 2019/01/16 7:0 p.m.388 views

CVE-2019-2535

CVE-2019-2535 affects Oracle MySQL Server (subcomponent: Server: Options). From the public records, affected versions are 8.0.13 and prior. The vulnerability is described as difficult to exploit but can allow a high-privileged attacker who can log on to the host where MySQL Server runs to comprom...

4.1CVSS4.2AI score0.00407EPSS
CVE
CVE
added 2020/10/21 2:4 p.m.386 views

CVE-2020-14796

CVE-2020-14796 affects the Libraries component in Oracle Java SE/Java SE Embedded across multiple OpenJDK builds (e.g., Java-7u271? Java-8u261? Java-11.0.8? Java-15; Embedded 8u261). The vulnerability can be exploited by an unauthenticated attacker over network protocols, but exploitation require...

3.1CVSS3.2AI score0.02463EPSS
CVE
CVE
added 2019/01/16 7:0 p.m.384 views

CVE-2019-2532

CVE-2019-2532 affects Oracle MySQL Server, subcomponent Server: Security: Privileges. Affected: MySQL Server versions 5.7.24 and earlier, and 8.0.13 and earlier. Description states an easily exploitable, network-accessible vulnerability that can grant high privileges to an attacker and may cause ...

4.9CVSS4.8AI score0.03144EPSS
CVE
CVE
added 2020/10/21 2:4 p.m.382 views

CVE-2020-14792

CVE-2020-14792 is an Oracle Java OpenJDK vulnerability affecting Java SE and Embedded runtimes (Hotspot/Libraries components) with the root issue described as “Better range handling.” Affected versions include Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. The connected advisories...

5.8CVSS3.9AI score0.02203EPSS
CVE
CVE
added 2019/01/16 7:0 p.m.376 views

CVE-2019-2530

CVE-2019-2530 is a vulnerability in Oracle MySQL Server (Server: Optimizer). Affected are MySQL 8.0.13 and earlier. It allows a high-privileged attacker with network access to cause a hang or a frequent crash (DoS); CVSS 3.1 base score 4.9. Remediation in advisories (e.g., RHSA-2019:2511) is to u...

4.9CVSS4.8AI score0.0256EPSS
CVE
CVE
added 2019/01/16 7:0 p.m.372 views

CVE-2019-2533

CVE-2019-2533 affects Oracle MySQL Server (Server: Privileges) with affected versions up to 8.0.13. The vulnerability allows a low-privileged, networked attacker to compromise MySQL Server, potentially leading to unauthorized creation, deletion or modification of data or access to all data on the...

6.5CVSS5.7AI score0.01615EPSS
CVE
CVE
added 2019/01/16 7:0 p.m.369 views

CVE-2019-2536

CVE-2019-2536 affects the MySQL Server subcomponent “Server: Packaging” in Oracle MySQL. Affected versions are 8.0.13 and earlier. The vulnerability is described as difficult to exploit and requires a user with high privileges and user interaction, with the potential to cause a hang or a complete...

5CVSS4.8AI score0.00416EPSS
CVE
CVE
added 2020/10/21 2:4 p.m.369 views

CVE-2020-14797

CVE-2020-14797 affects Oracle/OpenJDK Java SE Libraries (path validation) across multiple Java versions. Connected sources indicate this vulnerability residing in the Libraries component with affected OpenJDK packages such as java-1.8.0-openjdk and related ALAS/Amazon advisories, listing path val...

4.3CVSS3.7AI score0.0217EPSS
CVE
CVE
added 2019/01/16 7:0 p.m.367 views

CVE-2019-2436

CVE-2019-2436 affects Oracle MySQL Server (subcomponent: Server: Replication). Affected: MySQL 8.0.13 and prior. Impact: high-privilege attacker with network access via multiple protocols can cause a hang or complete denial of service, and can also update/insert/delete some data. Remediation: upg...

5.5CVSS5.3AI score0.02091EPSS
CVE
CVE
added 2018/10/17 1:0 a.m.365 views

CVE-2018-3155

CVE-2018-3155 affects Oracle MySQL MySQL Server (Parser) component. Affects MySQL versions 5.7.23 and earlier and 8.0.12 and earlier. Attack requires network access from low-privilege user and can cause a hang or frequently repeatable crash (DoS) of MySQL Server; CVSSv3 base score 7.7 (HIGH), vec...

7.7CVSS6.1AI score0.03683EPSS
CVE
CVE
added 2019/11/28 12:27 a.m.363 views

CVE-2019-18276

CVE-2019-18276 affects GNU Bash up to 5.0 patch 11, where disable_priv_mode in shell.c incorrectly drops privileges when UID real != effective, leaving the saved UID intact. An attacker with shell command execution can use enable -f to load a new builtin (shared object) that calls setuid(), regai...

7.8CVSS7.5AI score0.02608EPSS
CVE
CVE
added 2018/10/17 1:0 a.m.352 views

CVE-2018-3278

CVE-2018-3278 affects Oracle MySQL Server (component: Server: RBR). Affected versions: 5.6.41 and prior; 5.7.23 and prior; 8.0.12 and prior. An attacker with network access via multiple protocols and high privileges can, per the description, cause a hang or a frequently repeatable crash (DOS). Th...

4.9CVSS5AI score0.03461EPSS
CVE
CVE
added 2018/10/17 1:0 a.m.348 views

CVE-2018-3144

CVE-2018-3144 affects Oracle MySQL Server: Security: Audit. Affected are MySQL Server versions 5.7.23 and earlier and 8.0.12 and earlier. The vulnerability can be exploited remotely with network access via multiple protocols by an unauthenticated attacker to cause a hang or crash (complete DOS). ...

5.9CVSS5.5AI score0.04445EPSS
CVE
CVE
added 2018/10/17 1:0 a.m.348 views

CVE-2018-3187

CVE-2018-3187 affects Oracle MySQL Server (subcomponent: Server: Optimizer). Affected versions: 5.7.23 and earlier; 8.0.12 and earlier. An attacker with network access via multiple protocols and high privileges can cause a hang or frequently reproducible crash (DoS) and may also gain unauthorized...

5.5CVSS5.5AI score0.02817EPSS
Total number of security vulnerabilities169