Lucene search
K
NetappSnapmanager

180 matches found

CVE
CVE
added 2022/05/03 3:15 p.m.1277 views

CVE-2022-1292

CVE-2022-1292 describes a command-injection risk in the OpenSSL c_rehash script due to improper sanitization of shell metacharacters. The issue can allow local attackers to run arbitrary commands with the script’s privileges on systems where c_rehash runs automatically. Fixes are published in Ope...

10CVSS9AI score0.83223EPSS
CVE
CVE
added 2022/06/21 2:45 p.m.1245 views

CVE-2022-2068

The Connected documents corroborate CVE-2022-2068 as a real OpenSSL issue: c_rehash can pass certificate filenames to shell commands, enabling local command execution. Fixed in OpenSSL 3.0.4 (affecting 3.0.0–3.0.3), in OpenSSL 1.1.1p (affecting 1.1.1–1.1.1o), and in OpenSSL 1.0.2zf (affecting 1.0...

10CVSS9.2AI score0.95764EPSS
CVE
CVE
added 2021/08/23 12:0 a.m.850 views

CVE-2021-39144

CVE-2021-39144 refers to a remote code execution vulnerability in XStream, a Java library for XML serialization. When processed input streams are manipulated, an attacker with sufficient rights could execute arbitrary commands on the host. Public descriptions consistently note that XStream now us...

8.5CVSS9AI score0.9851EPSS
In wild
CVE
CVE
added 2022/01/18 3:25 p.m.834 views

CVE-2022-23302

CVE-2022-23302 affects Log4j 1.x JMSSink. TheDeserialization flaw allows remote code execution when an attacker can write to the Log4j configuration or when the configuration references an LDAP service the attacker controls. JMSSink can be triggered via a TopicConnectionFactoryBindingName to caus...

8.8CVSS9.3AI score0.61785EPSS
CVE
CVE
added 2019/02/04 7:0 a.m.811 views

CVE-2019-7317

CVE-2019-7317 is a use-after-free involving png_image_free in libpng. A connected document ties this to the FLTK package, affecting versions less than 1.3.8-1, and states that upgrading to a later FLTK version resolves the issue. If applying this advisory, upgrade FLTK to 1.3.8-1 or newer for rem...

5.3CVSS6.3AI score0.09393EPSS
CVE
CVE
added 2022/01/18 3:25 p.m.722 views

CVE-2022-23305

CVE-2022-23305 concerns Apache Log4j 1.x when configured with JDBCAppender: an SQL statement is built from a PatternLayout-converted value (notably %m), allowing an attacker to craft input to alter and potentially execute SQL. The issue is specific to Log4j 1.x if JDBCAppender is used; JDBCAppend...

9.8CVSS9.4AI score0.66537EPSS
Web
CVE
CVE
added 2017/05/23 3:56 a.m.609 views

CVE-2016-9841

CVE-2016-9841 is a vulnerability in zlib 1.2.8 related to improper pointer arithmetic in inffast.c that could have context-dependent impact. Connected advisories confirm public details and show remediation by upgrading zlib to a newer version (e.g., 1.2.11) across affected products and distributi...

9.8CVSS9.9AI score0.07489EPSS
CVE
CVE
added 2021/05/19 1:45 p.m.608 views

CVE-2021-3517

CVE-2021-3517 is a libxml2 vulnerability affecting versions before 2.9.11. A flaw in the xml entity encoding functionality could allow processing of a crafted XML file to trigger an out‑of‑bounds read, with availability impact and potential confidentiality/integrity impact if memory information i...

8.6CVSS8.4AI score0.0828EPSS
CVE
CVE
added 2019/04/10 7:38 p.m.519 views

CVE-2019-11068

CVE-2019-11068 affects libxslt up to 1.1.33. The vulnerability arises because xsltCheckRead/xsltCheckWrite can permit access even after a -1 error, enabling protection bypass. According to the linked advisories, this vulnerability has a CVSSv3 base score of 9.8 (NETWORK, LOW attack complexity, NO...

