Lucene search
K
NetappOncommand Workflow Automation

743 matches found

CVE
CVE
added 2022/09/01 12:0 a.m.276 views

CVE-2022-2764

CVE-2022-2764 concerns Undertow. A DoS can occur because the Undertow server waits for LAST_CHUNK forever during EJB invocations, impacting availability (per CVSS vector: Network, Low access, High impact to availability). Public details in the provided documents specify the vulnerability as a DoS...

4.9CVSS5.1AI score0.00787EPSS
CVE
CVE
added 2023/04/18 7:54 p.m.273 views

CVE-2023-21920

Summary: CVE-2023-21920 affects Oracle MySQL Server (Server: Optimizer). Affected: MySQL 8.0.32 and earlier. Exploitable with network access via multiple protocols by a highly privileged attacker, leading to a hang or frequent crashes (DoS) of MySQL Server. CVSS v3.1 base score 4.9 (Impact: Avail...

4.9CVSS5.2AI score0.01456EPSS
CVE
CVE
added 2022/05/24 6:19 p.m.272 views

CVE-2021-3597

CVE-2021-3597 affects Undertow’s HTTP2SourceChannel and can cause DoS by failing to write the final frame. Affected products/versions include Undertow releases prior to 2.0.35.SP1, 2.2.6.SP1, 2.2.7.SP1, 2.0.36.SP1, 2.2.9.Final and 2.0.39.Final. The vulnerability is addressed in Red Hat JBoss EAP ...

5.9CVSS5.5AI score0.01061EPSS
CVE
CVE
added 2023/02/17 12:0 a.m.272 views

CVE-2023-0482

RESTEasy CVE-2023-0482 involves creation of insecure temporary files via File.createTempFile() in DataSourceProvider, FileProvider, and Mime4JWorkaround. This local-privilege escalation vulnerability can allow an authenticated local attacker to gain elevated privileges by reading or accessing ins...

5.5CVSS5AI score0.00819EPSS
CVE
CVE
added 2022/01/19 11:22 a.m.269 views

CVE-2022-21271

CVE-2022-21271 is a vulnerability in Oracle Java SE and Oracle GraalVM Enterprise Edition (Libraries). Affected versions are Oracle Java SE: 7u321, 8u311, 11.0.13; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. The description states it is easily exploitable by an unauthenticated attacker ...

5.3CVSS4.6AI score0.02789EPSS
CVE
CVE
added 2018/01/18 2:0 a.m.266 views

CVE-2018-2640

The CVE refers to CVE-2018-2640 in the MySQL/MariaDB family: the vulnerability is in the MySQL Server component (Server: Optimizer) and affects multiple supported branches (5.5.x, 5.6.x, 5.7.x) with ability for a network‑accessible, low‑privileged attacker to cause a hang or crash (DOS). Public a...

6.8CVSS6.3AI score0.03952EPSS
CVE
CVE
added 2021/06/11 3:49 p.m.265 views

CVE-2021-22901

CVE-2021-22901 affects curl/libcurl up to version 7.76.x for builds using OpenSSL. A use-after-free during TLS 1.3 session-ticket handling on a single connection can lead to remote code execution in rare cases. Impact is tied to memory access after freeing objects when a session ticket arrives on...

8.1CVSS8.2AI score0.60122EPSS
CVE
CVE
added 2017/10/19 5:0 p.m.263 views

CVE-2017-10345

CVE-2017-10345 affects Oracle Java SE/Embedded/JRockit serialization. The vulnerability allows an unauthenticated attacker with network access to compromise the target, potentially causing a partial denial of service; exploitation is difficult and may require human interaction. Affected versions ...

3.1CVSS4.2AI score0.02442EPSS
CVE
CVE
added 2018/04/19 2:0 a.m.262 views

CVE-2018-2817

CVE-2018-2817 affects the MySQL/MariaDB server stack (MySQL Server component; subcomponents such as DDL/InnoDB/Optimizer) across multiple product lines. Affected versions include MySQL/MariaDB releases prior to upstream fixes (e.g., 5.5.x, 5.6.x, 5.7.x families as cited in the documents). Impact ...

6.5CVSS6AI score0.03171EPSS
CVE
CVE
added 2017/10/19 5:0 p.m.260 views

CVE-2017-10268

CVE-2017-10268 affects Oracle MySQL Server (Server: Replication) with affected versions 5.5.57 and earlier, 5.6.37 and earlier, and 5.7.19 and earlier. The vulnerability allows a high-privilege attacker with logon to the infrastructure where MySQL Server executes to compromise the server, potenti...

