Lucene search
K
NetappSnapcenter

575 matches found

CVE
CVE
added 2020/04/29 12:0 a.m.7684 views

CVE-2020-11022

CVE-2020-11022 affects jQuery versions >=1.2 and =3.5.0 or apply vendor guidance where applicable.

6.9CVSS6.7AI score0.99019EPSS
In wild
CVE
CVE
added 2021/12/10 12:0 a.m.6898 views

CVE-2021-44228

CVE-2021-44228 (Log4Shell) affects Apache Log4j2 2.0-beta9 through 2.15.0 (excluding some security releases) and is specific to log4j-core. The vulnerability arises from JNDI features used in configuration, log messages, and parameters, which can be exploited when an attacker can control log mess...

10CVSS10AI score0.99999EPSS
In wild
CVE
CVE
added 2019/04/19 12:0 a.m.3103 views

CVE-2019-11358

CVE-2019-11358 is a prototype pollution vulnerability in jQuery (before 3.4.0) where mishandling of extend(true, {}, ...) can extend Object.prototype if an unsanitized source object has an enumerable proto property. The Core issue is triggered when a polluted prototype is introduced via nested ob...

6.1CVSS6.4AI score0.87218EPSS
In wild
CVE
CVE
added 2022/04/13 12:0 a.m.2935 views

CVE-2015-20107

The CVE-2015-20107 issue affects CPython’s mailcap module through Python 3.10.8 (and back-ported fixes to 3.7–3.9). Root cause: mailcap.findmatch does not escape system-mailcap commands, enabling shell-command injection when untrusted input is used (e.g., via unvalidated filenames/arguments). Doc...

8CVSS7.8AI score0.07269EPSS
CVE
CVE
added 2021/02/16 4:55 p.m.2012 views

CVE-2021-23841

CVE-2021-23841 is described in connected advisories as a NULL pointer dereference in OpenSSL’s X509_issuer_and_serial_hash() when parsing the issuer field. This can crash a process if certificates from untrusted sources are processed and the issuer parsing fails, enabling a potential denial of se...

5.9CVSS7AI score0.07471EPSS
CVE
CVE
added 2021/05/20 12:0 a.m.1887 views

CVE-2021-3426

CVE-2021-3426 corresponds to a vulnerability in Python’s pydoc where the getfile feature could be abused to read arbitrary files. The linked sources confirm the issue affects Python versions prior to specific releases (e.g., Python before 3.8.9, 3.9.3, and 3.10.0a7 per the CVE description) and no...

5.7CVSS5.6AI score0.01863EPSS
CVE
CVE
added 2018/08/22 1:0 p.m.1788 views

CVE-2018-11776

The CVE-2018-11776 issue affects Apache Struts 2.x versions 2.3–2.3.34 and 2.5–2.5.16. The underlying condition is when alwaysSelectFullNamespace is true and a result or url tag lacks a namespace/value, and the upper namespace/action configuration also has no or a wildcard namespace, allowing rem...

9.3CVSS8.4AI score0.99993EPSS
In wild
CVE
CVE
added 2017/10/03 3:0 p.m.1605 views

CVE-2017-12617

CVE-2017-12617 concerns Apache Tomcat JSP upload via HTTP PUT when readonly=false and PUTs are allowed. Affected: Tomcat 7.x/8.x/9.x (various 7.0.0–7.0.81, 8.0.0.RC1–8.0.46, 8.5.0–8.5.22, 9.0.0.M1–9.0.0) with PUT enabled. Root cause: PUT request handling allowed uploading a JSP, enabling remote c...

8.1CVSS7.5AI score0.99988EPSS
In wild
CVE
CVE
added 2022/05/03 3:15 p.m.1286 views

CVE-2022-1292

CVE-2022-1292 describes a command-injection risk in the OpenSSL c_rehash script due to improper sanitization of shell metacharacters. The issue can allow local attackers to run arbitrary commands with the script’s privileges on systems where c_rehash runs automatically. Fixes are published in Ope...

10CVSS9AI score0.83223EPSS
CVE
CVE
added 2020/12/08 3:30 p.m.1195 views

CVE-2020-1971

CVE-2020-1971 is described across multiple connected sources as a NULL-dereference in OpenSSL’s GENERAL_NAME_cmp when EDIPARTYNAME is present, potentially enabling a denial-of-service crash. Affected OpenSSL versions include all 1.1.1 and 1.0.2 lines; fixes are published in OpenSSL 1.1.1i and Ope...