9.8CVSS9.4AI score0.0523EPSS
CVE
CVE
added 2020/05/01 6:55 p.m.500 views

CVE-2020-10683

CVE-2020-10683 is described in IBM Bulletin sources as an XXE vulnerability in the dom4j library, allowing a remote authenticated attacker to obtain sensitive information through XML processing. The issue stems from dom4j handling External DTDs/Entities by default, and multiple IBM entries map th...

9.8CVSS9.2AI score0.07269EPSS
CVE
CVE
added 2020/07/15 5:34 p.m.497 views

CVE-2020-14556

CVE-2020-14556 and related CVEs (e.g., 14577, 14578, 14579, 14581, 14583, 14593, 14621, 14664) pertain to Oracle Java SE/OpenJDK/OpenJDK-derived runtimes across multiple components (Libraries, JSSE, 2D, JAXP, JavaFX, etc.). The primary 2020 issue affects Java SE and Java SE Embedded on various ve...

5.8CVSS4.9AI score0.03022EPSS
CVE
CVE
added 2021/05/28 9:0 p.m.481 views

CVE-2021-29505

CVE-2021-29505 affects XStream (Java XML serialization) in versions before 1.4.17. The public docs indicate the fix is in 1.4.17; multiple advisories (Debian, Fedora, Amazon Linux, Astra Linux) reference this CVE in the context of libxstream-java. Atlassian Jira Server/Data Center reports indicat...

8.8CVSS8.2AI score0.77735EPSS
CVE
CVE
added 2018/08/20 7:0 p.m.474 views

CVE-2018-1000632

CVE-2018-1000632 affects dom4j prior to 2.1.1 with an XML Injection (CWE-91) in Element methods addElement/addAttribute. An attacker could tamper XML content via crafted attributes/elements. The issue is fixed in 2.1.1+, and IBM/IOC advisories indicate upgrading dom4j (e.g., to 2.1.4 in IOC) to a...

7.5CVSS7.8AI score0.0657EPSS
CVE
CVE
added 2022/02/26 12:0 a.m.473 views

CVE-2022-23308

CVE-2022-23308 affects libxml2 before 2.9.13, caused by a use-after-free in ID/IDREF attributes in valid.c. The NVD data shows a CVSS 3.1 base score of 7.5 (NETWORK, PR:N, UI:N, S:U, C:N/I:N/A:H) and CVSS 2.0 base score of 4.3 (NETWORK, A:P). Connected advisories confirm the same flaw and referen...

7.5CVSS7.7AI score0.0601EPSS
CVE
CVE
added 2019/01/16 7:0 p.m.464 views

CVE-2019-2422

CVE-2019-2422 affects Oracle Java SE Libraries in Java SE 7u201, 8u192, 11.0.1 (and Java SE Embedded 8u191). The issue is a memory disclosure in FileChannelImpl that could allow an unauthenticated, network-reachable attacker to read a subset of data, with user interaction required in some context...

3.1CVSS2.4AI score0.03468EPSS
CVE
CVE
added 2019/10/16 5:40 p.m.463 views

CVE-2019-2975

CVE-2019-2975 affects Oracle Java SE/Scripting (and Java SE Embedded) with known affected builds: Java SE 8u221, 11.0.4, and 13; Java SE Embedded 8u221. The vulnerability concerns loading/executing untrusted code in environments like sandboxed Web Start/Applet contexts and can allow an unauthenti...

5.8CVSS4.8AI score0.03328EPSS
CVE
CVE
added 2019/10/16 5:40 p.m.462 views

CVE-2019-2949

CVE-2019-2949 affects Oracle/OpenJDK Java SE Kerberos components. Affected Java SE: 7u231, 8u221, 11.0.4, 13; Java SE Embedded: 8u221. Exploitation requires network access via Kerberos and unauthenticated access could lead to leakage of sensitive data or elevated access. Connected documents show ...

