Lucene search
+L
NetappSolidfire

192 matches found

CVE
CVE
added 2017/01/12 6:6 a.m.492 views

CVE-2016-9131

CVE-2016-9131 concerns ISC BIND and is triggered by improper handling of responses during recursion. A remote attacker can send a malformed RTYPE ANY response to cause an assertion failure and named process exit, i.e., a denial-of-service. Public advisories confirm affected versions across multip...

7.5CVSS7.3AI score0.40556EPSS
CVE
CVE
added 2021/07/20 6:13 p.m.492 views

CVE-2021-33910

CVE-2021-33910 affects systemd prior to versions 246.15, 247.8, 248.5, and 249.1. The root cause is a Memory Allocation with an Excessive Size Value in basic/unit-name.c involving strdupa and alloca for a pathname controlled by a local attacker, leading to a crash of the operating system (denial ...

5.5CVSS5.8AI score0.0865EPSS
CVE
CVE
added 2020/08/19 2:37 p.m.491 views

CVE-2020-14356

CVE-2020-14356 affects the Linux kernel cgroupv2 subsystem in versions before 5.7.10. The flaw is a use-after-free / NULL pointer dereference in the handling of socket references to cgroups, which, under certain configurations (including reboot scenarios), could allow a local user to crash the sy...

7.8CVSS7.2AI score0.00965EPSS
CVE
CVE
added 2019/11/25 10:51 a.m.488 views

CVE-2019-14815

CVE-2019-14815 is a Linux kernel issue in the Marvell Mwifiex WiFi driver, described in the connected F5 advisory as a heap overflow in mwifiex_set_wmm_params(). The initial document also notes a heap overflow in this driver. The provided sources do not include explicit exploit details, affected ...

7.8CVSS8.6AI score0.00488EPSS
CVE
CVE
added 2022/04/19 8:38 p.m.479 views

CVE-2022-21476

CVE-2022-21476 affects Oracle Java SE and Oracle GraalVM Enterprise Edition. Vulnerable components include Libraries, JAXP, ImageIO, 2D, JNDI, and serialization-related paths, with exploitation achievable by unauthenticated network access and potentially leading to data confidentiality breach or ...

7.5CVSS7AI score0.04046EPSS
CVE
CVE
added 2020/03/04 12:0 a.m.475 views

CVE-2020-10029

CVE-2020-10029 affects the GNU C Library (glibc) up to version 2.31.x, with a on‑stack buffer overflow during range reduction for 80‑bit long double inputs containing non‑canonical bit patterns on x86 targets. The issue is tied to sysdeps/ieee754/ldbl-96/e_rem_pio2l.c and can occur when an input ...

5.5CVSS6.4AI score0.00758EPSS
CVE
CVE
added 2019/03/18 4:33 p.m.470 views

CVE-2018-20669

CVE-2018-20669 affects the Linux kernel i915_gem_execbuffer2_ioctl path (drivers/gpu/drm/i915/i915_gem_execbuffer.c) up to kernel 4.19.13. A local attacker can craft an IOCTL call that fails address checks (address provided to access_ok() is not checked), enabling overwriting arbitrary kernel mem...

7.8CVSS7.2AI score0.00572EPSS
CVE
CVE
added 2020/08/19 12:0 a.m.467 views

CVE-2020-15862

CVE-2020-15862 affects Net-SNMP with an improper privilege management flaw: SNMP WRITE access to the EXTEND MIB allows an authenticated local attacker to execute arbitrary commands as root. Practical impact is local privilege escalation; exploitation requires access to an authenticated SNMP sessi...

7.8CVSS7.9AI score0.00382EPSS
CVE
CVE
added 2019/04/25 2:41 p.m.464 views

CVE-2019-3900

CVE-2019-3900 is an upstream Linux kernel vulnerability in the vhost_net module causing an infinite loop while handling incoming packets in handle_rx(), which can allow a guest user to stall the vhost_net kernel thread and trigger a DoS. The issue is present in Linux kernel releases up to and inc...

7.7CVSS8.4AI score0.04425EPSS
CVE
CVE
added 2019/03/22 7:5 a.m.461 views

CVE-2019-9924

CVE-2019-9924 : Bash rbash prior to 4.4-beta2 could allow a shell user to modify BASH_CMDS and thereby execute arbitrary commands with the shell’s permissions. IBM CP4S advisory confirms affected product versions: Cloud Pak for Security (CP4S) 1.8.1.0, 1.8.0.0, and 1.7.2.0. Remediation is to upgr...

