Lucene search

K
NetappOncommand Unified Manager

169 matches found

CVE
CVE
added 2019/04/08 10:29 p.m.14196 views

CVE-2019-0211

In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually ro...

7.8CVSS7.2AI score0.85835EPSS
CVE
CVE
added 2017/06/20 1:29 a.m.7422 views

CVE-2017-3167

In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed.

9.8CVSS9.6AI score0.09049EPSS
CVE
CVE
added 2017/06/20 1:29 a.m.5998 views

CVE-2017-7668

The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or t...

7.5CVSS8.4AI score0.7189EPSS
CVE
CVE
added 2018/08/17 7:29 p.m.4794 views

CVE-2018-15473

OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.

5.3CVSS5.8AI score0.90473EPSS
CVE
CVE
added 2018/01/21 10:29 p.m.4034 views

CVE-2016-10708

sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c.

7.5CVSS5.9AI score0.01532EPSS
CVE
CVE
added 2019/04/08 9:29 p.m.3369 views

CVE-2019-0217

In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.

7.5CVSS7.5AI score0.34777EPSS
CVE
CVE
added 2017/07/13 4:29 p.m.3157 views

CVE-2017-9788

In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no '=' assignment could reflect the stale ...

9.1CVSS8.4AI score0.57147EPSS
CVE
CVE
added 2017/07/27 9:29 p.m.2200 views

CVE-2016-8743

Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-end ...

7.5CVSS7.7AI score0.10228EPSS
CVE
CVE
added 2010/08/05 1:23 p.m.1017 views

CVE-2010-1871

JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, does not properly sanitize inputs for JBoss Expression Language (EL) expressions, which allows remote attackers to execute arbitrary code via a crafted URL. NOTE: this is only a vulnerability when ...

8.8CVSS9.5AI score0.93853EPSS
CVE
CVE
added 2019/02/27 11:29 p.m.779 views

CVE-2019-1559

If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is receiv...

5.9CVSS6.3AI score0.04426EPSS
CVE
CVE
added 2018/05/16 4:29 p.m.757 views

CVE-2018-8014

The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable 'supportsCredentials' for all origins. It is expected that users of the CORS filter will have configured it appropriately for their e...

9.8CVSS8.6AI score0.53868EPSS
CVE
CVE
added 2016/04/21 11:0 a.m.659 views

CVE-2016-3427

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.

10CVSS6.8AI score0.93626EPSS
CVE
CVE
added 2019/09/16 7:15 p.m.610 views

CVE-2019-5482

Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.

9.8CVSS9.7AI score0.10791EPSS
CVE
CVE
added 2019/01/16 7:30 p.m.565 views

CVE-2019-2537

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to c...

4.9CVSS5.1AI score0.00125EPSS
CVE
CVE
added 2019/01/16 7:30 p.m.529 views

CVE-2019-2529

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols...

6.5CVSS6.2AI score0.00274EPSS
CVE
CVE
added 2017/05/23 4:29 a.m.510 views

CVE-2016-9841

inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.

9.8CVSS9.9AI score0.20848EPSS
CVE
CVE
added 2018/10/30 12:29 p.m.464 views

CVE-2018-0734

The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0....

5.9CVSS5.9AI score0.06051EPSS
CVE
CVE
added 2018/10/29 1:29 p.m.460 views

CVE-2018-0735

The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1).

5.9CVSS5.7AI score0.07042EPSS
CVE
CVE
added 2018/10/17 12:29 p.m.412 views

CVE-2018-10933

A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access.

9.1CVSS8.5AI score0.79855EPSS
CVE
CVE
added 2019/01/16 7:30 p.m.384 views

CVE-2019-2481

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocol...

4.9CVSS4.8AI score0.00069EPSS
CVE
CVE
added 2018/10/17 1:31 a.m.373 views

CVE-2018-3133

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via mul...

6.5CVSS6.3AI score0.00399EPSS
CVE
CVE
added 2019/01/16 7:30 p.m.371 views

CVE-2019-2422

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to co...

3.1CVSS2.4AI score0.00128EPSS
CVE
CVE
added 2019/01/16 7:30 p.m.371 views

CVE-2019-2534

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protoco...

7.1CVSS6.4AI score0.00278EPSS
CVE
CVE
added 2018/10/17 1:31 a.m.368 views

CVE-2018-3156

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to comprom...

6.5CVSS6.9AI score0.00336EPSS
CVE
CVE
added 2018/10/17 1:31 a.m.368 views

CVE-2018-3251

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to comprom...

6.5CVSS6.9AI score0.00239EPSS
CVE
CVE
added 2018/10/17 1:31 a.m.366 views

CVE-2018-3143

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to comprom...

