Lucene search
K
NetappOncommand Unified Manager

169 matches found

CVE
CVE
added 2018/10/17 1:0 a.m.348 views

CVE-2018-3283

CVE-2018-3283 is mapped to Oracle MySQL Server: Logging vulnerability. Connected Red Hat entry RHSA-2018:3655 confirms affected components and notes that affected MySQL server components require a security update; remediation is provided via updated MySQL packages (e.g., for the RHSA advisory, up...

4.4CVSS4.5AI score0.02453EPSS
CVE
CVE
added 2018/10/17 1:0 a.m.340 views

CVE-2018-3276

CVE-2018-3276 affects the Oracle MySQL Server component (subcomponent: Server: Memcached). Affected are MySQL versions 5.6.41 and prior, 5.7.23 and prior, and 8.0.12 and prior. The vulnerability allows a high-privilege attacker with network access via multiple protocols to compromise the MySQL Se...

4.9CVSS5AI score0.03558EPSS
CVE
CVE
added 2018/10/17 1:0 a.m.339 views

CVE-2018-3203

CVE-2018-3203 affects Oracle MySQL Server (Server: Optimizer). A vulnerability in the Server: Optimizer could be exploited by a low-privilege, network-accessible attacker to cause a hang or frequent, repeatable crashes (DoS). Affected are MySQL Server versions up to 8.0.12 and earlier. The initia...

6.5CVSS6.2AI score0.02189EPSS
CVE
CVE
added 2018/10/17 1:0 a.m.339 views

CVE-2018-3212

CVE-2018-3212 affects Oracle MySQL Server, subcomponent Server: Information Schema. Affected versions are 8.0.12 and prior. An attacker with network access and high privileges can cause a denial of service via hang or crash of the MySQL Server. Connected Fedora notices indicate this CVE was fixed...

4.9CVSS5AI score0.02377EPSS
CVE
CVE
added 2018/10/17 1:0 a.m.338 views

CVE-2018-3247

CVE-2018-3247 affects Oracle MySQL Server, subcomponent Server: Merge. Affected versions are MySQL 5.6.41 and earlier, 5.7.23 and earlier, and 8.0.12 and earlier. The vulnerability can be exploited by a high-privilege attacker with network access via multiple protocols to cause a hang or frequent...

5.5CVSS5.5AI score0.02817EPSS
CVE
CVE
added 2019/01/16 7:0 p.m.338 views

CVE-2019-2502

CVE-2019-2502 affects Oracle MySQL Server (InnoDB). Affected versions are 8.0.13 and earlier. The vulnerability can be exploited by a high-privilege attacker with network access via multiple protocols to cause a hang or frequent crash (DoS) of MySQL Server. The provided documents do not include e...

4.9CVSS4.8AI score0.0256EPSS
CVE
CVE
added 2018/10/17 1:0 a.m.334 views

CVE-2018-3145

CVE-2018-3145 affects Oracle MySQL Server (Server: Parser) with impact on availability. Affected: MySQL Server 8.0.12 and earlier; vulnerability allows a low-privilege, network-accessible attacker to trigger a hang or frequent crash (DoS) via multiple protocols. CVSS 3.0 base score 6.5 (AV:N/AC:L...

6.5CVSS6.2AI score0.02468EPSS
CVE
CVE
added 2019/01/16 7:0 p.m.334 views

CVE-2019-2513

CVE-2019-2513 affects Oracle MySQL Server Shell in MySQL 8.0.13 and earlier. A low-privilege, locally authenticated attacker who can log on to the infrastructure where MySQL Server runs can compromise the server, with successful attacks enabling read access to a subset of data. The vulnerability ...

2.5CVSS3AI score0.00419EPSS
CVE
CVE
added 2018/10/17 1:0 a.m.332 views

CVE-2018-3137

CVE-2018-3137 : In Oracle MySQL, the MySQL Server component (Server: Optimizer) is affected. Affected versions are 8.0.12 and earlier. An attacker with network access via multiple protocols and low privileges can remotely cause the server to hang or crash (denial of service). CVSS v3.1 base score...

6.5CVSS6.2AI score0.02189EPSS
CVE
CVE
added 2018/10/17 1:0 a.m.330 views

CVE-2018-3285

CVE-2018-3285 is a vulnerability in the MySQL Server component of Oracle MySQL (Server: Windows). Affected versions are 8.0.12 and prior. It allows a high-privileged attacker with network access via multiple protocols to cause a hang or a frequently repeating crash (complete DOS) of MySQL Server....