5.9CVSS5.7AI score0.06968EPSS
CVE
CVE
added 2017/05/23 3:56 a.m.1151 views

CVE-2016-9843

CVE-2016-9843 concerns zlib 1.2.8 and its crc32_big implementation (big-endian CRC calculation). Connected docs show affected packages: FLTK builds for zlib before 1.3.8-1 in CBLMariner, and Cloud Foundry/ALAS advisories link multiple zlib-related CVEs with remediation guidance. The FLTK note sta...

9.8CVSS9.9AI score0.05999EPSS
CVE
CVE
added 2018/07/18 1:0 p.m.1033 views

CVE-2018-3063

CVE-2018-3063 is a MySQL/MariaDB Server vulnerability in the Privileges subcomponent. Affected products include MySQL/MariaDB Server versions up to 5.5.60 and earlier. The vulnerability is exploitable by a high-privileged attacker with network access via multiple protocols and can lead to a hang ...

4.9CVSS5AI score0.03213EPSS
CVE
CVE
added 2020/01/15 4:34 p.m.978 views

CVE-2020-2574

CVE-2020-2574 affects the Oracle MySQL Client (C API). Affected: MySQL Client in Oracle MySQL releases 5.6.46 and earlier, 5.7.28 and earlier, and 8.0.18 and earlier. Description in the sources: vulnerability allows an unauthenticated attacker with network access via multiple protocols to cause a...

5.9CVSS5.6AI score0.03485EPSS
CVE
CVE
added 2019/02/27 11:0 p.m.927 views

CVE-2019-1559

OpenSSL vulnerability CVE-2019-1559 describes a padding-oracle weakness where, if an application encounters a fatal protocol error and then calls SSL_shutdown() twice (to send close_notify and to receive one), the server may respond differently to a 0-byte record with invalid padding versus inval...

5.9CVSS6.3AI score0.17139EPSS
CVE
CVE
added 2020/12/02 4:20 p.m.894 views

CVE-2020-13956

CVE-2020-13956 affects Apache HttpClient prior to 4.5.13 and 5.0.3. A malformed authority component in request URIs, when passed as a java.net.URI, can cause the client to misinterpret the target host and execute the request against an unintended host. This represents a misrouting vulnerability i...

5.3CVSS5.9AI score0.08665EPSS
CVE
CVE
added 2017/03/15 12:0 a.m.856 views

CVE-2016-7103

CVE-2016-7103 is a cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0, exploitable via the closeText parameter of the Dialog widget. The issue allows remote script/HTML injection. Remediation per connected documents is to upgrade to jQuery UI 1.12.0 or later (fixed version).

6.1CVSS6AI score0.2258EPSS
In wild
CVE
CVE
added 2020/04/21 1:45 p.m.824 views

CVE-2020-1967

CVE-2020-1967 describes a NULL pointer dereference in OpenSSL’s SSL_check_chain() during or after a TLS 1.3 handshake, caused by incorrect handling of the signature_algorithms_cert extension. A malicious peer sending an invalid/unrecognized signature algorithm can crash the server/client, enablin...

7.5CVSS7.5AI score0.53336EPSS
CVE
CVE
added 2021/02/15 12:15 p.m.820 views

CVE-2021-23336

CVE-2021-23336 affects Python CPython across multiple branches (0 and before 3.6.13; 3.7.0 before 3.7.10; 3.8.0 before 3.8.8; 3.9.0 before 3.9.2). The vulnerability is Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs using parameter cloaking with semicolons, causing the pr...

5.9CVSS7.6AI score0.35963EPSS
CVE
CVE
added 2021/03/25 2:25 p.m.817 views

CVE-2021-3449

CVE-2021-3449 affects OpenSSL 1.1.1.x where a TLSv1.2 server may crash (DoS) if it receives a renegotiation ClientHello that omits the signature_algorithms extension but includes signature_algorithms_cert. The issue is a NULL pointer dereference leading to a denial of service; OpenSSL clients are...

5.9CVSS6.7AI score0.62906EPSS
CVE
CVE
added 2022/12/23 12:0 a.m.795 views

CVE-2022-43551

CVE-2022-43551 is a vulnerability in curl’s HSTS check that could allow bypassing HSTS and forcing a cleartext HTTP transfer. The issue occurs when the URL hostname uses IDN characters that are later ASCII-encoded during IDN processing (e.g., U+3002 IDEOGRAPHIC FULL STOP instead of U+002E). Curl ...

