Lucene search
K
NetappSolidfire & Hci Storage Node

26 matches found

CVE
CVE
added 2021/12/10 12:0 a.m.6895 views

CVE-2021-44228

CVE-2021-44228 (Log4Shell) affects Apache Log4j2 2.0-beta9 through 2.15.0 (excluding some security releases) and is specific to log4j-core. The vulnerability arises from JNDI features used in configuration, log messages, and parameters, which can be exploited when an attacker can control log mess...

10CVSS10AI score0.99999EPSS
In wildWeb
CVE
CVE
added 2024/12/23 12:0 a.m.1410 views

CVE-2024-40896

CVE-2024-40896 affects libxml2 prior to 2.11.9, 2.12 prior to 2.12.9, and 2.13 prior to 2.13.3. The SAX parser can emit events for external entities even when custom SAX handlers try to override content (via checked), enabling classic XXE attacks. Connected sources reiterate the same vulnerabilit...

9.1CVSS6.5AI score0.01192EPSS
CVE
CVE
added 2023/07/25 8:45 p.m.723 views

CVE-2023-37920

CVE-2023-37920 affects the Python Certifi package: Certifi before 2023.07.22 includes the e-Tugra root certificates, which were removed in 2023.07.22 due to security concerns. The vulnerability is documented with high/critical impact in CVSS vectors across sources, and advisories across multiple ...

9.8CVSS9AI score0.00468EPSS
CVE
CVE
added 2022/07/07 8:45 p.m.551 views

CVE-2022-2047

CVE-2022-2047 affects Eclipse Jetty: vulnerable in Jetty 9.4.0–9.4.46, 10.0.0–10.0.9, and 11.0.0–11.0.9. The HttpURI class misparses the authority segment of an HTTP URI, treating certain invalid inputs as a hostname, which can cause failures in a proxy scenario. Connected documents provide exact...

4CVSS5.2AI score0.01173EPSS
CVE
CVE
added 2019/05/07 1:4 p.m.493 views

CVE-2018-20836

CVE-2018-20836 : A race condition in the Linux kernel before 4.20, specifically in drivers/scsi/libsas/sas_expander.c (smp_task_timedout() vs smp_task_done()), can lead to a use-after-free. Affected: Linux kernel versions prior to 4.20. Impact is described as high by CVSS. The provided documents ...

9.3CVSS7.5AI score0.05111EPSS
CVE
CVE
added 2020/12/15 5:0 p.m.421 views

CVE-2020-29569

CVE-2020-29569 describes a use-after-free in the Linux kernel PV block backend (blkback) when Xen is used, where the kernel thread handler may not reset ring->xenblkd to NULL if the frontend toggles between connect/disconnect, allowing a misbehaving guest to trigger a dom0 crash. The issue aff...

8.8CVSS8.3AI score0.00388EPSS
CVE
CVE
added 2020/11/28 6:18 a.m.416 views

CVE-2020-29374

CVE-2020-29374 affects the Linux kernel and was fixed in 5.7.3. It concerns the get_user_pages (gup) implementation used for copy-on-write pages: when handling read operations, it may grant unintended write access, risking information disclosure or data corruption (COW cross-process leakage). Sev...

3.6CVSS4.9AI score0.00399EPSS
CVE
CVE
added 2022/07/07 8:35 p.m.412 views

CVE-2022-2048

CVE-2022-2048 concerns the Eclipse Jetty HTTP/2 server. The bug occurs when handling an invalid HTTP/2 request, where the error path fails to properly clean up active connections and associated resources. This can lead to a denial of service due to resource exhaustion, rendering the server unable...

7.5CVSS7.3AI score0.0227EPSS
CVE
CVE
added 2022/06/01 12:0 a.m.405 views

CVE-2022-27776

CVE-2022-27776 is a curl vulnerability where credentials could be leaked during HTTP redirects to the same host on a different port. Root cause: insufficiently protected credentials in redirect handling. Impact: potential exposure of authentication or cookie headers. Affected: curl/libcurl across...

6.5CVSS7.3AI score0.03425EPSS
CVE
CVE
added 2020/04/29 5:59 p.m.393 views

CVE-2020-12464

CVE-2020-12464 is a Linux kernel use-after-free in the USB core path. The vulnerability stems from usb_sg_cancel in drivers/usb/core/message.c where a transfer can occur without a proper reference, enabling a local attacker to potentially crash or execute code. Connected documents confirm this is...

7.2CVSS6.6AI score0.00802EPSS
CVE
CVE
added 2025/02/05 9:18 a.m.389 views

CVE-2025-0725

CVE-2025-0725 affects libcurl when performing automatic gzip decompression with CURLOPT_ACCEPT_ENCODING using zlib 1.2.0.3 or older. A attacker-controlled integer overflow can cause a buffer overflow during decompression. Connected advisories (ALAS/Amazon/Linux and Debian/CVE trackers) confirm th...

7.3CVSS7.4AI score0.01218EPSS
CVE
CVE
added 2023/11/01 4:32 p.m.385 views

CVE-2023-5178

CVE-2023-5178 is a use-after-free vulnerability in the NVMe over Fabrics over TCP subsystem of the Linux kernel, specifically nvmet_tcp_free_crypto in drivers/nvme/target/tcp.c. The logical bug can lead to use-after-free and double-free conditions, with potential remote code execution or local pr...

8.8CVSS8.9AI score0.09141EPSS
CVE
CVE
added 2022/03/02 12:0 a.m.379 views

CVE-2021-3772

CVE-2021-3772 affects the Linux kernel SCTP stack: a blind attacker who knows IPs/ports and can spoof packets can kill an existing SCTP association by sending invalid chunks. The connected advisories confirm the issue and point to a patch in the Linux kernel (commit 32f8807a48ae55be0e76880cfe8607...