4.1CVSS4.2AI score0.00697EPSS
CVE
CVE
added 2017/10/19 5:0 p.m.260 views

CVE-2017-10356

CVE-2017-10356 affects OpenJDK/OpenJDK Security component. The root cause is weak password-based encryption keys used to protect private keys stored in keystores, enabling an unauthenticated attacker with sufficient access to compromise protected data. Affected: Java SE components (OpenJDK/OpenJD...

6.2CVSS6.5AI score0.00754EPSS
CVE
CVE
added 2017/10/19 5:0 p.m.259 views

CVE-2017-10281

CVE-2017-10281 affects Oracle/OpenJDK components (Java SE, Java SE Embedded, JRockit) with the Serialization subcomponent. The vulnerability is exploitable remotely via network protocols and can be triggered by sandboxed Web Start/Applet use or by supplying data to APIs, potentially causing parti...

5.3CVSS5.3AI score0.03305EPSS
CVE
CVE
added 2017/10/19 5:0 p.m.258 views

CVE-2017-10295

CVE-2017-10295 affects OpenJDK (Java SE/Java SE Embedded) Networking: HttpURLConnection/HttpsURLConnection failed to detect newline characters in URLs, enabling potential HTTP header injection via attacker-provided URLs. Public notices in connected docs show affected package openjdk-7/openjdk-8 w...

4.3CVSS5.1AI score0.02199EPSS
CVE
CVE
added 2018/01/18 2:0 a.m.258 views

CVE-2018-2622

CVE-2018-2622 affects MySQL Server (Server: DDL) with affected versions 5.5.58 and earlier, 5.6.38 and earlier, and 5.7.20 and earlier. It allows a network-based attacker with low privileges to cause a hang or complete denial-of-service. Multiple connected advisories (ALAS-2018-969, CentOS/CESA-2...

6.8CVSS6.3AI score0.03952EPSS
CVE
CVE
added 2017/10/19 5:0 p.m.256 views

CVE-2017-10350

CVE-2017-10350 is an OpenJDK/Oracle Java SE vulnerability in the JAX-WS subcomponent that could allow an unauthenticated network attacker to cause a partial denial of service in Java SE/Java SE Embedded deployments (clients loading untrusted code in sandbox). Affected versions per initial descrip...

5.3CVSS5.4AI score0.03305EPSS
CVE
CVE
added 2017/10/19 5:0 p.m.253 views

CVE-2017-10388

CVE-2017-10388 affects the OpenJDK Kerberos client: the sname field from the plain-text KDC reply was used instead of the encrypted part, enabling a potential MITM impersonation of Kerberos services for Java applications acting as Kerberos clients. This vulnerability is documented across multiple...

7.5CVSS7.7AI score0.03206EPSS
CVE
CVE
added 2018/01/18 2:0 a.m.252 views

CVE-2018-2665

CVE-2018-2665 affects Oracle MySQL Server (Server: Optimizer). Affected releases include MySQL 5.5.58 and older, 5.6.38 and older, and 5.7.20 and older. The vulnerability is exploitable by a low-privileged attacker who can access the server over the network, and can lead to an unauthorized hang o...

6.8CVSS6.3AI score0.03952EPSS
CVE
CVE
added 2017/10/19 5:0 p.m.251 views

CVE-2017-10348

CVE-2017-10348 affects OpenJDK/OpenJDK-derived Java SE/Embedded libraries. The vulnerability, exploitable over the network by unauthenticated attackers, can lead to a partial denial of service on Java SE and Java SE Embedded. Public details in the provided materials indicate affected versions var...

5.3CVSS5.4AI score0.03305EPSS
CVE
CVE
added 2018/05/11 8:0 p.m.251 views

CVE-2018-1258

CVE-2018-1258 affects Spring Framework 5.0.5 when used with any Spring Security version, enabling an authorization bypass for method security. An unauthorized user could access restricted methods. The connected advisory from F5 reiterates the same vulnerability description and lists affected prod...

8.8CVSS9AI score0.02427EPSS
CVE
CVE
added 2020/05/26 2:57 p.m.251 views

CVE-2020-10719

Undertow under CVE-2020-10719 is vulnerable in versions before 2.1.1.Final due to improper handling of invalid HTTP requests with large chunk sizes, enabling HTTP request smuggling. Several connected sources (Red Hat advisories, Mageia security advisory) confirm a fix/update to Undertow 2.1.1.Fin...

