Lucene search
K
NetappOncommand Workflow Automation

743 matches found

CVE
CVE
added 2021/05/19 1:45 p.m.611 views

CVE-2021-3517

CVE-2021-3517 is a libxml2 vulnerability affecting versions before 2.9.11. A flaw in the xml entity encoding functionality could allow processing of a crafted XML file to trigger an out‑of‑bounds read, with availability impact and potential confidentiality/integrity impact if memory information i...

8.6CVSS8.4AI score0.0828EPSS
CVE
CVE
added 2021/04/22 9:53 p.m.610 views

CVE-2021-2144

CVE-2021-2144 affects Oracle MySQL Server (component: Server: Parser). Affected versions are 5.7.29 and earlier and 8.0.19 and earlier. The vulnerability allows a high-privilege attacker with network access via multiple protocols to compromise the MySQL Server, potentially leading to takeover of ...

7.2CVSS6.5AI score0.01886EPSS
CVE
CVE
added 2017/05/23 3:56 a.m.609 views

CVE-2016-9841

CVE-2016-9841 is a vulnerability in zlib 1.2.8 related to improper pointer arithmetic in inffast.c that could have context-dependent impact. Connected advisories confirm public details and show remediation by upgrading zlib to a newer version (e.g., 1.2.11) across affected products and distributi...

9.8CVSS9.9AI score0.07489EPSS
CVE
CVE
added 2022/10/18 12:0 a.m.609 views

CVE-2022-21605

CVE-2022-21605 concerns the Oracle MySQL Server, specifically the Server: Data Dictionary component. Affected are MySQL Server versions 8.0.28 and earlier . The vulnerability enables a high-privilege attacker with network access (via multiple protocols) to cause the server to hang or crash, resul...

4.9CVSS4.7AI score0.01024EPSS
CVE
CVE
added 2019/09/15 9:45 p.m.601 views

CVE-2019-14540

CVE-2019-14540 affects jackson-databind up to version 2.9.10 with serialization gadget risk involving the HikariCP classes (com.zaxxer.hikari.HikariConfig). The authoritative initial doc notes a polymorphic typing issue in jackson-databind related to HikariConfig. Connected-material references (A...

9.8CVSS9.3AI score0.10676EPSS
CVE
CVE
added 2020/04/15 1:29 p.m.600 views

CVE-2020-2780

CVE-2020-2780 affects Oracle MySQL Server (Server: DML) with vulnerable ranges: 5.6.47 and earlier, 5.7.29 and earlier, and 8.0.19 and earlier. The issue allows a low-privileged, network-access attacker to cause a hang or crash (DOS) via multiple protocols. The connected advisories (e.g., ALAS/ C...

6.5CVSS6.3AI score0.0243EPSS
CVE
CVE
added 2017/04/17 9:0 p.m.598 views

CVE-2017-5645

CVE-2017-5645 affects Apache Log4j 2.x prior to 2.8.2. The vulnerability arises when using a TCP/UDP socket server to receive serialized log events from another application; a crafted binary payload can be deserialized to execute arbitrary code. The documented impact is remote code execution via ...

9.8CVSS9.5AI score0.8904EPSS
CVE
CVE
added 2020/10/21 2:4 p.m.598 views

CVE-2020-14765

An advisory indicates CVE-2020-14765 affects Oracle MySQL Server (Server: FTS) with affected versions 5.6.49 and prior, 5.7.31 and prior, and 8.0.21 and prior. The cited materials describe a vulnerability that can cause the MySQL Server to hang or crash (DoS) via network access, but the root caus...

6.8CVSS6.4AI score0.03012EPSS
CVE
CVE
added 2020/10/21 2:4 p.m.585 views

CVE-2020-14812

CVE-2020-14812 affects Oracle MySQL Server (component: Server: Locking) with affected versions 5.6.49 and prior, 5.7.31 and prior, and 8.0.21 and prior. Exploitation can lead to a hang or frequent crashes (DoS) with network access. Remediation status varies by distribution; Debian LTS notes a fix...

6.8CVSS5.1AI score0.0288EPSS
CVE
CVE
added 2019/01/16 7:0 p.m.582 views

CVE-2019-2455

CVE-2019-2455 affects the MySQL Server component (subcomponent: Server: Parser) with affected versions 5.6.42 and prior, 5.7.24 and prior, and 8.0.13 and prior. The vulnerability allows a low-privilege attacker with network access via multiple protocols to cause a hang or crash (DoS). Public advi...