7.8CVSS7.8AI score0.00415EPSS
CVE
CVE
added 2021/08/05 12:0 a.m.461 views

CVE-2021-22925

CVE-2021-22925 affects curl/libcurl’s TELNET OPTION handling (-t / CURLOPT_TELNETOPTIONS). A flaw in the option parser for NEW_ENV variables can cause uninitialized data from a stack buffer to be sent to the server, due to incorrect sscanf usage when parsing the provided string. This could reveal...

5.3CVSS6.3AI score0.04929EPSS
CVE
CVE
added 2019/06/14 1:56 p.m.460 views

CVE-2019-10126

CVE-2019-10126 affects the Linux kernel Marvell mwifiex wireless kernel driver. The issue is a heap-based buffer overflow in mwifiex_uap_parse_tail_ies (drivers/net/wireless/marvell/mwifiex/ie.c) that can lead to memory corruption. Public documents in the Connected set identify the affected compo...

9.8CVSS9.8AI score0.06821EPSS
CVE
CVE
added 2021/04/01 5:45 p.m.454 views

CVE-2021-22876

The Connected documents confirm CVE-2021-22876 affects curl/libcurl 7.1.1 through 7.75.0, where libcurl fails to remove user credentials from URLs when populating the Referer header, leading to leakage of credentials to the server of the second request. The root cause is improper handling of cred...

5.3CVSS5.7AI score0.05301EPSS
CVE
CVE
added 2019/12/23 6:55 p.m.452 views

CVE-2019-5108

CVE-2019-5108 is an exploitable denial-of-service in the Linux kernel prior to mainline 5.3. An attacker can trigger IAPP location updates for stations before authentication completes by forging Authentication/Association Request packets, leading to potential CAM-table attacks or traffic flapping...

7.4CVSS6.7AI score0.10114EPSS
CVE
CVE
added 2020/05/05 4:47 a.m.444 views

CVE-2020-12653

CVE-2020-12653 affects the Linux kernel prior to 5.5.4, caused by an incorrect memcpy in the mwifiex_cmd_append_vsie_tlv() function (drivers/net/wireless/marvell/mwifiex/scan.c). This enables a local attacker to gain elevated privileges or cause a denial of service due to a buffer overflow. Conne...

7.8CVSS7.5AI score0.00435EPSS
CVE
CVE
added 2021/04/22 9:53 p.m.444 views

CVE-2021-2161

CVE-2021-2161 affects Oracle Java SE family (Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition) in the Libraries component. The issue arises from how untrusted code is loaded/run and data from untrusted APIs, enabling a network-accessible attacker to perform unauthenticated actions and...

5.9CVSS5.3AI score0.03125EPSS
CVE
CVE
added 2021/10/20 10:49 a.m.442 views

CVE-2021-35550

CVE-2021-35550 is a network-authenticated TLS vulnerability in the JSSE component of Oracle Java SE and Oracle GraalVM Enterprise Edition, affecting Java SE 7u311, 8u301, 11.0.12 and GraalVM EE 20.3.3/21.2.0. Exploitation is possible over TLS with unauthenticated access and can lead to confidenti...

7.1CVSS5.8AI score0.06868EPSS
CVE
CVE
added 2020/05/08 1:48 p.m.434 views

CVE-2020-10690

The CVE-2020-10690 entry affects Linux kernel versions before 5.5. It is caused by a race between the release of ptp_clock and the cdev during resource deallocation, which can free the cdev structure while a high-privileged process holding /dev/ptpX is sleeping. When the underlying device is remo...

6.5CVSS6.5AI score0.00359EPSS
CVE
CVE
added 2020/05/18 5:50 p.m.433 views

CVE-2020-13143

CVE-2020-13143 affects the Linux kernel USB gadget/configfs (drivers/usb/gadget/configfs.c) from 3.16 to 5.6.13. The flaw arises when gadget_dev_desc_UDC_store uses kstrdup and may encounter an internal NUL value, leading to potential out-of-bounds memory access (reported as heap out-of-bounds wr...

6.5CVSS6.5AI score0.04505EPSS
CVE
CVE
added 2020/10/21 2:4 p.m.430 views

CVE-2020-14798

CVE-2020-14798 is a vulnerability in Oracle Java SE Libraries affecting Java SE versions 7u271, 8u261, 11.0.8 and 15, and Java SE Embedded 8u261. Exploitation is possible over network with multiple protocols and does not require authentication, but requires user interaction. Impact described as p...

3.1CVSS3.4AI score0.02717EPSS
CVE
CVE
added 2020/10/21 2:4 p.m.425 views

CVE-2020-14781

CVE-2020-14781 affects Oracle Java SE/SE Embedded (JNDI) with affected versions including Java SE 7u271, 8u261, 11.0.8, 15 and Java SE Embedded 8u261. The vulnerability allows an unauthenticated attacker with network access via multiple protocols to read a subset of Java SE/SE Embedded data. The ...

