Lucene search
K
NetappOncommand Workflow Automation

743 matches found

CVE
CVE
added 2024/03/10 12:0 a.m.8333 views

CVE-2024-28757

The CVE-2024-28757 entry concerns libexpat up to version 2.6.1, where XML External Entity (XXE) processing can be triggered when isolated external parsers are used (XML_ExternalEntityParserCreate). The impact is denial of service or resource exhaustion (availability impact: HIGH) with CVSS v3.1 b...

7.5CVSS7.4AI score0.02006EPSS
CVE
CVE
added 2022/03/25 12:0 a.m.3243 views

CVE-2018-25032

CVE-2018-25032 affects zlib prior to 1.2.12 and causes memory corruption during deflate when the input contains many distant matches. The linked Astra Linux advisory reiterates the zlib memory corruption in zlib before 1.2.12, and multiple Mariner/CBL advisories show affected packages (e.g., teck...

7.5CVSS8.1AI score0.51733EPSS
CVE
CVE
added 2023/09/14 2:48 p.m.2734 views

CVE-2023-1108

CVE-2023-1108 affects Undertow within Red Hat JBoss EAP 7.3.x (SSLConduit) where an infinite loop on close can cause DoS. Connected RHSA-2025-9583 confirms the issue and indicates a fix in the eap-7.3.z line (Patched Undertow). Remediation is to upgrade to the patched EAP 7.3.x release (eap-7.3.z...

7.5CVSS7.3AI score0.01771EPSS
CVE
CVE
added 2021/02/16 4:55 p.m.2008 views

CVE-2021-23841

CVE-2021-23841 is described in connected advisories as a NULL pointer dereference in OpenSSL’s X509_issuer_and_serial_hash() when parsing the issuer field. This can crash a process if certificates from untrusted sources are processed and the issuer parsing fails, enabling a potential denial of se...

5.9CVSS7AI score0.07471EPSS
CVE
CVE
added 2018/08/22 1:0 p.m.1782 views

CVE-2018-11776

The CVE-2018-11776 issue affects Apache Struts 2.x versions 2.3–2.3.34 and 2.5–2.5.16. The underlying condition is when alwaysSelectFullNamespace is true and a result or url tag lacks a namespace/value, and the upper namespace/action configuration also has no or a wildcard namespace, allowing rem...

9.3CVSS8.4AI score0.99993EPSS
In wild
CVE
CVE
added 2017/10/03 3:0 p.m.1592 views

CVE-2017-12617

CVE-2017-12617 concerns Apache Tomcat JSP upload via HTTP PUT when readonly=false and PUTs are allowed. Affected: Tomcat 7.x/8.x/9.x (various 7.0.0–7.0.81, 8.0.0.RC1–8.0.46, 8.5.0–8.5.22, 9.0.0.M1–9.0.0) with PUT enabled. Root cause: PUT request handling allowed uploading a JSP, enabling remote c...

8.1CVSS7.5AI score0.99988EPSS
In wildWeb
CVE
CVE
added 2022/05/03 3:15 p.m.1277 views

CVE-2022-1292

CVE-2022-1292 describes a command-injection risk in the OpenSSL c_rehash script due to improper sanitization of shell metacharacters. The issue can allow local attackers to run arbitrary commands with the script’s privileges on systems where c_rehash runs automatically. Fixes are published in Ope...

10CVSS9AI score0.83223EPSS
CVE
CVE
added 2022/04/19 8:37 p.m.1271 views

CVE-2022-21449

CVE-2022-21449 affects Oracle Java SE Libraries (Oracle Java SE 17.0.2, 18) and GraalVM Enterprise Edition (21.3.1, 22.0.0.2). It enables unauthenticated, network‑accessible attackers to compromise data integrity — potentially unauthorized creation, deletion or modification of data in affected Or...