6.5CVSS6.2AI score0.03688EPSS
CVE
CVE
added 2024/04/16 9:26 p.m.582 views

CVE-2024-21096

Technical details about CVE-2024-21096 are not publicly provided in the supplied documents. Monitoring for updates is advised; the current sources do not specify affected products, versions, exploitability, or remediation within the given materials.

4.9CVSS5.9AI score0.00424EPSS
CVE
CVE
added 2022/10/02 12:0 a.m.579 views

CVE-2022-42004

The CVE affects FasterXML jackson-databind prior to 2.13.4, where resource exhaustion can occur due to a missing check in BeanDeserializer._deserializeFromArray that prevents deeply nested arrays. An application is vulnerable only with certain customized deserialization paths. Concrete details ac...

7.5CVSS7.5AI score0.02656EPSS
CVE
CVE
added 2021/04/22 9:53 p.m.573 views

CVE-2021-2166

CVE-2021-2166 affects the MySQL/MariaDB Server: DML component. Public sources in connected documents confirm affected products and versions: MySQL/MariaDB server vulnerable when running on Oracle MySQL 5.7.33 and earlier and 8.0.23 and earlier (per AstraLinux/ALMA advisories and related entries)....

4.9CVSS5.2AI score0.04643EPSS
CVE
CVE
added 2021/03/25 2:25 p.m.564 views

CVE-2021-3450

CVE-2021-3450 affects OpenSSL 1.1.1h–1.1.1j where a bug in the X509_V_FLAG_X509_STRICT path overwrote a prior CA-check result, bypassing the non-CA certificates prohibition unless a programmed purpose is used. When a purpose is configured, the certificate chain is still rejected; the issue is fix...

7.4CVSS7.6AI score0.18339EPSS
CVE
CVE
added 2020/04/15 1:29 p.m.561 views

CVE-2020-2814

CVE-2020-2814 affects Oracle MySQL Server (InnoDB) with affected versions 5.6.47 and prior, 5.7.28 and prior, and 8.0.18 and prior. Bulletins in connected advisories describe an easily exploitable, network-accessible vulnerability enabling a high-privilege attacker to cause a hang or frequent cra...

4.9CVSS5.2AI score0.02805EPSS
CVE
CVE
added 2018/10/17 1:0 a.m.555 views

CVE-2018-3282

CVE-2018-3282 affects the MySQL Server component of Oracle MySQL (subcomponent: Server: Storage Engines). Affected versions include 5.5.61 and earlier, 5.6.41 and earlier, 5.7.23 and earlier, and 8.0.12 and earlier, with an attack surface that enables a network-accessing, high-privileged attacker...

4.9CVSS5.8AI score0.03968EPSS
CVE
CVE
added 2020/07/15 5:34 p.m.552 views

CVE-2020-14550

CVE-2020-14550 affects the MySQL Client (C API) in Oracle MySQL. Affected are 5.6.48 and earlier, 5.7.30 and earlier, and 8.0.20 and earlier. The vulnerability allows a low-privilege, network-accessible attacker via multiple protocols to cause a hang or a frequent, crashable DoS of the MySQL Clie...

5.3CVSS5.2AI score0.02221EPSS
CVE
CVE
added 2018/10/17 1:0 a.m.547 views

CVE-2018-3174

CVE-2018-3174 affects Oracle MySQL Server (notably the Client programs) with affected versions 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior, and 8.0.12 and prior. Root cause per the sources is a vulnerability in MySQL Server that can, under certain conditions, lead to a hang or a complete...

5.3CVSS6.1AI score0.0081EPSS
CVE
CVE
added 2019/01/16 7:0 p.m.546 views

CVE-2019-2510

CVE-2019-2510 affects the MySQL Server component (InnoDB) of Oracle MySQL; affected versions are 5.7.24 and earlier and 8.0.13 and earlier. The vulnerability allows a high-privilege attacker with network access via multiple protocols to cause the MySQL Server to hang or crash (DOS). Public docume...

4.9CVSS4.9AI score0.03443EPSS
CVE
CVE
added 2018/07/18 1:0 p.m.542 views

CVE-2018-3064

CVE-2018-3064 affects the MySQL Server component (InnoDB). The initial description lists affected versions as 5.6.40 and earlier, 5.7.22 and earlier, and 8.0.11 and earlier, with a network-accessible, low-privilege exploit that can cause a hang/crash (DoS) and unauthorized read/write of data. Con...

7.1CVSS6.7AI score0.03162EPSS
CVE
CVE
added 2020/10/21 2:4 p.m.542 views

CVE-2020-14789

CVE-2020-14789 affects Oracle MySQL Server (component: Server: FTS). Vulnerability details in connected advisories show it impacts MySQL 5.7.31 and prior and 8.0.21 and prior, with an attacker having network access via multiple protocols and high privileges able to cause a hang or crash (DoS) of ...