6.5CVSS6AI score0.01005EPSS
CVE
CVE
added 2018/04/19 2:0 a.m.248 views

CVE-2018-2771

CVE-2018-2771 affects the MySQL Server component (subcomponent: Server: Locking) across Oracle MySQL releases. Affected series include 5.5.59 and earlier, 5.6.39 and earlier, and 5.7.21 and earlier. The vulnerability is described as difficult to exploit but can allow a high-privilege attacker wit...

4.4CVSS5AI score0.03592EPSS
CVE
CVE
added 2022/10/18 12:0 a.m.247 views

CVE-2022-21618

CVE-2022-21618 affects Oracle Java SE (JGSS, Security, JNDI, Lightweight HTTP Server, Networking) and Oracle GraalVM Enterprise Edition (versions affected: Oracle Java SE 17.0.4.1 and 19; GraalVM EE 21.3.3 and 22.2.0). The vulnerability allows unauthenticated network access via Kerberos (and othe...

5.3CVSS4.8AI score0.02034EPSS
CVE
CVE
added 2017/10/19 5:0 p.m.246 views

CVE-2017-10285

CVE-2017-10285 is confirmed to affect Oracle/OpenJDK Java SE and Java SE Embedded, specifically the RMI (Remote Method Invocation) component. The vulnerability allows an unauthenticated attacker with network access via multiple protocols to compromise Java SE/Embedded, with exploitation described...

9.6CVSS9AI score0.03143EPSS
CVE
CVE
added 2017/10/19 5:0 p.m.246 views

CVE-2017-10346

CVE-2017-10346 is an OpenJDK/Java SE vulnerability affecting multiple OpenJDK components (Hotspot, OpenJDK sandboxes) across affected Java versions (OpenJDK6/7/8/9 in various advisories). The public records in connected documents indicate the issue includes bypassing Java sandbox restrictions via...

9.6CVSS9.1AI score0.02962EPSS
CVE
CVE
added 2018/04/19 2:0 a.m.246 views

CVE-2018-2819

CVE-2018-2819 affects the MySQL Server component (InnoDB) of Oracle MySQL. Affected versions are 5.5.59 and earlier, 5.6.39 and earlier, and 5.7.21 and earlier. The vulnerability enables a low-privileged attacker with network access via multiple protocols to cause a hang or a frequent crash (comp...

6.5CVSS6AI score0.03171EPSS
CVE
CVE
added 2018/04/19 2:0 a.m.242 views

CVE-2018-2761

CVE-2018-2761 affects the MySQL Server component (Client programs) of Oracle MySQL. Affected ranges are 5.5.59 and earlier, 5.6.39 and earlier, and 5.7.21 and earlier. It enables an unauthenticated, network-accessible attacker to cause the MySQL Server to hang or crash (partial DOS). The descript...

5.9CVSS5.6AI score0.0401EPSS
CVE
CVE
added 2017/10/19 5:0 p.m.241 views

CVE-2017-10378

CVE-2017-10378 affects the MySQL Server component (Server: Optimizer) with affected versions 5.5.57 and earlier, 5.6.37 and earlier, and 5.7.11 and earlier. The vulnerability is exploitable remotely over multiple protocols by a low-privilege user and can cause the MySQL Server to hang or crash (D...

6.5CVSS6.2AI score0.03237EPSS
CVE
CVE
added 2018/04/19 2:0 a.m.241 views

CVE-2018-2781

CVE-2018-2781 is a vulnerability in the MySQL Server component (subcomponent: Server: Optimizer). Affected versions are 5.5.59 and earlier, 5.6.39 and earlier, and 5.7.21 and earlier. The fixed text indicates an easily exploitable issue that allows a high-privileged attacker with network access v...

4.9CVSS5.4AI score0.03294EPSS
CVE
CVE
added 2017/10/19 5:0 p.m.239 views

CVE-2017-10349

CVE-2017-10349 affects the OpenJDK/JAXP component (Java SE and Java SE Embedded) where the vulnerability stems from unbounded memory growth during object creation from serialized data, enabling unauthenticated network access to cause a partial denial of service. Multiple connected advisories (IBM...

5.3CVSS5.4AI score0.03305EPSS
CVE
CVE
added 2022/04/19 8:37 p.m.238 views

CVE-2022-21423

CVE-2022-21423 affects Oracle MySQL Server, component InnoDB, with affected versions 8.0.28 and prior. The connected advisories corroborate that an attacker with network access via multiple protocols can exploit this to cause a partial denial of service in MySQL Server. The vulnerability is descr...