7.5CVSS6.9AI score0.46677EPSS
CVE
CVE
added 2022/08/05 12:0 a.m.1220 views

CVE-2022-37434

CVE-2022-37434 describes a heap-based buffer over-read/overflow in zlib’s inflate() (inflate.c) when handling a large gzip header extra field. The vulnerability is limited to code paths that call inflateGetHeader, and is fixed in subsequent zlib revisions. Connected advisories indicate affected e...

9.8CVSS9.9AI score0.1593EPSS
CVE
CVE
added 2020/12/08 3:30 p.m.1189 views

CVE-2020-1971

CVE-2020-1971 is described across multiple connected sources as a NULL-dereference in OpenSSL’s GENERAL_NAME_cmp when EDIPARTYNAME is present, potentially enabling a denial-of-service crash. Affected OpenSSL versions include all 1.1.1 and 1.0.2 lines; fixes are published in OpenSSL 1.1.1i and Ope...

5.9CVSS5.7AI score0.06968EPSS
CVE
CVE
added 2017/05/23 3:56 a.m.1141 views

CVE-2016-9843

CVE-2016-9843 concerns zlib 1.2.8 and its crc32_big implementation (big-endian CRC calculation). Connected docs show affected packages: FLTK builds for zlib before 1.3.8-1 in CBLMariner, and Cloud Foundry/ALAS advisories link multiple zlib-related CVEs with remediation guidance. The FLTK note sta...

9.8CVSS9.9AI score0.0595EPSS
CVE
CVE
added 2023/10/18 3:52 a.m.1130 views

CVE-2023-38545

CVE-2023-38545 is a heap-based buffer overflow in curl/libcurl during SOCKS5 proxy hostname handling. When a long host name (over 255 bytes) is passed for proxy resolution, curl may copy the full hostname into the target buffer due to a race in a slow handshake, enabling arbitrary code execution....

9.8CVSS9.4AI score0.78483EPSS
CVE
CVE
added 2019/12/20 4:1 p.m.1125 views

CVE-2019-17571

CVE-2019-17571 affects the Apache Log4j 1.x SocketServer: it deserializes serialized log events from untrusted network input without proper whitelisting, enabling remote code execution when combined with a deserialization gadget. Affected are Log4j 1.2 up to 1.2.17; exploitation hinges on receivi...

9.8CVSS8.8AI score0.6906EPSS
CVE
CVE
added 2018/07/18 1:0 p.m.966 views

CVE-2018-3063

CVE-2018-3063 is a MySQL/MariaDB Server vulnerability in the Privileges subcomponent. Affected products include MySQL/MariaDB Server versions up to 5.5.60 and earlier. The vulnerability is exploitable by a high-privileged attacker with network access via multiple protocols and can lead to a hang ...

4.9CVSS5AI score0.03213EPSS
CVE
CVE
added 2019/02/27 11:0 p.m.920 views

CVE-2019-1559

OpenSSL vulnerability CVE-2019-1559 describes a padding-oracle weakness where, if an application encounters a fatal protocol error and then calls SSL_shutdown() twice (to send close_notify and to receive one), the server may respond differently to a 0-byte record with invalid padding versus inval...

5.9CVSS6.3AI score0.17139EPSS
CVE
CVE
added 2020/01/15 4:34 p.m.917 views

CVE-2020-2574

CVE-2020-2574 affects the Oracle MySQL Client (C API). Affected: MySQL Client in Oracle MySQL releases 5.6.46 and earlier, 5.7.28 and earlier, and 8.0.18 and earlier. Description in the sources: vulnerability allows an unauthenticated attacker with network access via multiple protocols to cause a...

5.9CVSS5.6AI score0.03485EPSS
CVE
CVE
added 2022/04/25 12:0 a.m.903 views

CVE-2022-23457

CVE-2022-23457 affects ESAPI (OWASP Enterprise Security API) Java legacy. The default implementation of Validator.getValidDirectoryPath(String, String, File, boolean) before version 2.3.0.0 may treat the input string as a child of the specified parent directory, potentially bypassing control-flow...