7.5CVSS7.3AI score0.1654EPSS
CVE
CVE
added 2020/04/15 1:29 p.m.767 views

CVE-2020-2752

CVE-2020-2752 affects the Oracle MySQL Client (C API). Publicly documented affected versions are 5.6.47 and earlier, 5.7.27 and earlier, and 8.0.17 and earlier. The vulnerability can be triggered by a network-accessing attacker via multiple protocols with low privileges and may lead to a Hang or ...

5.3CVSS6AI score0.02317EPSS
CVE
CVE
added 2021/08/24 2:50 p.m.766 views

CVE-2021-3711

CVE-2021-3711 involves a bug in OpenSSL SM2 decryption: the buffer-size calculation during EVP_PKEY_decrypt() first call can under-allocate, enabling a later second call with a too-small buffer and causing a buffer overflow (up to 62 bytes). The issue affects OpenSSL 1.1.1 up to 1.1.1k and is fix...

9.8CVSS9.9AI score0.87816EPSS
CVE
CVE
added 2019/10/16 5:40 p.m.757 views

CVE-2019-2938

CVE-2019-2938 affects MySQL Server (InnoDB) in Oracle MySQL. Affected versions include 5.7.27 and earlier and 8.0.17 and earlier; exploitation over network could cause a hang or crash (DoS) with high privileges. CVSSv3 base score 4.4. Patches are available; advisory ALSA-2020-1333 recommends upgr...

4.4CVSS4.5AI score0.02985EPSS
CVE
CVE
added 2021/01/20 2:50 p.m.748 views

CVE-2021-2022

CVE-2021-2022 is a vulnerability in Oracle MySQL Server (component: InnoDB) that affects MySQL Server versions 5.6.50 and earlier, 5.7.32 and earlier, and 8.0.22 and earlier. The issue is exploitable by a highly privileged attacker who can access the affected server over network via multiple prot...

6.3CVSS4.5AI score0.01897EPSS
CVE
CVE
added 2019/01/16 7:0 p.m.720 views

CVE-2019-2503

The connected advisory ALAS-2019-1292 documents CVE-2019-2503 as a MySQL/MariaDB Server: Connection Handling vulnerability. Affected are Oracle MySQL Server components with versions 5.6.42 and prior, 5.7.24 and prior, and 8.0.13 and prior. The issue can allow a low-privileged attacker on the netw...

6.4CVSS6.4AI score0.02487EPSS
CVE
CVE
added 2022/01/26 12:0 a.m.696 views

CVE-2021-22570

CVE-2021-22570 affects Protocol Buffers (protobuf). A null character in a proto symbol is parsed incorrectly, causing a null pointer dereference via an unchecked access to the proto file name during error message generation. The issue can enable denial of service or memory access instability as d...

6.5CVSS6.5AI score0.0266EPSS
CVE
CVE
added 2019/09/16 6:6 p.m.695 views

CVE-2019-5482

CVE-2019-5482 is a heap buffer overflow in curl/libcurl’s TFTP handler (tftp_receive_packet) affecting curl versions up to 7.65.3. Public advisories detail that a small TFTP blocksize can trigger overflow, potentially enabling DoS or arbitrary code execution. Public fixes exist across distributio...

9.8CVSS9.7AI score0.17939EPSS
CVE
CVE
added 2020/04/15 1:29 p.m.676 views

CVE-2020-2760

CVE-2020-2760 affects MySQL Server (InnoDB) with affected versions 5.7.29 and prior, and 8.0.19 and prior. It enables a high-privilege attacker with network access to cause a hang or crash (DoS) and potentially unauthorized data updates/inserts/deletes. The ALAS advisory shows remediation through...

5.5CVSS5.6AI score0.03014EPSS
CVE
CVE
added 2019/01/16 7:0 p.m.672 views

CVE-2019-2537

CVE-2019-2537 affects the MySQL Server component (subcomponent: Server: DDL) of Oracle MySQL. Affected: 5.6.42 and prior, 5.7.24 and prior, 8.0.13 and prior. Description in connected docs confirms an easily exploitable, network-accessible vulnerability that can cause the MySQL Server to hang or c...

4.9CVSS5.1AI score0.0442EPSS
CVE
CVE
added 2020/04/15 1:29 p.m.667 views

CVE-2020-2812

CVE-2020-2812 affects the MySQL Server component (Server: Stored Procedure). Affected are MySQL/MariaDB builds with versions 5.6.47 and earlier, 5.7.29 and earlier, and 8.0.19 and earlier. The vulnerability can allow a high-privilege attacker with network access via multiple protocols to cause a ...