6.8CVSS6.4AI score0.03603EPSS
CVE
CVE
added 2020/11/16 9:0 p.m.438 views

CVE-2020-26217

XStream (Java) vulnerable to remote code execution via insecure XML deserialization. The issue affects versions before 1.4.14 where processing input streams can lead to arbitrary shell execution. The advisory notes that only users relying on a blocklist are affected, while those using the securit...

9.3CVSS8.2AI score0.85001EPSS
Web
CVE
CVE
added 2021/10/20 10:49 a.m.434 views

CVE-2021-35550

CVE-2021-35550 is a network-authenticated TLS vulnerability in the JSSE component of Oracle Java SE and Oracle GraalVM Enterprise Edition, affecting Java SE 7u311, 8u301, 11.0.12 and GraalVM EE 20.3.3/21.2.0. Exploitation is possible over TLS with unauthenticated access and can lead to confidenti...

7.1CVSS5.8AI score0.06868EPSS
CVE
CVE
added 2020/07/15 5:34 p.m.433 views

CVE-2020-14621

CVE-2020-14621 details (connected data) : The vulnerability concerns Oracle Java SE/OpenJDK JAXP in Java SE/Embedded. Affected versions include Java SE: 7u261, 8u251, 11.0.7, 14.0.1; Java SE Embedded: 8u251. The issue is described as an easily exploitable flaw in the JAXP component that allows an...

5.3CVSS5.2AI score0.04315EPSS
CVE
CVE
added 2020/07/15 5:34 p.m.429 views

CVE-2020-14577

CVE-2020-14577 is a TLS/JSSE-related issue in Oracle Java SE and Java SE Embedded (affecting Java 7u261, 8u251, 11.0.7 and 14.0.1; Embedded 8u251) enabling unauthenticated network access to read some data. Connected advisories show vendor-specific mitigations: for example, Amazon Linux ALAS advis...

4.3CVSS4.4AI score0.03284EPSS
CVE
CVE
added 2018/07/18 1:0 p.m.428 views

CVE-2018-2952

CVE-2018-2952 affects OpenJDK/OpenJDK-derived Java runtimes (Java SE 7/8 and JRockit) in the Concurrency component. The root cause is insufficient index validation in PatternSyntaxException getMessage(), enabling unauthenticated network-based exploitation that can cause a denial of service via me...

4.3CVSS4AI score0.04184EPSS
CVE
CVE
added 2020/10/21 2:4 p.m.424 views

CVE-2020-14798

CVE-2020-14798 is a vulnerability in Oracle Java SE Libraries affecting Java SE versions 7u271, 8u261, 11.0.8 and 15, and Java SE Embedded 8u261. Exploitation is possible over network with multiple protocols and does not require authentication, but requires user interaction. Impact described as p...

3.1CVSS3.4AI score0.02684EPSS
CVE
CVE
added 2020/10/21 2:4 p.m.423 views

CVE-2020-14781

CVE-2020-14781 affects Oracle Java SE/SE Embedded (JNDI) with affected versions including Java SE 7u271, 8u261, 11.0.8, 15 and Java SE Embedded 8u261. The vulnerability allows an unauthenticated attacker with network access via multiple protocols to read a subset of Java SE/SE Embedded data. The ...

4.3CVSS3.5AI score0.02296EPSS
CVE
CVE
added 2020/07/15 5:34 p.m.418 views

CVE-2020-14581

CVE-2020-14581 affects Oracle Java SE/Java SE Embedded (component: 2D) with affected versions Java SE: 8u251, 11.0.7, 14.0.1 and Java SE Embedded: 8u251. The CVE is listed with a low overall base score (CVSS 3.1: 3.7) and confidentiality impact (C:L) and no impact on integrity/availability (I:N/A...