9.8CVSS8.6AI score0.02674EPSS
CVE
CVE
added 2018/05/16 4:0 p.m.872 views

CVE-2018-8014

CVE-2018-8014 affects the default configuration of Tomcat’s CORS filter, where default settings enable supportsCredentials for all origins across multiple releases (9.0.0.M1–9.0.8, 8.5.0–8.5.31, 8.0.0.RC1–8.0.52, 7.0.41–7.0.88). The issue is that environments relying on the default CORS configura...

9.8CVSS8.6AI score0.21979EPSS
CVE
CVE
added 2022/03/11 12:0 a.m.844 views

CVE-2020-36518

CVE-2020-36518 affects jackson-databind prior to 2.13.0, enabling a Java StackOverflow and DoS via excessive nesting depth. In affected advisories, remediation is to upgrade jackson-databind to 2.13.0+ (examples show 2.13.x or newer such as 2.13.4.2 in Crowd/CWD references). Practical impact is d...

7.5CVSS7.4AI score0.0486EPSS
CVE
CVE
added 2022/04/27 12:0 a.m.820 views

CVE-2022-24891

CVE-2022-24891 affects ESAPI (antisamy-esapi.xml) where an incorrect regular expression for onsiteURL could allow JavaScript: URLs to escape proper sanitization. The issue is fixed in ESAPI 2.3.0.0; workaround is to manually edit antisamy-esapi.xml to adjust the onsiteURL regex. Connected sources...

6.1CVSS5.7AI score0.01632EPSS
CVE
CVE
added 2021/03/25 2:25 p.m.813 views

CVE-2021-3449

CVE-2021-3449 affects OpenSSL 1.1.1.x where a TLSv1.2 server may crash (DoS) if it receives a renegotiation ClientHello that omits the signature_algorithms extension but includes signature_algorithms_cert. The issue is a NULL pointer dereference leading to a denial of service; OpenSSL clients are...

5.9CVSS6.7AI score0.62906EPSS
CVE
CVE
added 2022/10/02 12:0 a.m.812 views

CVE-2022-42003

The CVE-2022-42003 issue affects FasterXML jackson-databind, where enabling UNWRAP_SINGLE_VALUE_ARRAYS allows resource exhaustion due to a missing check in primitive value deserializers to prevent deep wrapper array nesting. Affected versions are before 2.13.4.1 and 2.12.17.1; remediation per sou...

7.5CVSS7.5AI score0.02824EPSS
CVE
CVE
added 2019/02/04 7:0 a.m.811 views

CVE-2019-7317

CVE-2019-7317 is a use-after-free involving png_image_free in libpng. A connected document ties this to the FLTK package, affecting versions less than 1.3.8-1, and states that upgrading to a later FLTK version resolves the issue. If applying this advisory, upgrade FLTK to 1.3.8-1 or newer for rem...

5.3CVSS6.3AI score0.09393EPSS
CVE
CVE
added 2020/04/21 1:45 p.m.804 views

CVE-2020-1967

CVE-2020-1967 describes a NULL pointer dereference in OpenSSL’s SSL_check_chain() during or after a TLS 1.3 handshake, caused by incorrect handling of the signature_algorithms_cert extension. A malicious peer sending an invalid/unrecognized signature algorithm can crash the server/client, enablin...

7.5CVSS7.5AI score0.53336EPSS
CVE
CVE
added 2022/12/23 12:0 a.m.792 views

CVE-2022-43551

CVE-2022-43551 is a vulnerability in curl’s HSTS check that could allow bypassing HSTS and forcing a cleartext HTTP transfer. The issue occurs when the URL hostname uses IDN characters that are later ASCII-encoded during IDN processing (e.g., U+3002 IDEOGRAPHIC FULL STOP instead of U+002E). Curl ...