6.5CVSS6.9AI score0.00336EPSS
CVE
CVE
added 2020/10/21 3:15 p.m.364 views

CVE-2020-14803

Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 11.0.8 and 15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of th...

5.3CVSS4.4AI score0.00046EPSS
CVE
CVE
added 2019/01/16 7:30 p.m.360 views

CVE-2019-2531

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protoc...

4.9CVSS4.8AI score0.00109EPSS
CVE
CVE
added 2020/10/21 3:15 p.m.355 views

CVE-2020-14798

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multipl...

3.1CVSS3.4AI score0.00247EPSS
CVE
CVE
added 2018/10/17 1:31 a.m.345 views

CVE-2018-3185

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server....

5.5CVSS5.5AI score0.00109EPSS
CVE
CVE
added 2018/05/16 5:29 p.m.325 views

CVE-2018-11212

An issue was discovered in libjpeg 9a and 9d. The alloc_sarray function in jmemmgr.c allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted file.

6.5CVSS6.2AI score0.00426EPSS
CVE
CVE
added 2019/11/28 1:15 a.m.321 views

CVE-2019-18276

An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is run with its effective UID not equal to its real UID, it will drop privileges by setting its effective UID to its real UID. However, it does so incorrectly. On Linux and other systems th...

7.8CVSS7.5AI score0.40022EPSS
CVE
CVE
added 2018/07/18 1:29 p.m.318 views

CVE-2018-2952

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171; JRockit: R28.3.18. Difficult to exploit vulnerability allows unauthenticated at...

4.3CVSS4AI score0.00042EPSS
CVE
CVE
added 2020/10/21 3:15 p.m.312 views

CVE-2020-14796

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multipl...

3.1CVSS3.2AI score0.0013EPSS
CVE
CVE
added 2020/10/21 3:15 p.m.308 views

CVE-2020-14792

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple ...

5.8CVSS3.9AI score0.00183EPSS
CVE
CVE
added 2019/01/16 7:30 p.m.305 views

CVE-2019-2539

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Connection). Supported versions that are affected are 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successf...

4.9CVSS4.8AI score0.00247EPSS
CVE
CVE
added 2019/01/16 7:30 p.m.300 views

CVE-2019-2434

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL ...

6.5CVSS6.1AI score0.00737EPSS
CVE
CVE
added 2017/08/07 8:29 p.m.299 views

CVE-2015-7871

Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication.

9.8CVSS9.3AI score0.84001EPSS
CVE
CVE
added 2019/01/16 7:30 p.m.299 views

CVE-2019-2420

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise My...

4.9CVSS4.8AI score0.00418EPSS
CVE
CVE
added 2019/01/16 7:30 p.m.295 views

CVE-2019-2535

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are 8.0.13 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL...

4.1CVSS4.2AI score0.00177EPSS
CVE
CVE
added 2020/10/21 3:15 p.m.295 views

CVE-2020-14797

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multipl...

4.3CVSS3.7AI score0.00174EPSS
CVE
CVE
added 2019/01/16 7:30 p.m.293 views

CVE-2019-2532

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to co...

4.9CVSS4.8AI score0.00266EPSS
CVE
CVE
added 2019/01/16 7:30 p.m.282 views

CVE-2019-2530

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successfu...

4.9CVSS4.8AI score0.00247EPSS
CVE
CVE
added 2019/01/16 7:30 p.m.281 views

CVE-2019-2533

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Serve...

6.5CVSS5.7AI score0.00352EPSS
CVE
CVE
added 2018/10/17 1:31 a.m.278 views

CVE-2018-3155

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL ...

7.7CVSS6.1AI score0.00737EPSS
CVE
CVE
added 2019/01/16 7:30 p.m.278 views

CVE-2019-2536

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 8.0.13 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MyS...

5CVSS4.8AI score0.00241EPSS
CVE
CVE
added 2019/01/16 7:30 p.m.277 views

CVE-2019-2436

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Success...

5.5CVSS5.3AI score0.00369EPSS
CVE
CVE
added 2018/06/26 4:29 p.m.269 views

CVE-2017-7657

In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as...

9.8CVSS9.1AI score0.0484EPSS
CVE
CVE
added 2018/10/17 1:31 a.m.266 views

CVE-2018-3278

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: RBR). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to c...

4.9CVSS5AI score0.00079EPSS
CVE
CVE
added 2018/10/17 1:31 a.m.265 views

CVE-2018-3144

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Audit). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compr...

5.9CVSS5.5AI score0.00564EPSS
Total number of security vulnerabilities169