4.3CVSS4AI score0.03284EPSS
CVE
CVE
added 2020/10/21 2:4 p.m.416 views

CVE-2020-14803

CVE-2020-14803 affects Oracle Java SE Libraries in Java SE 11.0.8 and 15. The vulnerability allows an unauthenticated attacker over network to read a subset of Java SE data due to an issue in Libraries handling, per the CVSS base score 5.3 (CONF). Affected advisories across platforms corroborate ...

5.3CVSS4.4AI score0.03122EPSS
CVE
CVE
added 2018/05/16 5:0 p.m.412 views

CVE-2018-11212

CVE-2018-11212 affects libjpeg/libjpeg-turbo: the alloc_sarray function in jmemmgr.c allows a remote attacker to cause a denial of service via a crafted file due to a divide-by-zero error. Public advisories (e.g., ALAS2-2019-1198, ALAS-2019-1286, AL2/ALSA-centos/CESA-2019:2052, Debian DLA-1638-1)...

6.5CVSS6.2AI score0.04898EPSS
CVE
CVE
added 2020/04/15 1:29 p.m.411 views

CVE-2020-2803

CVE-2020-2803 affects OpenJDK (Libraries component, Java SE/OpenJDK). The connected document confirms a vulnerability in boundary checks of java.nio buffer classes that allows an untrusted Java applet/application to bypass Java sandbox restrictions. Affected versions align with the original descr...

8.3CVSS8.2AI score0.0623EPSS
CVE
CVE
added 2022/05/03 12:0 a.m.410 views

CVE-2022-29824

Summary: CVE-2022-29824 affects libxml2 up to version 2.9.14. Several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) fail to check integer overflows, causing out-of-bounds memory writes when processing crafted XML files. This vulnerability also affects software that uses lib...

6.5CVSS6.8AI score0.0363EPSS
CVE
CVE
added 2020/10/21 2:4 p.m.409 views

CVE-2020-14779

CVE-2020-14779 affects Oracle Java SE SE/Embedded with Serialization and can enable an unauthenticated network-based attacker to cause partial denial of service. Affected versions include Java SE 7u271, 8u261, 11.0.8, 15 and Java SE Embedded 8u261; attack surface covers client and server deployme...

4.3CVSS3.7AI score0.03713EPSS
CVE
CVE
added 2020/04/15 1:29 p.m.407 views

CVE-2020-2754

CVE-2020-2754 affects Oracle Java SE/Embedded (Scripting) with affected versions Java SE 8u241, 11.0.6 and 14; Java SE Embedded 8u241. Root cause: a parsing/validation weakness in the Scripting component allows an unauthenticated, network-based attacker to cause a partial Denial of Service on Jav...

4.3CVSS4.2AI score0.04128EPSS
CVE
CVE
added 2021/10/20 10:50 a.m.407 views

CVE-2021-35561

CVE-2021-35561 affects Oracle Java SE/GraalVM Enterprise Edition across multiple components (e.g., Utility, Swing, ImageIO, Keytool, JSSE) with affected Java SE versions 7u311, 8u301, 11.0.12, 17 and GraalVM EE 20.3.3/21.2.0. The vulnerability allows unauthenticated network access to cause partia...

5.3CVSS5.1AI score0.06468EPSS
CVE
CVE
added 2021/08/23 5:50 p.m.404 views

CVE-2021-39139

CVE-2021-39139 affects XStream, a Java XML serialization library. The vulnerability allows a remote attacker to load and execute arbitrary code by manipulating the processed input stream; exploitation depends on the affected XStream version and runtime behavior. Connected advisories confirm XStre...

8.8CVSS8.8AI score0.04455EPSS
CVE
CVE
added 2020/04/15 1:29 p.m.403 views

CVE-2020-2757

CVE-2020-2757 affects Oracle Java SE/SE Embedded (Serialization). Vulnerable: Java SE: 7u251, 8u241, 11.0.6, 14; SE Embedded: 8u241. Impact: unauthenticated network access leading to partial DoS on Java SE/SE Embedded. Root cause: serialization-related handling in the affected component; sandboxe...