7.5CVSS7.3AI score0.1654EPSS
CVE
CVE
added 2016/04/21 10:0 a.m.779 views

CVE-2016-3427

CVE-2016-3427 is an unspecified vulnerability in Oracle Java SE (affecting 6u113, 7u99, 8u77) and JRockit, tied to the Java Management Extensions (JMX) component. Exploitation can affect confidentiality, integrity, and availability via JMX-related vectors; the issue is described as an unspecified...

10CVSS6.8AI score0.92334EPSS
In wild
CVE
CVE
added 2023/09/21 6:23 p.m.768 views

CVE-2023-41993

CVE-2023-41993 is a WebKit code‑execution vulnerability affecting Apple platforms where processing web content could trigger arbitrary code execution. The public record notes the issue was fixed in macOS Sonoma 14 and is associated with Safari/WebKit processing paths. Apple documents indicate the...

8.8CVSS8.8AI score0.29179EPSS
In wild
CVE
CVE
added 2021/08/24 2:50 p.m.761 views

CVE-2021-3711

CVE-2021-3711 involves a bug in OpenSSL SM2 decryption: the buffer-size calculation during EVP_PKEY_decrypt() first call can under-allocate, enabling a later second call with a too-small buffer and causing a buffer overflow (up to 62 bytes). The issue affects OpenSSL 1.1.1 up to 1.1.1k and is fix...

9.8CVSS9.9AI score0.87816EPSS
CVE
CVE
added 2020/04/15 1:29 p.m.755 views

CVE-2020-2752

CVE-2020-2752 affects the Oracle MySQL Client (C API). Publicly documented affected versions are 5.6.47 and earlier, 5.7.27 and earlier, and 8.0.17 and earlier. The vulnerability can be triggered by a network-accessing attacker via multiple protocols with low privileges and may lead to a Hang or ...

5.3CVSS6AI score0.02317EPSS
CVE
CVE
added 2019/10/16 5:40 p.m.752 views

CVE-2019-2938

CVE-2019-2938 affects MySQL Server (InnoDB) in Oracle MySQL. Affected versions include 5.7.27 and earlier and 8.0.17 and earlier; exploitation over network could cause a hang or crash (DoS) with high privileges. CVSSv3 base score 4.4. Patches are available; advisory ALSA-2020-1333 recommends upgr...

4.4CVSS4.5AI score0.02985EPSS
CVE
CVE
added 2021/01/20 2:50 p.m.741 views

CVE-2021-2011

CVE-2021-2011 affects Oracle MySQL's Client C API, with vulnerable versions 5.7.32 and earlier and 8.0.22 and earlier. An unauthenticated network attacker can trigger a hang or crash (DoS) via multiple protocols. remediation is to upgrade to a version where the issue is resolved (e.g., newer MySQ...

7.1CVSS5.5AI score0.03028EPSS
CVE
CVE
added 2021/01/20 2:50 p.m.728 views

CVE-2021-2022

CVE-2021-2022 is a vulnerability in Oracle MySQL Server (component: InnoDB) that affects MySQL Server versions 5.6.50 and earlier, 5.7.32 and earlier, and 8.0.22 and earlier. The issue is exploitable by a highly privileged attacker who can access the affected server over network via multiple prot...

6.3CVSS4.5AI score0.01897EPSS
CVE
CVE
added 2019/01/16 7:0 p.m.717 views

CVE-2019-2503

The connected advisory ALAS-2019-1292 documents CVE-2019-2503 as a MySQL/MariaDB Server: Connection Handling vulnerability. Affected are Oracle MySQL Server components with versions 5.6.42 and prior, 5.7.24 and prior, and 8.0.13 and prior. The issue can allow a low-privileged attacker on the netw...