4.9CVSS4.8AI score0.02108EPSS
CVE
CVE
added 2017/08/07 8:0 p.m.325 views

CVE-2015-7871

CVE-2015-7871 is an authentication-bypass vulnerability in ntpd caused by handling of crypto-NAK packets. A remote, unauthenticated attacker could force ntpd to peer with attacker-controlled time sources, bypassing authentication and potentially tampering time data. Affected series include NTP 4....

9.8CVSS9.3AI score0.81762EPSS
CVE
CVE
added 2018/10/17 1:0 a.m.325 views

CVE-2018-3280

CVE-2018-3280 affects the MySQL Server component (Server: JSON) of Oracle MySQL. Affected products/versions: MySQL 8.0.12 and earlier. The vulnerability allows a highly privileged attacker who can access the server over multiple network protocols to cause a hang or a frequent, repeatable crash of...

4.9CVSS4.8AI score0.02108EPSS
CVE
CVE
added 2018/10/17 1:0 a.m.320 views

CVE-2018-3286

CVE-2018-3286 affects Oracle MySQL Server (Server: Security: Privileges). Affected: MySQL 8.0.12 and earlier. Description from multiple sources: vulnerability allows a low-privileged, network-accessing attacker to modify data in MySQL Server through various protocols, with impact described as una...

4.3CVSS4AI score0.01423EPSS
CVE
CVE
added 2019/01/16 7:0 p.m.319 views

CVE-2019-2426

CVE-2019-2426 affects Oracle Java SE Networking. Affected: Java SE 7u201, 8u192, 11.0.1; Java SE Embedded 8u191. Attack requires network access and can lead to unauthorized read access to a subset of Java SE data. Root cause: vulnerability in the Java SE Networking component that can be exploited...

4.3CVSS4.2AI score0.02575EPSS
CVE
CVE
added 2018/07/18 1:0 p.m.317 views

CVE-2018-2973

CVE-2018-2973 is an Oracle Java SE/JSSE vulnerability affecting Java SE: 6u191, 7u181, 8u172, 10.0.1 and Java SE Embedded: 8u171. It can be exploited over the network with SSL/TLS by an unauthenticated attacker to cause unauthorized data modifications (integrity impact). Affected deployments load...

5.9CVSS6.2AI score0.04676EPSS
CVE
CVE
added 2018/06/26 4:0 p.m.316 views

CVE-2017-7657

CVE-2017-7657 affects Eclipse Jetty: transfer-encoding chunk size parsing could overflow an integer, causing large chunks to be treated as smaller ones and enabling a fake pipelined request that bypasses intermediary authorization. Affected versions include Jetty 9.2.x and older, 9.3.x (all confi...

9.8CVSS9.1AI score0.16154EPSS
CVE
CVE
added 2018/10/17 1:0 a.m.315 views

CVE-2018-3170

CVE-2018-3170 affects Oracle MySQL Server (Server: DDL). Affected: MySQL 8.0.12 and earlier. Description from multiple sources confirms a high-privilege attacker with network access via multiple protocols can cause a hang or complete denial of service (DOS) on MySQL Server. Several connected advi...

4.9CVSS4.9AI score0.02108EPSS
CVE
CVE
added 2018/10/17 1:0 a.m.315 views

CVE-2018-3279

CVE-2018-3279 affects Oracle MySQL Server (subcomponent: Server: Security: Roles). Affected versions are 8.0.12 and earlier. The vulnerability allows a high-privileged attacker with network access via multiple protocols to cause a hang or frequent crash (DoS) of MySQL Server. CVSS 3.0 base score ...

4.9CVSS4.9AI score0.02108EPSS
CVE
CVE
added 2018/10/17 1:0 a.m.312 views

CVE-2018-3195

CVE-2018-3195 affects Oracle MySQL Server, specifically the Server: DDL subcomponent. The connected advisory for this CVE confirms affected versions are 8.0.12 and prior. The vulnerability can be exploited by a high-privileged attacker who can access the server over multiple network protocols, an...