4.3CVSS4.2AI score0.04211EPSS
CVE
CVE
added 2021/10/20 10:50 a.m.403 views

CVE-2021-35603

CVE-2021-35603 is a TLS-related vulnerability in the JSSE component of Java SE and GraalVM Enterprise Edition. Affected: Java SE 7u311, 8u301, 11.0.12, 17; GraalVM EE 20.3.3 and 21.2.0. Description indicates an unauthenticated network attacker could read data from vulnerable Java deployments (e.g...

4.3CVSS4.2AI score0.04104EPSS
CVE
CVE
added 2020/04/15 1:29 p.m.402 views

CVE-2020-2830

CVE-2020-2830 affects Oracle Java SE/Java SE Embedded (Concurrency component) with Java SE versions 7u251, 8u241, 11.0.6 and 14; Java SE Embedded 8u241. The vulnerability allows unauthenticated network-based exploitation via multiple protocols, potentially enabling partial denial of service on Ja...

5.3CVSS5AI score0.04948EPSS
CVE
CVE
added 2021/02/26 9:55 p.m.400 views

CVE-2020-27223

CVE-2020-27223 affects Eclipse Jetty 9.4.6.v20170531–9.4.36.v20210114, 10.0.0, and 11.0.0, where handling requests with multiple Accept headers and many quality (q) values can cause high CPU usage and a DoS. Public sources consistently describe CPU exhaustion as the impact. Remediation is to upgr...

5.3CVSS5.2AI score0.7795EPSS
CVE
CVE
added 2022/11/22 12:0 a.m.400 views

CVE-2022-40303

CVE-2022-40303 affects libxml2 prior to 2.10.3. When parsing multi‑gigabyte XML with XML_PARSE_HUGE enabled, integer counters can overflow and cause an access at a negative 2GB offset, typically leading to a segmentation fault. Public sources (including libxml2‑focused advisories and AWS ALAS/BSN...

7.5CVSS6.9AI score0.22791EPSS
CVE
CVE
added 2020/04/15 1:29 p.m.398 views

CVE-2020-2773

CVE-2020-2773 is a vulnerability in Oracle Java SE and Java SE Embedded (component: Security) that can be exploited remotely by unauthenticated attackers to cause a partial denial of service on affected Java runtimes. Affected versions include Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedde...

4.3CVSS4.2AI score0.03625EPSS
CVE
CVE
added 2021/10/20 10:50 a.m.398 views

CVE-2021-35578

CVE-2021-35578 affects Java SE (JSSE) and Oracle GraalVM Enterprise Edition; vulnerable are Java SE 8u301, 11.0.12, 17 and GraalVM EE 20.3.3/21.2.0. Attack requires network access via TLS to targeted APIs, with unauthenticated access and no user interaction, potentially enabling a partial denial ...

5.3CVSS5.1AI score0.06218EPSS
CVE
CVE
added 2020/04/15 1:29 p.m.397 views

CVE-2020-2800

CVE-2020-2800 affects Oracle Java SE/Java SE Embedded, specifically the Lightweight HTTP Server component. Affected versions include Java SE 7u251, 8u241, 11.0.6, 14 and Java SE Embedded 8u241. The vulnerability can be exploited over a network with unauthenticated access via multiple protocols, p...

5.8CVSS4.9AI score0.02879EPSS
CVE
CVE
added 2020/07/15 5:34 p.m.395 views

CVE-2020-14593

CVE-2020-14593 is a vulnerability in the 2D component of Oracle Java SE/SE Embedded. Affected: Java SE 7u261, 8u251, 11.0.7, 14.0.1; Java SE Embedded 8u251. Vulnerability type is unspecified in the provided sources, but exploitation is described as unauthenticated with network access via multiple...