6.4CVSS6.4AI score0.02487EPSS
CVE
CVE
added 2019/09/16 6:6 p.m.694 views

CVE-2019-5482

CVE-2019-5482 is a heap buffer overflow in curl/libcurl’s TFTP handler (tftp_receive_packet) affecting curl versions up to 7.65.3. Public advisories detail that a small TFTP blocksize can trigger overflow, potentially enabling DoS or arbitrary code execution. Public fixes exist across distributio...

9.8CVSS9.7AI score0.17939EPSS
CVE
CVE
added 2019/09/09 4:7 p.m.691 views

CVE-2019-16168

CVE-2019-16168 affects SQLite up to version 3.29.0, whereLoopAddBtreeIndex in sqlite3.c may crash a browser/application due to missing validation of sqlite_stat1 sz, described as a severe division by zero in the query planner. Connected documents show multiple advisories referencing the fix in SQ...

6.5CVSS7AI score0.04253EPSS
CVE
CVE
added 2022/01/26 12:0 a.m.691 views

CVE-2021-22570

CVE-2021-22570 affects Protocol Buffers (protobuf). A null character in a proto symbol is parsed incorrectly, causing a null pointer dereference via an unchecked access to the proto file name during error message generation. The issue can enable denial of service or memory access instability as d...

6.5CVSS6.5AI score0.0266EPSS
CVE
CVE
added 2025/01/21 8:52 p.m.678 views

CVE-2025-21502

CVE-2025-21502 affects Oracle Java SE and related GraalVM packages (Hotspot) across multiple supported versions (Java SE 8u431-perf, 11.0.25, 17.0.13, 21.0.5, 23.0.1; GraalVM JDK 17.0.13/21.0.5/23.0.1; GraalVM EE 20.3.16/21.3.12). The described vulnerability allows an unauthenticated, network-acc...

4.8CVSS4.1AI score0.00971EPSS
CVE
CVE
added 2020/04/15 1:29 p.m.673 views

CVE-2020-2760

CVE-2020-2760 affects MySQL Server (InnoDB) with affected versions 5.7.29 and prior, and 8.0.19 and prior. It enables a high-privilege attacker with network access to cause a hang or crash (DoS) and potentially unauthorized data updates/inserts/deletes. The ALAS advisory shows remediation through...

5.5CVSS5.6AI score0.03014EPSS
CVE
CVE
added 2019/01/16 7:0 p.m.665 views

CVE-2019-2537

CVE-2019-2537 affects the MySQL Server component (subcomponent: Server: DDL) of Oracle MySQL. Affected: 5.6.42 and prior, 5.7.24 and prior, 8.0.13 and prior. Description in connected docs confirms an easily exploitable, network-accessible vulnerability that can cause the MySQL Server to hang or c...

4.9CVSS5.1AI score0.04457EPSS
CVE
CVE
added 2020/04/15 1:29 p.m.661 views

CVE-2020-2812

CVE-2020-2812 affects the MySQL Server component (Server: Stored Procedure). Affected are MySQL/MariaDB builds with versions 5.6.47 and earlier, 5.7.29 and earlier, and 8.0.19 and earlier. The vulnerability can allow a high-privilege attacker with network access via multiple protocols to cause a ...

4.9CVSS5.2AI score0.02981EPSS
CVE
CVE
added 2020/04/15 1:29 p.m.660 views

CVE-2020-2922

CVE-2020-2922 affects the MySQL Client C API in Oracle MySQL. Affected versions are 5.6.47 and prior, 5.7.29 and prior, and 8.0.18 and prior. It is difficult to exploit and can allow an unauthenticated attacker with network access via multiple protocols to read a subset of MySQL Client data. CVSS...

4.3CVSS3.4AI score0.02436EPSS
CVE
CVE
added 2021/01/20 2:50 p.m.657 views

CVE-2021-2007

CVE-2021-2007 affects Oracle MySQL MySQL Client (C API). Affected versions: 5.6.47 and prior, 5.7.29 and prior, and 8.0.19 and prior. The vulnerability is exploitable by an unauthenticated attacker with network access via multiple protocols, potentially leading to unauthorized read access of a su...