4.3CVSS3.5AI score0.02324EPSS
CVE
CVE
added 2019/08/25 3:25 p.m.423 views

CVE-2019-15538

CVE-2019-15538 affects the Linux kernel component fs/xfs/xfs_iops.c: xfs_setattr_nonsize, with the issue present in kernels up to 5.2.9. The vulnerability arises when a chgrp operation fails due to out-of-disk-quota conditions, causing XFS to partially wedge and fail to unlock ILOCK after the xfs...

7.8CVSS7.9AI score0.03916EPSS
CVE
CVE
added 2021/07/22 12:0 a.m.422 views

CVE-2021-35942

CVE-2021-35942 affects the GNU C Library (glibc) wordexp in posix/wordexp.c. The root cause is an integer/regex handling issue caused by using atoi instead of strtoul, which can lead to an out-of-bounds read or memory access. Exploitation can crash the process or cause information disclosure (DoS...

9.1CVSS9.4AI score0.02678EPSS
CVE
CVE
added 2020/10/21 2:4 p.m.420 views

CVE-2020-14803

CVE-2020-14803 affects Oracle Java SE Libraries in Java SE 11.0.8 and 15. The vulnerability allows an unauthenticated attacker over network to read a subset of Java SE data due to an issue in Libraries handling, per the CVSS base score 5.3 (CONF). Affected advisories across platforms corroborate ...

5.3CVSS4.4AI score0.0316EPSS
CVE
CVE
added 2020/11/28 6:20 a.m.418 views

CVE-2020-29368

Affected software: Linux kernel up to version prior to 5.7.5 (pre-5.7.5). Vulnerability details: In mm/huge_memory.c, __split_huge_pmd, the copy-on-write CoW implementation can grant unintended write access due to a race in the THP mapcount check. This race condition can lead to local write acces...

7CVSS6.6AI score0.0036EPSS
CVE
CVE
added 2020/10/21 2:4 p.m.414 views

CVE-2020-14779

CVE-2020-14779 affects Oracle Java SE SE/Embedded with Serialization and can enable an unauthenticated network-based attacker to cause partial denial of service. Affected versions include Java SE 7u271, 8u261, 11.0.8, 15 and Java SE Embedded 8u261; attack surface covers client and server deployme...

4.3CVSS3.7AI score0.03758EPSS
CVE
CVE
added 2020/01/16 3:22 p.m.411 views

CVE-2019-18282

CVE-2019-18282 affects the Linux kernel flow_dissector (Linux 4.3–5.x up to 5.3.10). The root cause is that UDP/IPv6 flow labels rely on a 32-bit hashrnd secret, with jhash used instead of siphash, allowing an attacker to infer the secret and track flows. Affected code includes net/core/flow_diss...

5.3CVSS6AI score0.02605EPSS
CVE
CVE
added 2021/10/20 10:50 a.m.410 views

CVE-2021-35561

CVE-2021-35561 affects Oracle Java SE/GraalVM Enterprise Edition across multiple components (e.g., Utility, Swing, ImageIO, Keytool, JSSE) with affected Java SE versions 7u311, 8u301, 11.0.12, 17 and GraalVM EE 20.3.3/21.2.0. The vulnerability allows unauthenticated network access to cause partia...

5.3CVSS5.1AI score0.06468EPSS
CVE
CVE
added 2021/08/07 3:31 a.m.407 views

CVE-2021-38160

CVE-2021-38160 affects the Linux kernel “virtio_console” driver. In drivers/char/virtio_console.c, if an untrusted device supplies a buf->len value larger than the destination buffer, data corruption or loss can occur. The issue is fixed in Linux kernel 5.13.4 (ChangeLog-5.13.4). The vendor no...

7.8CVSS7.8AI score0.00395EPSS
CVE
CVE
added 2019/05/08 1:36 p.m.406 views

CVE-2019-11815

The CVE-2019-11815 issue affects Linux kernels with net/rds/tcp.c: rds_tcp_kill_sock contains a race that can cause a use-after-free during net namespace cleanup (pre-5.0.8). A fix was committed and released in 5.0.8; upgrading to 5.0.8+ (or applying the patch) is the advised remediation. The Uni...