7.4CVSS7.1AI score0.03864EPSS
CVE
CVE
added 2021/10/20 10:50 a.m.395 views

CVE-2021-35588

CVE-2021-35588 is a vulnerability in Oracle Java SE and GraalVM Enterprise Edition (Hotspot component) affecting Java SE 7u311 and 8u301 and GraalVM Enterprise Edition 20.3.3/21.2.0. The issue allows an unauthenticated, network-accessible attacker to exploit multiple protocols after user interact...

3.1CVSS4.2AI score0.03599EPSS
CVE
CVE
added 2019/10/16 5:40 p.m.391 views

CVE-2019-2973

CVE-2019-2973 is an issue in Oracle Java SE/Java SE Embedded (component: JAXP) affecting OpenJDK/OpenJDK builds such as 7u231, 8u221, 11.0.4 and 13 (and Embedded 8u221). The vulnerability allows unauthenticated network-accessed exploitation that can cause a partial denial of service in Java SE/SE...

4.3CVSS4AI score0.03732EPSS
CVE
CVE
added 2020/07/15 5:34 p.m.390 views

CVE-2020-14583

CVE-2020-14583 affects Oracle Java SE/Java SE Embedded (Libraries component). Affected: Java SE 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded 8u251. Exploitation requires network access with user interaction and can lead to takeover of Java SE/Embedded with high impact on confidentiality, int...

8.3CVSS8.2AI score0.04029EPSS
CVE
CVE
added 2019/10/16 5:40 p.m.388 views

CVE-2019-2945

CVE-2019-2945 affects Oracle Java SE/Java SE Embedded (Networking) with affected Java SE versions 7u231, 8u221, 11.0.4, 13 and Java SE Embedded 8u221. The vulnerability can be exploited over the network by unauthenticated attackers; some vectors require user interaction and may lead to a partial ...

3.1CVSS3.8AI score0.03362EPSS
CVE
CVE
added 2020/04/15 1:29 p.m.388 views

CVE-2020-2781

CVE-2020-2781 concerns Oracle/OpenJDK Java SE JSSE vulnerability that allows unauthenticated network access to degrade availability in Java SE and Java SE Embedded (client/server deployment). The Chainguard data confirms affected OpenJDK JSSE components and versions, aligning with the CVE descrip...

5.3CVSS5.3AI score0.04948EPSS
CVE
CVE
added 2020/10/21 2:4 p.m.386 views

CVE-2020-14796

CVE-2020-14796 affects the Libraries component in Oracle Java SE/Java SE Embedded across multiple OpenJDK builds (e.g., Java-7u271? Java-8u261? Java-11.0.8? Java-15; Embedded 8u261). The vulnerability can be exploited by an unauthenticated attacker over network protocols, but exploitation require...

3.1CVSS3.2AI score0.02463EPSS
CVE
CVE
added 2021/06/22 2:45 p.m.386 views

CVE-2021-34428

CVE-2021-34428 affects Eclipse Jetty up to 9.4.40, 10.0.2, and 11.0.2. The root cause is an exception in SessionListener#sessionDestroyed() that prevents the session ID from being invalidated in the session ID manager, which in clustered deployments can leave a user session active on a shared mac...

3.6CVSS3.9AI score0.00963EPSS
In wild
CVE
CVE
added 2021/10/20 10:50 a.m.386 views

CVE-2021-35567

CVE-2021-35567 affects Oracle Java SE and GraalVM Enterprise Edition libraries; root cause is incorrect principal selection when Kerberos Constrained Delegation is used. Affected: Java SE 8u301, 11.0.12, 17 and GraalVM EE 20.3.3/21.2.0 (Libraries component). Impact includes potential unauthorized...

6.8CVSS6.6AI score0.027EPSS
Total number of security vulnerabilities180