4.3CVSS3.4AI score0.02272EPSS
CVE
CVE
added 2019/01/16 7:0 p.m.638 views

CVE-2019-2529

CVE-2019-2529 affects Oracle MySQL Server (Server: Optimizer). Affected: 5.6.42 and prior, 5.7.24 and prior, 8.0.13 and prior. Low-privilege, network-access attacker can cause a hang or complete DOS. Remediation: advisories/applicable updates exist (e.g., ALAS/CentOS/RHSA); update mariadb/mysql p...

6.5CVSS6.2AI score0.0436EPSS
CVE
CVE
added 2022/10/18 12:0 a.m.633 views

CVE-2022-21607

CVE-2022-21607 is a vulnerability in Oracle MySQL Server, specifically in the Server: Optimizer component. Affected are MySQL Server versions up to and including 8.0.28 (and prior). The flaw is exploitable by a high-privilege attacker who can reach the server over the network via multiple protoco...

4.9CVSS4.7AI score0.01024EPSS
CVE
CVE
added 2022/10/18 12:0 a.m.627 views

CVE-2022-21641

Summary (from provided sources): CVE-2022-21641 affects Oracle MySQL Server, specifically the Server: Optimizer component. Affected versions are 8.0.29 and earlier. The vulnerability is exploitable by a high-privilege attacker with network access via multiple protocols and can lead to a hang or a...

4.9CVSS4.9AI score0.00962EPSS
CVE
CVE
added 2022/10/18 12:0 a.m.619 views

CVE-2022-21592

CVE-2022-21592 affects Oracle MySQL Server (Server: Security: Encryption). Affected: MySQL 5.7.39 and earlier, and 8.0.29 and earlier. A low-privileged attacker with network access over multiple protocols can cause unauthorized read access to a subset of data. CVSS 3.1 base score 4.3 (Confidentia...

4.3CVSS3.7AI score0.00653EPSS
CVE
CVE
added 2020/11/06 7:7 a.m.617 views

CVE-2020-28196

CVE-2020-28196 affects MIT Kerberos 5 (krb5) prior to 1.17.2 and 1.18.x prior to 1.18.3. The vulnerability stems from unbounded recursion in the ASN.1 BER decoder (lib/krb5/asn.1/asn1_encode.c) due to no recursion limit for indefinite lengths. This can lead to denial of service due to resource ex...

7.5CVSS7.6AI score0.04365EPSS
CVE
CVE
added 2022/10/18 12:0 a.m.617 views

CVE-2022-21595

CVE-2022-21595 affects Oracle MySQL Server (component: C API). Affected versions include MySQL Server 5.7.36 and prior and 8.0.27 and prior. The vulnerability is exploitable with network access via multiple protocols and is described as difficult to exploit, requiring high privileges. Successful ...

4.4CVSS4.6AI score0.01048EPSS
CVE
CVE
added 2022/10/18 12:0 a.m.614 views

CVE-2022-21638

CVE-2022-21638 affects Oracle MySQL Server (component: Server: Optimizer). Affected: MySQL Server 8.0.29 and earlier. Attack surface: network-accessible via multiple protocols; requires high privileges; can cause a hang or frequent crash (denial of service). Several connected advisories confirm a...

4.9CVSS4.9AI score0.00962EPSS
CVE
CVE
added 2020/12/03 4:16 p.m.613 views

CVE-2020-25649

The CVE-2020-25649 entry concerns a flaw in FasterXML Jackson Databind where entity expansion was not properly secured, enabling XML External Entity (XXE) attacks. This is a data-integrity risk. Connected advisories consistently associate the issue with Jackson Databind and XXE, and several sourc...

7.5CVSS7.3AI score0.17611EPSS
Total number of security vulnerabilities743