6.5CVSS6.8AI score0.0124EPSS
CVE
CVE
added 2024/10/27 12:0 a.m.368 views

CVE-2024-50602

CVE-2024-50602 affects libexpat prior to 2.6.4. There is a crash in XML_ResumeParser when XML_StopParser can stop/suspend an unstarted parser. Affected: expat library used by various products; root cause is improper handling of parser state. Impact is a crash (DoS potential) as described in linke...

5.9CVSS7.1AI score0.0104EPSS
CVE
CVE
added 2025/02/05 9:15 a.m.365 views

CVE-2025-0167

The CVE-2025-0167 issue affects curl (libcurl) and arises when both using a .netrc for credentials and following HTTP redirects. The root cause, as described across connected documents, is that the netrc entry can omit login and password (or a default entry omits both), which may allow the passwo...

3.4CVSS7AI score0.00663EPSS
CVE
CVE
added 2024/05/06 7:22 p.m.358 views

CVE-2024-33602

CVE-2024-33602 affects the glibc nscd netgroup cache. The flaw is caused by the netgroup cache assuming NSS callbacks use in-buffer strings, which can lead to memory corruption when not all strings fit in the provided buffer. The issue was introduced with glibc 2.15 and is present only in the nsc...

7.4CVSS6.8AI score0.00403EPSS
CVE
CVE
added 2022/07/27 12:0 a.m.356 views

CVE-2022-36946

The CVE-2022-36946 issue affects nfqnl_mangle in net/netfilter/nfnetlink_queue.c of the Linux kernel (through 5.18.14). When nf_queue verdicts include a one-byte nfta_payload attribute, skb_pull can encounter a negative skb->len, enabling a remote attacker to trigger a denial of service (panic...

7.5CVSS7.2AI score0.05542EPSS
CVE
CVE
added 2020/10/13 7:52 p.m.335 views

CVE-2020-25645

Summary: CVE-2020-25645 describes a confidentiality flaw in the Linux kernel’s GENEVE tunnel code when IPsec is used to encrypt traffic for the tunnel’s UDP port. In kernels before 5.9-rc7, traffic between two Geneve endpoints may be left unencrypted, allowing an attacker between the endpoints to...

7.5CVSS7.1AI score0.02433EPSS
CVE
CVE
added 2022/06/01 12:0 a.m.313 views

CVE-2022-27774

CVE-2022-27774 affects curl. The vulnerability is described as an insufficiently protected credentials issue where credentials could be leaked during HTTP(S) redirects when authentication is involved, potentially leaking to other hosts across different protocols or ports. Connected advisories sho...

5.7CVSS6.7AI score0.01595EPSS
CVE
CVE
added 2022/05/26 12:0 a.m.301 views

CVE-2022-22576

CVE-2022-22576 is an improper authentication vulnerability in curl 7.33.0 through 7.82.0 that may allow reuse of OAuth2-authenticated connections without confirming the credentials used for the transfer, affecting SASL-enabled protocols (SMPTP(S), IMAP(S), POP3(S), LDAP(S) via OpenLDAP). The root...

8.1CVSS8AI score0.01914EPSS
CVE
CVE
added 2022/06/01 12:0 a.m.288 views

CVE-2022-27775

Curl contains an information‑disclosure flaw (CVE-2022-27775) in versions 7.65.0–7.82.0 where an IPv6 address from the pool could be reused with a different zone id, enabling potential leakage through connection reuse. Affected platforms in connected advisories indicate curl/libcurl fixes have be...

7.5CVSS7.1AI score0.02794EPSS
CVE
CVE
added 2023/07/17 12:0 a.m.160 views

CVE-2023-38426

The CVE-2023-38426 issue affects the Linux kernel prior to 6.3.4, specifically ksmbd’s SMB2 path where an out-of-bounds read occurs in smb2_find_context_vals if create_context’s name_len exceeds the tag length. Public references (kernel commit and ChangeLog-6.3.4) confirm the vulnerability contex...

9.1CVSS8.7AI score0.02435EPSS
CVE
CVE
added 2023/07/24 3:19 p.m.130 views

CVE-2023-32257

CVE-2023-32257 affects the Linux kernel ksmbd (the in-kernel SMB server). The vulnerability stems from lack of proper locking when processing SMB2_SESSION_SETUP and SMB2_LOGOFF, enabling an attacker to execute code in the kernel context. The initial description documents the root cause and impact...

8.1CVSS8.4AI score0.02393EPSS
CVE
CVE
added 2023/07/17 12:0 a.m.125 views

CVE-2023-38432

CVE-2023-38432 affects the Linux kernel prior to 6.3.10. The KSMBD SMB2 server (fs/smb/server/smb2misc.c) does not validate the relationship between the SMB command payload size and RFC1002 length, causing an out-of-bounds read. Impact: potential information disclosure or crash as stated by affec...

9.1CVSS8.7AI score0.02378EPSS
CVE
CVE
added 2023/07/17 12:0 a.m.111 views

CVE-2023-38428

CVE-2023-38428 affects the Linux kernel (ksmbd) where fs/ksmbd/smb2pdu.c does not properly validate the UserName value because it ignores the address of the security buffer, causing an out-of-bounds read. The public description confirms the issue exists in kernels before 6.3.4. The connected docs...

9.1CVSS8.8AI score0.02975EPSS
CVE
CVE
added 2024/05/30 3:35 p.m.86 views

CVE-2024-36958

CVE-2024-36958 affects the Linux kernel NFSD component: nfsd4_encode_fattr4() can crash due to args.acl being used after lack of initialization, leading to an unconditional kfree() path. The documented impact is local access with potential availability degradation (CVSS: Local, Availability High)...

5.5CVSS6.6AI score0.00236EPSS