4CVSS3.3AI score0.01279EPSS
CVE
CVE
added 2017/10/19 5:0 p.m.236 views

CVE-2017-10347

CVE-2017-10347 is a serialization-related vulnerability in Oracle Java SE/JRockit that affects Java SE 6u161, 7u151, 8u144 and 9, and Java SE Embedded 8u144. The issue allows an unauthenticated, networked attacker to cause a partial denial of service in vulnerable deployments that load untrusted ...

5.3CVSS5.5AI score0.03114EPSS
CVE
CVE
added 2017/10/19 5:0 p.m.235 views

CVE-2017-10357

CVE-2017-10357 is a Java SE/OpenJDK vulnerability affecting the Serialization component in Oracle Java SE and Java SE Embedded. The Initial document lists affected versions as Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. The Connected documents corroborate multiple OpenJDK/OpenJDK...

5.3CVSS5.4AI score0.03305EPSS
CVE
CVE
added 2019/01/02 6:0 p.m.235 views

CVE-2018-14718

CVE-2018-14718 affects FasterXML jackson-databind 2.x (pre-2.9.7). Description: remote code execution via deserialization due to failure to block the slf4j-ext class from polymorphic deserialization. IBM watsonx.data is listed as affected (versions 1.0.0–2.0.0 in some bulletins; later bulletins s...

9.8CVSS9.8AI score0.12679EPSS
CVE
CVE
added 2017/10/19 5:0 p.m.233 views

CVE-2017-10274

CVE-2017-10274 affects Oracle Java SE Smart Card IO. According to connected IBM advisories, the flaw can be exploited by an unauthenticated attacker over multiple protocols to compromise confidentiality and integrity (C/H, I/H) with high impact, though no availability impact is stated. Affected J...

6.8CVSS6.8AI score0.02635EPSS
CVE
CVE
added 2022/06/01 7:3 p.m.230 views

CVE-2022-27778

CVE-2022-27778 is a vulnerability in curl/libcurl described as an “use of incorrectly resolved name” that may cause removal of the wrong file when using --no-clobber with --remove-on-error. Connected advisories confirm the issue exists in curl up to version 7.83.0 and is fixed in 7.83.1. Articles...

8.1CVSS7.8AI score0.03453EPSS
CVE
CVE
added 2019/07/02 6:31 p.m.227 views

CVE-2019-5443

Technical details about CVE-2019-5443 are not publicly provided in the provided documents. The available information is a high-level summary; monitor for updates.

7.8CVSS7.5AI score0.00717EPSS
CVE
CVE
added 2019/01/02 6:0 p.m.222 views

CVE-2018-14719

CVE-2018-14719 involves FasterXML Jackson Databind 2.x up to but before 2.9.7. The root cause is failure to block polymorphic deserialization of certain gadgets (blaze-ds-opt/blaze-ds-core), enabling remote code execution if the gadget classes can be reached. The IBM bulletin references Jackson D...

9.8CVSS9.8AI score0.09682EPSS
CVE
CVE
added 2017/10/19 5:0 p.m.220 views

CVE-2017-10384

CVE-2017-10384 affects the MySQL Server component (Server: DDL) of Oracle MySQL. Affected versions include 5.5.57 and earlier, 5.6.37 and earlier, and 5.7.19 and earlier. An attacker with network access via multiple protocols and low privileges can cause a hang or a complete denial of service in ...

6.5CVSS5.5AI score0.03078EPSS
CVE
CVE
added 2021/02/23 5:21 p.m.220 views

CVE-2021-20220

CVE-2021-20220 relates to Undertow. A regression in the fix for CVE-2020-10687 enables HTTP request smuggling in Undertow when processing HTTP/1.x and HTTP/2 traffic due to invalid characters in the request line. The vulnerability can allow an attacker to poison a web-cache, perform an XSS attack...

5.8CVSS5.4AI score0.01119EPSS
CVE
CVE
added 2017/10/19 5:0 p.m.219 views

CVE-2017-10309

CVE-2017-10309 involves the Deployment subcomponent of Oracle Java SE. Public details in the provided documents indicate an XML External Entity/Information Disclosure style vulnerability affecting Java 8u144 and Java 9 deployments, with network-accessible exploitation requiring user interaction. ...