9.3CVSS7.5AI score0.04458EPSS
CVE
CVE
added 2020/12/14 7:39 p.m.406 views

CVE-2020-8285

CVE-2020-8285 is a curl/libcurl vulnerability in the FTP wildcard match parsing. The issue triggers uncontrolled recursion leading to a stack overflow when the internal callback returns CURL_CHUNK_BGN_FUNC_SKIP repeatedly, potentially causing a crash. Affected software includes curl/libcurl from ...

7.5CVSS7.7AI score0.09917EPSS
CVE
CVE
added 2021/10/20 10:50 a.m.406 views

CVE-2021-35588

CVE-2021-35588 is a vulnerability in Oracle Java SE and GraalVM Enterprise Edition (Hotspot component) affecting Java SE 7u311 and 8u301 and GraalVM Enterprise Edition 20.3.3/21.2.0. The issue allows an unauthenticated, network-accessible attacker to exploit multiple protocols after user interact...

3.1CVSS4.2AI score0.03599EPSS
CVE
CVE
added 2021/10/20 10:50 a.m.405 views

CVE-2021-35603

CVE-2021-35603 is a TLS-related vulnerability in the JSSE component of Java SE and GraalVM Enterprise Edition. Affected: Java SE 7u311, 8u301, 11.0.12, 17; GraalVM EE 20.3.3 and 21.2.0. Description indicates an unauthenticated network attacker could read data from vulnerable Java deployments (e.g...

4.3CVSS4.2AI score0.04104EPSS
CVE
CVE
added 2020/05/09 8:16 p.m.404 views

CVE-2020-12769

CVE-2020-12769 affects the Linux kernel prior to 5.4.17. The issue is in drivers/spi/spi-dw.c, where concurrent calls to dw_spi_irq and dw_spi_transfer_one can trigger a kernel panic (local exploit). The vulnerability is fixed in Linux kernel 5.4.17 (see ChangeLog-5.4.17). No exploit details are ...

5.5CVSS5.7AI score0.00652EPSS
CVE
CVE
added 2021/02/26 9:55 p.m.403 views

CVE-2020-27223

CVE-2020-27223 affects Eclipse Jetty 9.4.6.v20170531–9.4.36.v20210114, 10.0.0, and 11.0.0, where handling requests with multiple Accept headers and many quality (q) values can cause high CPU usage and a DoS. Public sources consistently describe CPU exhaustion as the impact. Remediation is to upgr...

5.3CVSS5.2AI score0.7795EPSS
CVE
CVE
added 2021/10/20 10:50 a.m.403 views

CVE-2021-35578

CVE-2021-35578 affects Java SE (JSSE) and Oracle GraalVM Enterprise Edition; vulnerable are Java SE 8u301, 11.0.12, 17 and GraalVM EE 20.3.3/21.2.0. Attack requires network access via TLS to targeted APIs, with unauthenticated access and no user interaction, potentially enabling a partial denial ...

5.3CVSS5.1AI score0.06218EPSS
CVE
CVE
added 2020/12/14 7:38 p.m.399 views

CVE-2020-8284

CVE-2020-8284 affects curl's handling of FTP PASV responses, enabling a malicious FTP server to coax curl into connecting to an attacker-controlled IP/port and potentially reveal private services (port scanning, banner extraction). Affects curl prior to patched versions; multiple advisories refer...

4.3CVSS6AI score0.03851EPSS
CVE
CVE
added 2021/07/15 5:0 p.m.399 views

CVE-2021-34429

CVE-2021-34429 affects Eclipse Jetty: 9.4.37–9.4.42, 10.0.1–10.0.5, and 11.0.1–11.0.5. A vulnerability allows crafting certain encoded URIs to access WEB-INF content and bypass some security constraints, constituting a variation of CVE-2021-28164. Public references in connected docs describe this...

5.3CVSS5.4AI score0.99298EPSS
CVE
CVE
added 2019/11/30 12:57 a.m.394 views

CVE-2019-19462

CVE-2019-19462 affects Linux kernel: relay_open in kernel/relay.c, vulnerable through kernel version 5.4.1, allows local attackers to cause a denial of service (e.g., relay blockage) by triggering a NULL alloc_percpu result. The connected UNITY_LINUX advisories reproduce this description and refe...

5.5CVSS5.5AI score0.0046EPSS
CVE
CVE
added 2020/10/21 2:4 p.m.390 views

CVE-2020-14796

CVE-2020-14796 affects the Libraries component in Oracle Java SE/Java SE Embedded across multiple OpenJDK builds (e.g., Java-7u271? Java-8u261? Java-11.0.8? Java-15; Embedded 8u261). The vulnerability can be exploited by an unauthenticated attacker over network protocols, but exploitation require...