4.9CVSS5.1AI score0.02621EPSS
CVE
CVE
added 2021/04/22 9:53 p.m.532 views

CVE-2021-2194

CVE-2021-2194 affects Oracle MySQL Server (InnoDB) with vulnerable versions 5.7.33 and earlier and 8.0.23 and earlier. The issue allows a high-privilege attacker with network access via multiple protocols to cause a hang or crash (DoS) of MySQL Server. No exploitation details are provided in the ...

4.9CVSS4.9AI score0.02308EPSS
CVE
CVE
added 2022/05/06 12:5 p.m.530 views

CVE-2022-24823

CVE-2022-24823 affects Netty’s io.netty:netty-codec-http prior to 4.1.77.Final, describing an insufficient fix for CVE-2021-21290. When Netty’s multipart decoders handle uploads and temporary disk storage is enabled, local information can be disclosed via the system temporary directory. This affe...

5.5CVSS6.7AI score0.01044EPSS
CVE
CVE
added 2019/04/10 7:38 p.m.521 views

CVE-2019-11068

CVE-2019-11068 affects libxslt up to 1.1.33. The vulnerability arises because xsltCheckRead/xsltCheckWrite can permit access even after a -1 error, enabling protection bypass. According to the linked advisories, this vulnerability has a CVSSv3 base score of 9.8 (NETWORK, LOW attack complexity, NO...

9.8CVSS9.4AI score0.05089EPSS
CVE
CVE
added 2021/01/20 2:50 p.m.521 views

CVE-2021-2021

CVE-2021-2021 affects Oracle MySQL Server (MySQL: Server: Optimizer) with affected versions 8.0.22 and earlier. It is described as an easily exploitable vulnerability allowing a high-privilege attacker with network access via multiple protocols to cause a hang or complete DoS on MySQL Server. The...

6.8CVSS4.9AI score0.10093EPSS
In wild
CVE
CVE
added 2020/02/10 7:41 p.m.517 views

CVE-2020-8840

CVE-2020-8840 affects FasterXML jackson-databind 2.0.0–2.9.10.2, where missing blocking of xbean-reflect/JNDI chains (notably org.apache.xbean.propertyeditor.JndiConverter) enables JNDI injection leading to remote code execution. Affected component is jackson-databind’s deserialization path; impa...

9.8CVSS9.3AI score0.26587EPSS
In wild
CVE
CVE
added 2021/01/20 2:50 p.m.516 views

CVE-2021-2032

CVE-2021-2032 affects Oracle MySQL Server (component: Information Schema). Affected versions: 5.7.32 and prior, 8.0.22 and prior. A low-privilege, network-accessible attacker via multiple protocols can read a subset of MySQL data. CVSS v3.1 base score 4.3 (C:L/I:N/A:N). No exploitation details or...

4.3CVSS3.7AI score0.01588EPSS
CVE
CVE
added 2022/08/29 12:0 a.m.511 views

CVE-2022-36033

CVE-2022-36033 affects jsoup, a Java HTML parser. The issue arises when SafeList.preserveRelativeLinks is enabled, allowing crafted javascript: URLs to bypass sanitization and potentially enable XSS if the page lacks a Content Security Policy. The vulnerability is mitigated by updating to jsoup 1...

6.1CVSS6.2AI score0.01208EPSS
CVE
CVE
added 2024/04/16 9:26 p.m.508 views

CVE-2024-21011

CVE-2024-21011 affects Oracle Java SE platforms (Hotspot) and Oracle GraalVM for JDK/Enterprise Edition. Affected versions include Java SE: 8u401, 11.0.22, 17.0.10, 21.0.2, 22; GraalVM for JDK: 17.0.10, 21.0.2, 22; GraalVM EE: 20.3.13, 21.3.9. The vulnerability is exploitable over a network by un...

3.7CVSS3.2AI score0.01361EPSS
CVE
CVE
added 2021/03/30 3:5 p.m.504 views

CVE-2021-21409

The CVE concerns Netty’s HTTP/2 codec (io.netty:netty-codec-http2) where, before version 4.1.61.Final, a Content-Length check can be bypassed when a single Http2HeaderFrame with endStream set to true is used. This enables HTTP request smuggling if the request is proxied and translated to HTTP/1.1...