5.5CVSS5.4AI score0.01792EPSS
CVE
CVE
added 2018/07/18 1:0 p.m.311 views

CVE-2018-2938

CVE-2018-2938 concerns a vulnerability in the Java SE component of Oracle Java SE (subcomponent: Java DB). Affected versions are Java SE: 6u191, 7u181, and 8u172. The vulnerability is described as difficult to exploit but capable of allowing an unauthenticated attacker with network access via mul...

9CVSS6.8AI score0.01944EPSS
CVE
CVE
added 2018/10/17 1:0 a.m.308 views

CVE-2018-3186

CVE-2018-3186 affects Oracle MySQL Server (Server: Optimizer) prior to or including 8.0.12. An attacker with high privileges and network access via multiple protocols can cause a hang or crash (DoS) in MySQL Server. The provided documents specify the vulnerable component and impact but do not inc...

4.9CVSS4.9AI score0.02108EPSS
CVE
CVE
added 2018/10/17 1:0 a.m.306 views

CVE-2018-3182

CVE-2018-3182 affects the MySQL Server component (Server: DML). Affected versions are 8.0.12 and prior. An attacker with network access and low privileges via multiple protocols can cause the MySQL Server to hang or crash (DoS). CVSS 3.0 base score is 6.5 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Th...

6.5CVSS6.1AI score0.02189EPSS
CVE
CVE
added 2017/11/13 10:0 p.m.305 views

CVE-2016-8610

CVE-2016-8610 is a denial-of-service flaw in OpenSSL affecting TLS/SSL alert packet processing during handshakes. The issue exists in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0, enabling a remote attacker to cause high CPU usage and denial of service by sending many alert messages. Con...

7.5CVSS7.4AI score0.39657EPSS
CVE
CVE
added 2017/10/19 5:0 p.m.300 views

CVE-2017-10355

CVE-2017-10355 is documented across multiple openJDK/OpenJDK-derived advisories (CentOS, Debian, Amazon, IBM, etc.) as a networking vulnerability in the FtpClient component of OpenJDK’s Java SE/Java SE Embedded. Technical details in connected sources specify that the FtpClient did not set default...

5.3CVSS5.3AI score0.16181EPSS
CVE
CVE
added 2018/07/18 1:0 p.m.297 views

CVE-2018-2940

CVE-2018-2940 affects Oracle Java SE and Java SE Embedded Libraries. Affected: Java SE 6u191, 7u181, 8u172, 10.0.1; Java SE Embedded 8u171. Underlying issue in the Libraries component allows an unauthenticated, network-accessible attacker to read data from Java deployments that load untrusted cod...

4.3CVSS4.2AI score0.03146EPSS
CVE
CVE
added 2018/04/19 2:0 a.m.291 views

CVE-2018-2813

CVE-2018-2813 is reported in the F5 AWS advisory as a MySQL Server (subcomponent: Server: DDL) vulnerability. Affected are Oracle MySQL/MariaDB lineage versions 5.5.59 and prior, 5.6.39 and prior, and 5.7.21 and prior. The issue: a low-privileged attacker with network access can compromise MySQL ...

4.3CVSS4.2AI score0.02568EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.263 views

CVE-2017-10102

CVE-2017-10102 is a remotely exploitable issue in Oracle Java SE and Java SE Embedded (RMI subcomponent) affecting Java SE 6u151, 7u141, 8u131 and Java SE Embedded 8u131. A remote attacker could compromise the target via API data handling over network access, potentially taking over the Java runt...

9CVSS8.7AI score0.02971EPSS
CVE
CVE
added 2017/10/19 5:0 p.m.263 views

CVE-2017-10345

CVE-2017-10345 affects Oracle Java SE/Embedded/JRockit serialization. The vulnerability allows an unauthenticated attacker with network access to compromise the target, potentially causing a partial denial of service; exploitation is difficult and may require human interaction. Affected versions ...

3.1CVSS4.2AI score0.02442EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.261 views

CVE-2017-10115

CVE-2017-10115 is a covert timing-channel vulnerability in the DSA implementation of the JCE in OpenJDK/OpenJRE/JRockit, affecting Java SE 6u151, 7u141, 8u131 and related packages (e.g., OpenJDK 7 on Debian/Ubuntu, RHEL/CentOS, Arch Linux advisories). A remote attacker could potentially exploit t...

7.5CVSS7.2AI score0.02737EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.261 views

CVE-2017-10135

CVE-2017-10135 is a timing-channel vulnerability in the PKCS#8 implementation of the JCE component of OpenJDK/OpenJDK-derived JREs. Public sources in the dataset describe it as a covert timing channel flaw that could enable a remote attacker to glean information about the private key via timing a...