7.1CVSS7AI score0.08794EPSS
Web
CVE
CVE
added 2022/08/31 12:0 a.m.217 views

CVE-2022-1319

CVE-2022-1319 affects Undertow (via JBoss EAP 7) where an AJP 400 response can trigger two response packets that carry the reuse flag, and the connection reuse logic reads the second SEND_HEADERS instead of CPONG after a CPING. This can lead to a vulnerability in scenarios where connections are r...

7.5CVSS7.3AI score0.01258EPSS
CVE
CVE
added 2018/06/05 1:0 p.m.214 views

CVE-2018-1000180

CVE-2018-1000180 affects Bouncy Castle BC 1.54–1.59 (and BC-FJA 1.0.0/1.0.1) with a flaw in the Low-level RSA key pair generator interface that may produce RSA key pairs with fewer Miller–Rabin primality tests than expected. IBM vulnerability bulletins associate this CVE with IBM products (e.g., ...

7.5CVSS7.1AI score0.03622EPSS
CVE
CVE
added 2020/10/06 12:0 a.m.212 views

CVE-2020-25644

CVE-2020-25644 is a memory‑leak vulnerability in WildFly OpenSSL (WildFly OpenSSL natives) prior to 1.1.3.Final. The flaw causes a memory leak per HTTP session creation, which can lead to Out-Of-Memory and a denial of service, predominantly affecting availability. Affected component/file: WildFly...

7.5CVSS6.9AI score0.02183EPSS
CVE
CVE
added 2019/01/16 7:0 p.m.210 views

CVE-2019-2449

CVE-2019-2449 affects Oracle Java SE 8u192 (Java SE Deployment). An unauthenticated attacker with network access via multiple protocols can exploit a vulnerability to cause a partial denial of service on Java SE. Attacks are difficult to exploit and require user interaction. The description notes...

3.1CVSS4.3AI score0.02979EPSS
CVE
CVE
added 2021/01/27 12:0 a.m.208 views

CVE-2021-26117

CVE-2021-26117 describes an LDAP authentication weakness in the optional ActiveMQ LDAP login module where anonymous access can bypass password verification. Connected sources confirm affected lines: Apache ActiveMQ Artemis prior to 2.16.0 and Apache ActiveMQ prior to 5.16.1 and 5.15.14. Debian/Ub...

7.5CVSS7.5AI score0.11239EPSS
CVE
CVE
added 2023/07/18 8:18 p.m.208 views

CVE-2023-22053

CVE-2023-22053 affects Oracle MySQL: vulnerability in the MySQL Client programs that can allow a low-privilege attacker with network access to cause a hang/complete DoS and unauthorized read of a subset of data. Affected releases include MySQL 5.7.42 and earlier and 8.0.33 and earlier. Connected ...

5.9CVSS5.8AI score0.01152EPSS
CVE
CVE
added 2023/11/03 12:0 a.m.208 views

CVE-2023-31102

CVE-2023-31102 affects 7-Zip pre-23.00, describing an integer underflow and invalid read in Ppmd7.c triggered by crafted 7Z archives. The connected sources corroborate the vulnerability in 7-Zip up to version 23.00 and reference related advisories; no explicit exploit details are provided. Public...

7.8CVSS7.2AI score0.7104EPSS
CVE
CVE
added 2017/10/19 5:0 p.m.206 views

CVE-2017-10379

CVE-2017-10379 concerns the MySQL Server client-side component of Oracle MySQL. Affected versions are 5.5.57 and earlier, 5.6.37 and earlier, and 5.7.19 and earlier. The vulnerability can be exploited by a low-privileged attacker with network access via multiple protocols, potentially leading to ...

6.5CVSS5.2AI score0.0228EPSS
CVE
CVE
added 2018/07/18 1:0 p.m.206 views

CVE-2018-3070

CVE-2018-3070 affects Oracle MySQL Server (MySQL client mysqldump component). Affected versions are 5.5.60 and earlier, 5.6.40 and earlier, and 5.7.22 and earlier. The vulnerability is described as easily exploitable, requiring network access via multiple protocols, and can allow a low-privileged...

6.5CVSS5.1AI score0.03637EPSS
CVE
CVE
added 2018/07/18 1:0 p.m.204 views

CVE-2018-2964

CVE-2018-2964 affects Oracle Java SE Deployment. Affected are Java SE 8u172 and 10.0.1; the flaw is exploitable over the network via multiple protocols and may allow takeover of Java SE, with client deployments using untrusted code in sandboxed environments being at risk. Exploitation is reported...

8.3CVSS8.6AI score0.02767EPSS
Total number of security vulnerabilities743