5.9CVSS6.5AI score0.04935EPSS
CVE
CVE
added 2020/05/01 6:55 p.m.502 views

CVE-2020-10683

CVE-2020-10683 is described in IBM Bulletin sources as an XXE vulnerability in the dom4j library, allowing a remote authenticated attacker to obtain sensitive information through XML processing. The issue stems from dom4j handling External DTDs/Entities by default, and multiple IBM entries map th...

9.8CVSS9.2AI score0.07269EPSS
CVE
CVE
added 2020/07/15 5:34 p.m.499 views

CVE-2020-14556

CVE-2020-14556 and related CVEs (e.g., 14577, 14578, 14579, 14581, 14583, 14593, 14621, 14664) pertain to Oracle Java SE/OpenJDK/OpenJDK-derived runtimes across multiple components (Libraries, JSSE, 2D, JAXP, JavaFX, etc.). The primary 2020 issue affects Java SE and Java SE Embedded on various ve...

5.8CVSS4.9AI score0.03022EPSS
CVE
CVE
added 2018/07/18 1:0 p.m.490 views

CVE-2018-3060

CVE-2018-3060 affects Oracle MySQL Server (InnoDB) with affected versions 5.5/5.6 per IBM/Guardium disclosures. The vulnerability is described as an unspecified issue in InnoDB that could allow an authenticated attacker to achieve no confidentiality impact, but high integrity and high availabilit...

6.5CVSS6.3AI score0.02947EPSS
CVE
CVE
added 2021/04/22 9:53 p.m.488 views

CVE-2021-2180

CVE-2021-2180 affects Oracle MySQL Server (InnoDB) with vulnerable versions 5.7.33 and earlier and 8.0.23 and earlier. A high-privilege attacker who can reach MySQL Server over the network via multiple protocols can cause the server to hang or crash (complete DOS). Connected documents confirm the...

4.9CVSS4.9AI score0.0278EPSS
CVE
CVE
added 2022/10/24 12:0 a.m.486 views

CVE-2022-43680

In CVE-2022-43680, libexpat up to version 2.4.9 contains a use-after-free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate during out-of-memory situations. The impact is rated High (Availability impact) with a CVSSv3.1 base score of 7.5 (Network attack vector, no ...

7.5CVSS7.7AI score0.02241EPSS
CVE
CVE
added 2022/01/24 1:6 a.m.485 views

CVE-2022-23852

Expat (libexpat) contains a signed integer overflow in XML_GetBuffer when XML_CONTEXT_BYTES is nonzero (CVE-2022-23852). IV was observed in multiple advisories and bulletins; the issue can lead to arbitrary code execution or crash if exploited. A fix exists in expat 2.4.4 and later; affected dist...

9.8CVSS9.6AI score0.04525EPSS
CVE
CVE
added 2018/10/17 1:0 a.m.483 views

CVE-2018-3133

CVE-2018-3133 concerns Oracle MySQL Server (subcomponent: Server: Parser). Affected are MySQL Server versions 5.5.61 and earlier, 5.6.41 and earlier, 5.7.23 and earlier, and 8.0.12 and earlier. An attacker with network access via multiple protocols and low privileges can trigger a hang or frequen...

6.5CVSS6.3AI score0.029EPSS
CVE
CVE
added 2021/03/09 6:35 p.m.483 views

CVE-2021-21295

Netty CVE-2021-21295 affects io.netty:netty-codec-http2 prior to 4.1.60.Final, where Content-Length validation can be bypassed when HTTP/2 is downgraded to HTTP/1.1 in proxied scenarios, enabling HTTP request smuggling. The issue occurs when HTTP2MultiplexCodec/Http2FrameCodec are used and Http2S...

5.9CVSS6.7AI score0.18891EPSS
CVE
CVE
added 2019/01/16 7:0 p.m.478 views

CVE-2019-2534

CVE-2019-2534 affects Oracle MySQL Server (subcomponent: Server: Replication). Affected versions are 5.6.42 and earlier, 5.7.24 and earlier, and 8.0.13 and earlier. The vulnerability is exploitable by a low-privileged attacker with network access via multiple protocols, potentially leading to una...

7.1CVSS6.4AI score0.0203EPSS
CVE
CVE
added 2019/01/16 7:0 p.m.477 views

CVE-2019-2481

CVE-2019-2481 affects Oracle MySQL Server (Server: Optimizer). Affected versions are 5.6.42 and prior, 5.7.24 and prior, and 8.0.13 and prior. The vulnerability can be exploited by a high-privileged attacker over the network to cause a hang or a frequently repeating crash (complete DoS) of MySQL ...