5.9CVSS5.9AI score0.02598EPSS
CVE
CVE
added 2017/10/19 5:0 p.m.260 views

CVE-2017-10268

CVE-2017-10268 affects Oracle MySQL Server (Server: Replication) with affected versions 5.5.57 and earlier, 5.6.37 and earlier, and 5.7.19 and earlier. The vulnerability allows a high-privilege attacker with logon to the infrastructure where MySQL Server executes to compromise the server, potenti...

4.1CVSS4.2AI score0.00697EPSS
CVE
CVE
added 2017/10/19 5:0 p.m.260 views

CVE-2017-10356

CVE-2017-10356 affects OpenJDK/OpenJDK Security component. The root cause is weak password-based encryption keys used to protect private keys stored in keystores, enabling an unauthenticated attacker with sufficient access to compromise protected data. Affected: Java SE components (OpenJDK/OpenJD...

6.2CVSS6.5AI score0.00754EPSS
CVE
CVE
added 2017/10/19 5:0 p.m.259 views

CVE-2017-10281

CVE-2017-10281 affects Oracle/OpenJDK components (Java SE, Java SE Embedded, JRockit) with the Serialization subcomponent. The vulnerability is exploitable remotely via network protocols and can be triggered by sandboxed Web Start/Applet use or by supplying data to APIs, potentially causing parti...

5.3CVSS5.3AI score0.03305EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.258 views

CVE-2017-10087

CVE-2017-10087 is a vulnerability in Oracle Java SE/Java SE Embedded Libraries affecting Java SE 6u151, 7u141, and 8u131, and Java SE Embedded 8u131. The issue is an access-control bypass in the Libraries component that could allow a network-facilitated, unauthenticated attacker to take control o...

9.6CVSS9AI score0.02555EPSS
CVE
CVE
added 2017/10/19 5:0 p.m.258 views

CVE-2017-10295

CVE-2017-10295 affects OpenJDK (Java SE/Java SE Embedded) Networking: HttpURLConnection/HttpsURLConnection failed to detect newline characters in URLs, enabling potential HTTP header injection via attacker-provided URLs. Public notices in connected docs show affected package openjdk-7/openjdk-8 w...

4.3CVSS5.1AI score0.02199EPSS
CVE
CVE
added 2017/10/19 5:0 p.m.256 views

CVE-2017-10350

CVE-2017-10350 is an OpenJDK/Oracle Java SE vulnerability in the JAX-WS subcomponent that could allow an unauthenticated network attacker to cause a partial denial of service in Java SE/Java SE Embedded deployments (clients loading untrusted code in sandbox). Affected versions per initial descrip...

5.3CVSS5.4AI score0.03305EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.255 views

CVE-2017-10116

CVE-2017-10116 affects Oracle Java SE / Java SE Embedded / JRockit (OpenJDK-related vulnerabilities also reflected in various advisories). The vulnerability arises in the Security component’s LDAPCertStore where LDAP referrals to arbitrary URLs could be used by an unauthenticated network attacker...

8.3CVSS8.5AI score0.03524EPSS
CVE
CVE
added 2017/10/19 5:0 p.m.253 views

CVE-2017-10388

CVE-2017-10388 affects the OpenJDK Kerberos client: the sname field from the plain-text KDC reply was used instead of the encrypted part, enabling a potential MITM impersonation of Kerberos services for Java applications acting as Kerberos clients. This vulnerability is documented across multiple...

7.5CVSS7.7AI score0.03206EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.251 views

CVE-2017-10067

CVE-2017-10067 affects Java SE Security in OpenJDK (targets: Java 6u151, 7u141, 8u131). The vulnerability allows a network-accessing, unauthenticated attacker to take control of the Java runtime via multiple protocols; exploitation requires user interaction. Impact aligns with the CVSS 3.0 base s...

7.5CVSS7.9AI score0.03236EPSS
CVE
CVE
added 2018/05/11 8:0 p.m.251 views

CVE-2018-1258

CVE-2018-1258 affects Spring Framework 5.0.5 when used with any Spring Security version, enabling an authorization bypass for method security. An unauthorized user could access restricted methods. The connected advisory from F5 reiterates the same vulnerability description and lists affected prod...