4.9CVSS5.2AI score0.02981EPSS
CVE
CVE
added 2020/04/15 1:29 p.m.664 views

CVE-2020-2922

CVE-2020-2922 affects the MySQL Client C API in Oracle MySQL. Affected versions are 5.6.47 and prior, 5.7.29 and prior, and 8.0.18 and prior. It is difficult to exploit and can allow an unauthenticated attacker with network access via multiple protocols to read a subset of MySQL Client data. CVSS...

4.3CVSS3.4AI score0.02436EPSS
CVE
CVE
added 2019/01/16 7:0 p.m.639 views

CVE-2019-2529

CVE-2019-2529 affects Oracle MySQL Server (Server: Optimizer). Affected: 5.6.42 and prior, 5.7.24 and prior, 8.0.13 and prior. Low-privilege, network-access attacker can cause a hang or complete DOS. Remediation: advisories/applicable updates exist (e.g., ALAS/CentOS/RHSA); update mariadb/mysql p...

6.5CVSS6.2AI score0.0461EPSS
CVE
CVE
added 2020/11/06 7:7 a.m.619 views

CVE-2020-28196

CVE-2020-28196 affects MIT Kerberos 5 (krb5) prior to 1.17.2 and 1.18.x prior to 1.18.3. The vulnerability stems from unbounded recursion in the ASN.1 BER decoder (lib/krb5/asn.1/asn1_encode.c) due to no recursion limit for indefinite lengths. This can lead to denial of service due to resource ex...

7.5CVSS7.6AI score0.04365EPSS
CVE
CVE
added 2021/04/22 9:53 p.m.615 views

CVE-2021-2144

CVE-2021-2144 affects Oracle MySQL Server (component: Server: Parser). Affected versions are 5.7.29 and earlier and 8.0.19 and earlier. The vulnerability allows a high-privilege attacker with network access via multiple protocols to compromise the MySQL Server, potentially leading to takeover of ...

7.2CVSS6.5AI score0.01886EPSS
CVE
CVE
added 2020/04/15 1:29 p.m.606 views

CVE-2020-2780

CVE-2020-2780 affects Oracle MySQL Server (Server: DML) with vulnerable ranges: 5.6.47 and earlier, 5.7.29 and earlier, and 8.0.19 and earlier. The issue allows a low-privileged, network-access attacker to cause a hang or crash (DOS) via multiple protocols. The connected advisories (e.g., ALAS/ C...

6.5CVSS6.3AI score0.0243EPSS
CVE
CVE
added 2017/04/17 9:0 p.m.604 views

CVE-2017-5645

CVE-2017-5645 affects Apache Log4j 2.x prior to 2.8.2. The vulnerability arises when using a TCP/UDP socket server to receive serialized log events from another application; a crafted binary payload can be deserialized to execute arbitrary code. The documented impact is remote code execution via ...

9.8CVSS9.5AI score0.8904EPSS
CVE
CVE
added 2020/10/21 2:4 p.m.601 views

CVE-2020-14765

An advisory indicates CVE-2020-14765 affects Oracle MySQL Server (Server: FTS) with affected versions 5.6.49 and prior, 5.7.31 and prior, and 8.0.21 and prior. The cited materials describe a vulnerability that can cause the MySQL Server to hang or crash (DoS) via network access, but the root caus...

6.8CVSS6.4AI score0.03012EPSS
CVE
CVE
added 2020/10/21 2:4 p.m.589 views

CVE-2020-14812

CVE-2020-14812 affects Oracle MySQL Server (component: Server: Locking) with affected versions 5.6.49 and prior, 5.7.31 and prior, and 8.0.21 and prior. Exploitation can lead to a hang or frequent crashes (DoS) with network access. Remediation status varies by distribution; Debian LTS notes a fix...

6.8CVSS5.1AI score0.0288EPSS
CVE
CVE
added 2019/01/16 7:0 p.m.587 views

CVE-2019-2455

CVE-2019-2455 affects the MySQL Server component (subcomponent: Server: Parser) with affected versions 5.6.42 and prior, 5.7.24 and prior, and 8.0.13 and prior. The vulnerability allows a low-privilege attacker with network access via multiple protocols to cause a hang or crash (DoS). Public advi...

6.5CVSS6.2AI score0.03688EPSS
CVE
CVE
added 2024/04/16 9:26 p.m.587 views

CVE-2024-21096

Technical details about CVE-2024-21096 are not publicly provided in the supplied documents. Monitoring for updates is advised; the current sources do not specify affected products, versions, exploitability, or remediation within the given materials.

