CVE-2017-15906

OpenSSH OpenSSH sftp-server.c contains a write-blocking flaw in readonly mode that can let an attacker create zero-length files. Specifically, the process_open function in sftp-server.c mishandles write operations when in read-only mode, affecting OpenSSH versions prior to 7.6. The vulnerability ...

CVE-2020-1927

CVE-2020-1927 affects Apache HTTP Server 2.4.0–2.4.41, where mod_rewrite redirects intended to be self-referential could be fooled by encoded newlines and redirect to an unexpected URL within the request. Multiple connected advisories confirm the issue and indicate that fixes were released in Apa...

CVE-2021-3156

CVE-2021-3156 is a heap-based buffer overflow in sudo that enables privilege escalation to root. The issue arises in the argument parsing path and is exploitable via commands using sudoedit -s with a trailing backslash, leading to memory corruption. Affected release information in the provided do...

CVE-2019-1559

OpenSSL vulnerability CVE-2019-1559 describes a padding-oracle weakness where, if an application encounters a fatal protocol error and then calls SSL_shutdown() twice (to send close_notify and to receive one), the server may respond differently to a 0-byte record with invalid padding versus inval...

CVE-2020-14621

CVE-2020-14621 details (connected data) : The vulnerability concerns Oracle Java SE/OpenJDK JAXP in Java SE/Embedded. Affected versions include Java SE: 7u261, 8u251, 11.0.7, 14.0.1; Java SE Embedded: 8u251. The issue is described as an easily exploitable flaw in the JAXP component that allows an...

CVE-2020-14779

CVE-2020-14779 affects Oracle Java SE SE/Embedded with Serialization and can enable an unauthenticated network-based attacker to cause partial denial of service. Affected versions include Java SE 7u271, 8u261, 11.0.8, 15 and Java SE Embedded 8u261; attack surface covers client and server deployme...

CVE-2021-23926

CVE-2021-23926 involves Apache XMLBeans up to 2.6.0, where XML parsers did not set necessary protections against malicious XML input, enabling an XML External Entity (XXE) attack and related.entity expansion concerns. The main impact cited is a potential denial of service or information disclosur...

CVE-2019-17069

PuTTY (SSH client) prior to version 0.73 is affected by CVE-2019-17069, which allows a remote SSH-1 server to cause a denial of service by accessing freed memory via an SSH1_MSG_DISCONNECT. Debian and openSUSE/Mageia advisories indicate updates to PuTTY (0.73 or newer; Debian notes 0.74) fix this...

CVE-2020-14002

PuTTY versions 0.68–0.73 have an observable discrepancy during algorithm negotiation that can leak information and enable MITM targeting the initial connection when no host key is cached. This is documented across multiple sources (DEBIAN/Mageia/Fedora advisories and Nessus plugin references) wit...

CVE-2017-7236

NetApp OnCommand Unified Manager Core Package 5.x is affected by CVE-2017-7236 (pre-5.2.2P1). The vulnerability is a SQL injection vulnerability that allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Affected component is the Core Package in OnCommand Unified Mana...

CVE-2017-7439

Affected software: NetApp OnCommand Unified Manager Core Package 5.x (pre-5.2.2P1). Vulnerability: Information disclosure due to error-message handling. Impact: Remote attackers could obtain sensitive information via vectors involving error messages. Root cause / notes: Documented as a vulnerabil...