8.8CVSS9AI score0.02427EPSS
CVE
CVE
added 2017/10/19 5:0 p.m.250 views

CVE-2017-10348

CVE-2017-10348 affects OpenJDK/OpenJDK-derived Java SE/Embedded libraries. The vulnerability, exploitable over the network by unauthenticated attackers, can lead to a partial denial of service on Java SE and Java SE Embedded. Public details in the provided materials indicate affected versions var...

5.3CVSS5.4AI score0.03305EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.246 views

CVE-2017-10090

CVE-2017-10090 affects Oracle/OpenJDK libraries (Java SE and Java SE Embedded). The connected documents confirm affected components and versions (Java SE: 7u141, 8u131; Java SE Embedded: 8u131) and describe the root cause as gaps in the Libraries/RMI-related areas that can bypass sandbox restrict...

9.6CVSS9AI score0.02555EPSS
CVE
CVE
added 2017/10/19 5:0 p.m.245 views

CVE-2017-10346

CVE-2017-10346 is an OpenJDK/Java SE vulnerability affecting multiple OpenJDK components (Hotspot, OpenJDK sandboxes) across affected Java versions (OpenJDK6/7/8/9 in various advisories). The public records in connected documents indicate the issue includes bypassing Java sandbox restrictions via...

9.6CVSS9.1AI score0.02962EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.243 views

CVE-2017-10243

CVE-2017-10243 affects Oracle Java SE, Java SE Embedded, and JRockit (JAX-WS subcomponent). Affected: Java SE 6u151, 7u141, 8u131; Java SE Embedded 8u131; JRockit R28.3.14. Exploitation: unauthenticated attacker with network access via multiple protocols can read a subset of data and cause a part...

6.5CVSS5.9AI score0.02862EPSS
CVE
CVE
added 2017/10/19 5:0 p.m.243 views

CVE-2017-10285

CVE-2017-10285 is confirmed to affect Oracle/OpenJDK Java SE and Java SE Embedded, specifically the RMI (Remote Method Invocation) component. The vulnerability allows an unauthenticated attacker with network access via multiple protocols to compromise Java SE/Embedded, with exploitation described...

9.6CVSS9AI score0.03143EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.241 views

CVE-2017-10081

CVE-2017-10081 is a Sandbox/Access-Restriction bypass in the Hotspot component of OpenJDK. Affected Java runtimes include Java SE 6u151, 7u141, and 8u131 (Java SE Embedded 8u131). Several connected advisories note this as part of a broader OpenJDK set of issues (RMI, JAXP, ImageIO, Libraries, AWT...

4.3CVSS4.5AI score0.0222EPSS
CVE
CVE
added 2017/10/19 5:0 p.m.241 views

CVE-2017-10378

CVE-2017-10378 affects the MySQL Server component (Server: Optimizer) with affected versions 5.5.57 and earlier, 5.6.37 and earlier, and 5.7.11 and earlier. The vulnerability is exploitable remotely over multiple protocols by a low-privilege user and can cause the MySQL Server to hang or crash (D...

6.5CVSS6.2AI score0.03237EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.240 views

CVE-2017-10109

CVE-2017-10109 concerns a serialization flaw in Oracle/OpenJDK Java SE components (Java SE, Java SE Embedded, JRockit). The vulnerability, tied to the Serialization subcomponent, can allow an unauthenticated, network-scoped attacker to trigger a denial of service (partial DoS) by loading untruste...

5.3CVSS5.4AI score0.03114EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.238 views

CVE-2017-10096

CVE-2017-10096 – OpenJDK/JAXP vulnerability (CWE-style) shows a flaw in the Java SE/Java SE Embedded stack, specifically the JAXP component. Affected are Oracle Java SE versions 6u151, 7u141, 8u131 and Java SE Embedded 8u131. The vulnerability can allow an unauthenticated attacker with network ac...

9.6CVSS9.1AI score0.02555EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.238 views

CVE-2017-10101

CVE-2017-10101 is a concrete OpenJDK/OpenJDK JAXP vulnerability. Affected: Java SE (6u151, 7u141, 8u131) and Java SE Embedded (8u131). Issue: untrusted code loaded in sandboxed deployments can bypass protections and lead to full takeover of Java SE/Embedded via JAXP. Exploitation is network-based...

9.6CVSS9AI score0.02555EPSS
Total number of security vulnerabilities169