Lucene search

K
NetappOntap Select Deploy Administration Utility

46 matches found

CVE
CVE
added 2020/06/29 6:15 p.m.16133 views

CVE-2020-14145

The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports st...

5.9CVSS5.6AI score0.01695EPSS
CVE
CVE
added 2024/02/29 1:44 a.m.8444 views

CVE-2024-26462

Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.

5.5CVSS9.1AI score0.00024EPSS
CVE
CVE
added 2021/09/15 8:15 p.m.7328 views

CVE-2016-20012

OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent only when that combination could be valid for a login session. NOTE: ...

5.3CVSS5.4AI score0.21811EPSS
CVE
CVE
added 2024/02/29 1:44 a.m.6771 views

CVE-2024-26458

Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.

5.3CVSS9.1AI score0.00206EPSS
CVE
CVE
added 2021/05/20 1:15 p.m.1722 views

CVE-2021-3426

There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to acces...

5.7CVSS5.6AI score0.00101EPSS
CVE
CVE
added 2023/04/19 12:15 a.m.1063 views

CVE-2023-27043

The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is gran...

5.3CVSS5.8AI score0.00115EPSS
CVE
CVE
added 2019/02/27 11:29 p.m.779 views

CVE-2019-1559

If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is receiv...

5.9CVSS6.3AI score0.04426EPSS
CVE
CVE
added 2021/03/25 3:15 p.m.749 views

CVE-2021-3449

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a...

5.9CVSS6.7AI score0.15517EPSS
CVE
CVE
added 2021/02/15 1:15 p.m.728 views

CVE-2021-23336

The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can s...

5.9CVSS7.6AI score0.00326EPSS
CVE
CVE
added 2022/08/24 4:15 p.m.699 views

CVE-2021-4189

A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connec...

5.3CVSS6.2AI score0.00442EPSS
CVE
CVE
added 2021/05/14 8:15 p.m.530 views

CVE-2021-3537

A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest th...

5.9CVSS7AI score0.00127EPSS
CVE
CVE
added 2023/07/14 12:15 p.m.387 views

CVE-2023-2975

Issue summary: The AES-SIV cipher implementation contains a bug that causesit to ignore empty associated data entries which are unauthenticated asa consequence. Impact summary: Applications that use the AES-SIV algorithm and want toauthenticate empty data entries as associated data can be misled by...

5.3CVSS6.7AI score0.00137EPSS
CVE
CVE
added 2021/02/26 11:15 p.m.335 views

CVE-2020-27618

The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications, resulting in a deni...

5.5CVSS6.5AI score0.00644EPSS
CVE
CVE
added 2019/07/01 2:15 a.m.297 views

CVE-2019-13118

In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data.

5.3CVSS6.1AI score0.01193EPSS
CVE
CVE
added 2020/06/15 5:15 p.m.284 views

CVE-2020-14155

libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.

5.3CVSS6.4AI score0.00152EPSS
CVE
CVE
added 2021/03/09 8:15 p.m.219 views

CVE-2020-35522

In LibTIFF, there is a memory malloc failure in tif_pixarlog.c. A crafted TIFF document can lead to an abort, resulting in a remote denial of service attack.

5.5CVSS6.1AI score0.00057EPSS
CVE
CVE
added 2021/07/30 2:15 p.m.216 views

CVE-2021-37600

An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system resources in a way that leads to a large number in the /proc/sysvipc/sem file. NOTE: this is unexploitable in GNU C Library environments, and possibly in all realistic env...

5.5CVSS5.8AI score0.00059EPSS
CVE
CVE
added 2022/02/11 6:15 p.m.213 views

CVE-2022-0562

Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dirread.c in libtiff versions from 4.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, a fix is available with commit 561599c.

5.5CVSS5.9AI score0.00054EPSS
CVE
CVE
added 2022/01/10 2:12 p.m.205 views

CVE-2022-22844

LibTIFF 4.3.0 has an out-of-bounds read in _TIFFmemcpy in tif_unix.c in certain situations involving a custom tag and 0x0200 as the second word of the DE field.

5.5CVSS6.1AI score0.00065EPSS
CVE
CVE
added 2019/12/09 4:15 p.m.194 views

CVE-2019-19645

alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements.

5.5CVSS7AI score0.00232EPSS
CVE
CVE
added 2022/02/11 6:15 p.m.192 views

CVE-2022-0561

Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in tif_dirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, the fix is available with commit eecb0712.

5.5CVSS6AI score0.00088EPSS
CVE
CVE
added 2022/03/11 6:15 p.m.191 views

CVE-2022-0924

Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 408976c4.

5.5CVSS5.9AI score0.00075EPSS
CVE
CVE
added 2022/02/21 7:15 p.m.170 views

CVE-2022-0563

A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the...

5.5CVSS5.3AI score0.00025EPSS
CVE
CVE
added 2023/08/22 7:16 p.m.169 views

CVE-2022-48064

GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack.

5.5CVSS6AI score0.00009EPSS
CVE
CVE
added 2021/03/09 8:15 p.m.167 views

CVE-2020-35521

A flaw was found in libtiff. Due to a memory allocation failure in tif_read.c, a crafted TIFF file can lead to an abort, resulting in denial of service.

5.5CVSS5.9AI score0.00098EPSS
CVE
CVE
added 2023/08/22 7:16 p.m.167 views

CVE-2022-48065

GNU Binutils before 2.40 was discovered to contain a memory leak vulnerability var the function find_abstract_instance in dwarf2.c.

5.5CVSS6.1AI score0.00019EPSS
CVE
CVE
added 2021/01/04 3:15 p.m.163 views

CVE-2020-35507

There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability.

5.5CVSS5.7AI score0.00085EPSS
CVE
CVE
added 2022/03/11 6:15 p.m.158 views

CVE-2022-0909

Divide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f8d0f9aa.