4.9CVSS4.8AI score0.03169EPSS
CVE
CVE
added 2018/08/20 7:0 p.m.476 views

CVE-2018-1000632

CVE-2018-1000632 affects dom4j prior to 2.1.1 with an XML Injection (CWE-91) in Element methods addElement/addAttribute. An attacker could tamper XML content via crafted attributes/elements. The issue is fixed in 2.1.1+, and IBM/IOC advisories indicate upgrading dom4j (e.g., to 2.1.4 in IOC) to a...

7.5CVSS7.8AI score0.0657EPSS
CVE
CVE
added 2018/10/17 12:0 p.m.473 views

CVE-2018-10933

CVE-2018-10933 affects libssh, specifically the server-side state machine, where versions prior to 0.7.6 and 0.8.4 allow an unauthenticated attacker to create channels and gain unauthorized access. The underlying issue is an authentication bypass in the server code, reported by multiple vendors a...

9.1CVSS8.5AI score0.91789EPSS
CVE
CVE
added 2021/01/20 2:50 p.m.473 views

CVE-2021-2088

CVE-2021-2088 affects Oracle MySQL Server (Server: DML). Affected versions: 8.0.22 and earlier. An attacker with local logon and high privileges can cause the MySQL server to hang or crash (complete DoS). Remediation details in provided sources indicate upgrading MySQL to a later version (e.g., 8...

4.9CVSS4.6AI score0.00468EPSS
CVE
CVE
added 2024/07/16 10:39 p.m.473 views

CVE-2024-21131

CVE-2024-21131 affects Oracle Java SE (Hotspot) and Oracle GraalVM for JDK/Enterprise Edition. Affected versions include Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; GraalVM Enterprise: 20.3.14, 21.3.10. An unauthenticated network attacke...

3.7CVSS3AI score0.00953EPSS
CVE
CVE
added 2020/06/05 2:20 p.m.472 views

CVE-2020-12723

CVE-2020-12723 : In Perl, regcomp.c allows a buffer overflow in the regex compiler due to crafted regular expressions, caused by recursive S_study_chunk calls. The issue affects Perl before 5.30.3, notably on 32‑bit platforms. Reports in Connected documents indicate fixes have been released (e.g....

7.5CVSS8.1AI score0.05971EPSS
CVE
CVE
added 2018/07/18 1:0 p.m.469 views

CVE-2018-3081

CVE-2018-3081 affects the MySQL Client component of Oracle MySQL. Affected versions: 5.5.60 and prior, 5.6.40 and prior, 5.7.22 and prior, and 8.0.11 and prior. Attackers with network access via multiple protocols can exploit it to cause a hang or a crash (DoS) and may update/insert/delete data i...

5CVSS5.2AI score0.02444EPSS
CVE
CVE
added 2019/10/16 5:40 p.m.467 views

CVE-2019-2975

CVE-2019-2975 affects Oracle Java SE/Scripting (and Java SE Embedded) with known affected builds: Java SE 8u221, 11.0.4, and 13; Java SE Embedded 8u221. The vulnerability concerns loading/executing untrusted code in environments like sandboxed Web Start/Applet contexts and can allow an unauthenti...

5.8CVSS4.8AI score0.03328EPSS
CVE
CVE
added 2021/01/20 2:50 p.m.465 views

CVE-2021-2001

CVE-2021-2001 affects Oracle MySQL Server (Server: Optimizer). Affected are MySQL versions 5.6.50 and earlier, 5.7.30 and earlier, and 8.0.17 and earlier. An attacker with network access via multiple protocols and high privileges can trigger a denial of service (hang or crash) of MySQL Server. Co...

6.8CVSS4.9AI score0.02205EPSS
CVE
CVE
added 2019/01/16 7:0 p.m.464 views

CVE-2019-2422

CVE-2019-2422 affects Oracle Java SE Libraries in Java SE 7u201, 8u192, 11.0.1 (and Java SE Embedded 8u191). The issue is a memory disclosure in FileChannelImpl that could allow an unauthenticated, network-reachable attacker to read a subset of data, with user interaction required in some context...

3.1CVSS2.4AI score0.03374EPSS
CVE
CVE
added 2019/10/16 5:40 p.m.462 views

CVE-2019-2949

CVE-2019-2949 affects Oracle/OpenJDK Java SE Kerberos components. Affected Java SE: 7u231, 8u221, 11.0.4, 13; Java SE Embedded: 8u221. Exploitation requires network access via Kerberos and unauthenticated access could lead to leakage of sensitive data or elevated access. Connected documents show ...

6.8CVSS6.4AI score0.03603EPSS
Total number of security vulnerabilities743