3.1CVSS3.2AI score0.02493EPSS
CVE
CVE
added 2021/10/20 10:50 a.m.390 views

CVE-2021-35567

CVE-2021-35567 affects Oracle Java SE and GraalVM Enterprise Edition libraries; root cause is incorrect principal selection when Kerberos Constrained Delegation is used. Affected: Java SE 8u301, 11.0.12, 17 and GraalVM EE 20.3.3/21.2.0 (Libraries component). Impact includes potential unauthorized...

6.8CVSS6.6AI score0.027EPSS
CVE
CVE
added 2020/10/21 2:4 p.m.387 views

CVE-2020-14792

CVE-2020-14792 is an Oracle Java OpenJDK vulnerability affecting Java SE and Embedded runtimes (Hotspot/Libraries components) with the root issue described as “Better range handling.” Affected versions include Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. The connected advisories...

5.8CVSS3.9AI score0.0223EPSS
CVE
CVE
added 2022/03/25 12:0 a.m.387 views

CVE-2021-4203

CVE-2021-4203 is a Linux kernel use-after-free read flaw in sock_getsockopt() triggered by a race between SO_PEERCRED/SO_PEERGROUPS and listen()/connect(). An authenticated local attacker could crash the system or leak kernel information. The connected IBM advisories document affected products (I...

6.8CVSS6.8AI score0.01747EPSS
CVE
CVE
added 2021/10/20 10:50 a.m.386 views

CVE-2021-35556

CVE-2021-35556 is a vulnerability in the Swing component of Java SE (and related GraalVM Enterprise Edition versions) affecting Java SE 7u311, 8u301, 11.0.12, 17 and GraalVM EE 20.3.3/21.2.0. An unauthenticated attacker with network access via multiple protocols can potentially exploit this to ca...

5.3CVSS5AI score0.07819EPSS
CVE
CVE
added 2022/01/19 11:22 a.m.386 views

CVE-2022-21248

CVE-2022-21248 affects Oracle Java SE and GraalVM Enterprise Edition via the Serialization component. Affected Oracle Java SE versions: 7u321, 8u311, 11.0.13, 17.0.1; GraalVM Enterprise Edition: 20.3.4 and 21.3.0. The vulnerability is exploitable over the network and allows an unauthenticated att...

4.3CVSS3.8AI score0.03763EPSS
CVE
CVE
added 2021/01/12 12:0 a.m.384 views

CVE-2021-23239

The CVE-2021-23239 entry concerns the sudoedit personality in sudo up to version 1.9.4 (before 1.9.5). A race condition in sudoedit (sudo_edit.c) can allow a local, unprivileged user to determine directory existence by substituting a user-controlled directory with a symlink to an arbitrary path, ...

2.5CVSS5.5AI score0.01029EPSS
CVE
CVE
added 2022/01/19 11:23 a.m.383 views

CVE-2022-21305

CVE-2022-21305 is present across multiple Oracle Java SE and GraalVM Enterprise Edition components (Hotspot, Serialization, JAXP, ImageIO, Libraries, 2D/3D) affecting Java versions 7u321, 8u311, 11.0.13, 17.0.1 (and GraalVM EE 20.3.4/21.3.0). Public advisories describe unauthenticated network-bas...

5.3CVSS4.7AI score0.02755EPSS
CVE
CVE
added 2022/04/19 8:38 p.m.383 views

CVE-2022-21496

CVE-2022-21496 affects Oracle Java SE and Oracle GraalVM Enterprise Edition across multiple components (JNDI, JAXP, Libraries, Hotspot) with listed affected versions. The vulnerability enables network-accessible, unauthenticated attackers to modify or access data (integrity/availability impacts) ...

5.3CVSS5.3AI score0.02805EPSS
CVE
CVE
added 2022/01/19 11:23 a.m.382 views

CVE-2022-21299

CVE-2022-21299 is reported across multiple feeds as affecting Oracle Java SE and GraalVM Enterprise Edition, involving several components (JAXP, Serialization, Libraries, ImageIO, Hotspot, 2D). Affected Java SE versions include 7u321, 8u311, 11.0.13, 17.0.1; GraalVM EE versions 20.3.4 and 21.3.0....

5.3CVSS4.9AI score0.03458EPSS
CVE
CVE
added 2019/04/24 3:23 p.m.381 views

CVE-2019-3882

CVE-2019-3882 affects the Linux kernel vfio interface: a local user owning a vfio device could abuse DMA mappings to memory and exhaust system memory, enabling a denial of service. Publicly available connected documents confirm the vulnerability and its DoS impact; Debian and other advisories inc...

5.5CVSS6.3AI score0.00538EPSS
Total number of security vulnerabilities192