4.9CVSS5.9AI score0.00424EPSS
CVE
CVE
added 2020/01/16 11:55 p.m.577 views

CVE-2020-5398

CVE-2020-5398 (Spring Framework) affects Spring Framework versions: 5.0.x before 5.0.16, 5.1.x before 5.1.13, and 5.2.x before 5.2.3. The vulnerability is a reflected file download (RFD) attack triggered when an application sets a Content-Disposition header whose filename is derived from user inp...

8CVSS7.3AI score0.88077EPSS
CVE
CVE
added 2023/04/18 7:54 p.m.575 views

CVE-2023-21971

CVE-2023-21971 concerns Oracle MySQL Connectors, specifically the Connector/J component. Affected are 8.0.32 and earlier versions. The vulnerability, described as difficult to exploit, allows a high-privilege attacker with network access via multiple protocols to compromise MySQL Connectors. Impa...

5.3CVSS5.2AI score0.01286EPSS
CVE
CVE
added 2021/04/22 9:53 p.m.574 views

CVE-2021-2166

CVE-2021-2166 affects the MySQL/MariaDB Server: DML component. Public sources in connected documents confirm affected products and versions: MySQL/MariaDB server vulnerable when running on Oracle MySQL 5.7.33 and earlier and 8.0.23 and earlier (per AstraLinux/ALMA advisories and related entries)....

4.9CVSS5.2AI score0.04643EPSS
CVE
CVE
added 2020/04/15 1:29 p.m.564 views

CVE-2020-2814

CVE-2020-2814 affects Oracle MySQL Server (InnoDB) with affected versions 5.6.47 and prior, 5.7.28 and prior, and 8.0.18 and prior. Bulletins in connected advisories describe an easily exploitable, network-accessible vulnerability enabling a high-privilege attacker to cause a hang or frequent cra...

4.9CVSS5.2AI score0.02805EPSS
CVE
CVE
added 2021/04/01 2:20 p.m.561 views

CVE-2021-28165

The CVE-2021-28165 issue affects Eclipse Jetty versions 7.2.2–9.4.38, 10.0.0.alpha0–10.0.1, and 11.0.0.alpha0–11.0.1, where handling a large invalid TLS frame can cause CPU usage to reach 100%, leading to resource exhaustion. The underlying cause is described as abnormal processing after receivin...

7.8CVSS7.3AI score0.53861EPSS
CVE
CVE
added 2018/12/07 9:0 p.m.558 views

CVE-2018-18311

CVE-2018-18311 is a Perl vulnerability describing a buffer overflow caused by crafted regular expressions and an integer/offset issue in Perl’s environment setup (Perl before 5.26.3 and 5.28.x before 5.28.1). Connected advisories show multiple distributions releasing patches and updates to Perl p...

9.8CVSS9.6AI score0.11676EPSS
CVE
CVE
added 2018/10/17 1:0 a.m.556 views

CVE-2018-3282

CVE-2018-3282 affects the MySQL Server component of Oracle MySQL (subcomponent: Server: Storage Engines). Affected versions include 5.5.61 and earlier, 5.6.41 and earlier, 5.7.23 and earlier, and 8.0.12 and earlier, with an attack surface that enables a network-accessing, high-privileged attacker...

4.9CVSS5.8AI score0.03968EPSS
CVE
CVE
added 2020/10/21 2:4 p.m.551 views

CVE-2020-14776

CVE-2020-14776 affects MySQL (InnoDB) with vulnerable ranges of 5.7.31 and earlier, and 8.0.21 and earlier. The vulnerability can be exploited by a high-privilege attacker with network access via multiple protocols to cause a hang or a complete DoS of MySQL Server. Connected documents confirm thi...

4.9CVSS5.2AI score0.02621EPSS
CVE
CVE
added 2022/07/07 8:45 p.m.551 views

CVE-2022-2047

CVE-2022-2047 affects Eclipse Jetty: vulnerable in Jetty 9.4.0–9.4.46, 10.0.0–10.0.9, and 11.0.0–11.0.9. The HttpURI class misparses the authority segment of an HTTP URI, treating certain invalid inputs as a hostname, which can cause failures in a proxy scenario. Connected documents provide exact...

4CVSS5.2AI score0.01173EPSS
CVE
CVE
added 2018/10/17 1:0 a.m.548 views

CVE-2018-3174

CVE-2018-3174 affects Oracle MySQL Server (notably the Client programs) with affected versions 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior, and 8.0.12 and prior. Root cause per the sources is a vulnerability in MySQL Server that can, under certain conditions, lead to a hang or a complete...

5.3CVSS6.1AI score0.0081EPSS
Total number of security vulnerabilities575