5.5CVSS5.8AI score0.00058EPSS
CVE
CVE
added 2022/08/29 3:15 p.m.156 views

CVE-2022-2953

LibTIFF 4.4.0 has an out-of-bounds read in extractImageSection in tools/tiffcrop.c:6905, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 48d6ece8.

5.5CVSS5.7AI score0.00013EPSS
CVE
CVE
added 2020/12/09 9:15 p.m.148 views

CVE-2020-16592

A use after free issue exists in the Binary File Descriptor (BFD) library (aka libbfd) in GNU Binutils 2.34 in bfd_hash_lookup, as demonstrated in nm-new, that can cause a denial of service via a crafted file.

5.5CVSS5.5AI score0.00307EPSS
CVE
CVE
added 2022/03/11 6:15 p.m.148 views

CVE-2022-0907

Unchecked Return Value to NULL Pointer Dereference in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f2b656e2.

5.5CVSS5.7AI score0.00064EPSS
CVE
CVE
added 2021/03/26 5:15 p.m.146 views

CVE-2021-20284

A flaw was found in GNU Binutils 2.35.1, where there is a heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c due to the number of symbols not calculated correctly. The highest threat from this vulnerability is to system availability.

5.5CVSS6AI score0.00114EPSS
CVE
CVE
added 2020/12/09 9:15 p.m.142 views

CVE-2020-16599

A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in _bfd_elf_get_symbol_version_string, as demonstrated in nm-new, that can cause a denial of service via a crafted file.

5.5CVSS5.4AI score0.00051EPSS
CVE
CVE
added 2024/03/18 11:15 a.m.138 views

CVE-2024-26641

In the Linux kernel, the following vulnerability has been resolved: ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv() syzbot found __ip6_tnl_rcv() could access unitiliazed data [1]. Call pskb_inet_may_pull() to fix this, and initialize ipv6hvariable after this call as it can change skb-...

5.5CVSS6.1AI score0.00016EPSS
CVE
CVE
added 2024/03/18 11:15 a.m.131 views

CVE-2024-26633

In the Linux kernel, the following vulnerability has been resolved: ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim() syzbot pointed out [1] that NEXTHDR_FRAGMENT handling is broken. Reading frag_off can only be done if we pulled enough bytesto skb->head. Currently we migh...

5.5CVSS6.7AI score0.0002EPSS
CVE
CVE
added 2021/01/04 3:15 p.m.128 views

CVE-2020-35493

A flaw exists in binutils in bfd/pef.c. An attacker who is able to submit a crafted PEF file to be parsed by objdump could cause a heap buffer overflow -> out-of-bounds read that could lead to an impact to application availability. This flaw affects binutils versions prior to 2.34.

5.5CVSS5.8AI score0.00359EPSS
CVE
CVE
added 2022/05/11 3:15 p.m.126 views

CVE-2022-1622

LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa.

5.5CVSS5.6AI score0.00064EPSS
CVE
CVE
added 2021/01/04 3:15 p.m.125 views

CVE-2020-35496

There's a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. This flaw affects binutils vers...

5.5CVSS5.5AI score0.00085EPSS
CVE
CVE
added 2022/08/31 4:15 p.m.124 views

CVE-2022-1354

A heap buffer overflow flaw was found in Libtiffs' tiffinfo.c in TIFFReadRawDataStriped() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffinfo tool, triggering a heap buffer overflow issue and causing a crash that leads to a denial of service.

5.5CVSS5.9AI score0.00028EPSS
CVE
CVE
added 2022/05/11 3:15 p.m.115 views

CVE-2022-1623

LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:624, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa.

5.5CVSS5.5AI score0.0007EPSS
CVE
CVE
added 2020/12/09 9:15 p.m.102 views

CVE-2020-16590

A double free vulnerability exists in the Binary File Descriptor (BFD) (aka libbrd) in GNU Binutils 2.35 in the process_symbol_table, as demonstrated in readelf, via a crafted file.

5.5CVSS5.7AI score0.00333EPSS
CVE
CVE
added 2020/12/09 9:15 p.m.97 views

CVE-2020-16591

A Denial of Service vulnerability exists in the Binary File Descriptor (BFD) in GNU Binutils 2.35 due to an invalid read in process_symbol_table, as demonstrated in readeif.

5.5CVSS5.7AI score0.00393EPSS
CVE
CVE
added 2021/01/04 3:15 p.m.97 views

CVE-2020-35495

There's a flaw in binutils /bfd/pef.c. An attacker who is able to submit a crafted input file to be processed by the objdump program could cause a null pointer dereference. The greatest threat from this flaw is to application availability. This flaw affects binutils versions prior to 2.34.

5.5CVSS5.5AI score0.00355EPSS
CVE
CVE
added 2020/12/09 9:15 p.m.95 views

CVE-2020-16593

A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in scan_unit_for_symbols, as demonstrated in addr2line, that can cause a denial of service via a crafted file.

5.5CVSS5.5AI score0.00301EPSS
CVE
CVE
added 2025/02/11 8:15 a.m.61 views

CVE-2025-1181

A vulnerability classified as critical was found in GNU Binutils 2.43. This vulnerability affects the function _bfd_elf_gc_mark_rsec of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. The attack can be initiated remotely. The complexity of an attack is rathe...

5.1CVSS5.1AI score0.00183EPSS
CVE
CVE
added 2022/08/24 4:15 p.m.60 views

CVE-2021-4214

A heap overflow flaw was found in libpngs' pngimage.c program. This flaw allows an attacker with local network access to pass a specially crafted PNG file to the pngimage utility, causing an application to crash, leading to a denial of service.

5.5CVSS6.9AI score0.00043EPSS