Lucene search
+L
NetappSolidfire

192 matches found

CVE
CVE
added 2019/04/23 10:0 p.m.380 views

CVE-2019-11486

The CVE-2019-11486 entry describes multiple race conditions in the Siemens R3964 line discipline driver (drivers/tty/n_r3964.c) of the Linux kernel, affecting versions before 5.0.8. This yields local exploitation potential with full confidentiality, integrity, and availability impact. A fix is av...

7CVSS6.8AI score0.00366EPSS
CVE
CVE
added 2020/07/30 8:5 p.m.379 views

CVE-2020-16166

CVE-2020-16166 affects the Linux kernel by allowing remote observers to infer the network RNG internal state via drivers/char/random.c and kernel/time/timer.c. Affected platforms show fixes across multiple distributions: Debian LTS (linux package updates to 4.9.240-1/ -2; multiple CVEs), IBM advi...

4.3CVSS5.6AI score0.05271EPSS
CVE
CVE
added 2020/10/21 2:4 p.m.372 views

CVE-2020-14797

CVE-2020-14797 affects Oracle/OpenJDK Java SE Libraries (path validation) across multiple Java versions. Connected sources indicate this vulnerability residing in the Libraries component with affected OpenJDK packages such as java-1.8.0-openjdk and related ALAS/Amazon advisories, listing path val...

4.3CVSS3.7AI score0.02196EPSS
CVE
CVE
added 2019/11/28 12:27 a.m.369 views

CVE-2019-18276

CVE-2019-18276 affects GNU Bash up to 5.0 patch 11, where disable_priv_mode in shell.c incorrectly drops privileges when UID real != effective, leaving the saved UID intact. An attacker with shell command execution can use enable -f to load a new builtin (shared object) that calls setuid(), regai...

7.8CVSS7.5AI score0.02608EPSS
CVE
CVE
added 2021/10/20 10:50 a.m.367 views

CVE-2021-35559

CVE-2021-35559 is a vulnerability in Oracle Java SE/OpenJDK (Swing component) affecting Java SE versions 7u311, 8u301, 11.0.12, and 17, plus Oracle GraalVM Enterprise Edition 20.3.3 and 21.2.0. The issue is described as easily exploitable with network access and can lead to partial denial of serv...

5.3CVSS5AI score0.14839EPSS
CVE
CVE
added 2021/10/20 10:50 a.m.367 views

CVE-2021-35586

CVE-2021-35586 is a vulnerability in Oracle Java SE (Java SE component: ImageIO) and Oracle GraalVM Enterprise Edition (affected versions: Java SE 7u311, 8u301, 11.0.12, 17; GraalVM EE: 20.3.3, 21.2.0) that enables an unauthenticated attacker with network access via multiple protocols to cause a ...

5.3CVSS5.1AI score0.06322EPSS
CVE
CVE
added 2021/10/20 10:50 a.m.366 views

CVE-2021-35564

CVE-2021-35564 affects Java SE (Keytool) and Oracle GraalVM Enterprise Edition, with affected Java SE versions 7u311, 8u301, 11.0.12, 17 and GraalVM EE 20.3.3/21.2.0. The vulnerability is exploitable remotely with unauthenticated network access and can lead to unauthorized updates/insertions/dele...

5.3CVSS5AI score0.05241EPSS
CVE
CVE
added 2021/04/01 5:46 p.m.365 views

CVE-2021-22890

CVE-2021-22890 affects curl 7.63.0 through 7.75.0. When using TLS 1.3 with an HTTPS proxy, libcurl could confuse TLS session tickets from the proxy as if they came from the remote server, potentially causing the host’s session ticket to be resumed incorrectly and bypass server certificate checks,...

4.3CVSS4.9AI score0.03141EPSS
CVE
CVE
added 2022/04/19 8:37 p.m.364 views

CVE-2022-21443

CVE-2022-21443 is an Oracle Java SE/GraalVM EE vulnerability affecting the Libraries component. Affected: Oracle Java SE 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM EE 20.3.5, 21.3.1, 22.0.0.2. Exploitation is network-based and can lead to a partial denial of service, with unauthenticated a...

4.3CVSS4.5AI score0.02707EPSS
CVE
CVE
added 2019/03/25 6:30 p.m.363 views

CVE-2019-3874

CVE-2019-3874 concerns the SCTP socket buffer not being accounted by the cgroups subsystem, enabling a denial-of-service against affected systems. The vulnerability is described in Unity Linux advisories referencing kernel SCTP handling and states that “Kernel 3.10.x and 4.18.x branches are belie...

6.5CVSS6.7AI score0.01771EPSS
CVE
CVE
added 2022/01/19 11:23 a.m.363 views

CVE-2022-21291

CVE-2022-21291 affects Oracle Java SE (Hotspot) and Oracle GraalVM Enterprise Edition. Affected versions include Oracle Java SE 7u321, 8u311, 11.0.13, 17.0.1 and GraalVM EE 20.3.4/21.3.0. It is exploitable over network via multiple protocols and can lead to unauthorized updates/deletes of data or...

5.3CVSS4.7AI score0.02896EPSS
CVE
CVE
added 2022/01/19 11:24 a.m.362 views

CVE-2022-21340

CVE-2022-21340 concerns Oracle Java SE and GraalVM Enterprise Edition. The vulnerability affects Oracle Java SE components (Libraries) and GraalVM Enterprise Edition libraries listed as affected: Java SE 7u321, 8u311, 11.0.13, 17.0.1; GraalVM Enterprise Edition 20.3.4 and 21.3.0. The description ...

5.3CVSS4.8AI score0.07748EPSS
CVE
CVE
added 2020/05/09 8:16 p.m.361 views

CVE-2020-12771

CVE-2020-12771 involves the Linux kernel component drivers/md/bcache/btree.c , where the function btree_gc_coalesce may deadlock if a coalescing operation fails. The connected Unity/Nessus entries reproduce: an issue in the kernel up to 5.6.11 with deadlock in the btree GC coalescing path, impact...

5.5CVSS5.9AI score0.00519EPSS
CVE
CVE
added 2021/06/02 2:38 p.m.359 views

CVE-2021-3522

CVE-2021-3522 affects GStreamer before 1.18.4, where an out-of-bounds read may occur when handling certain ID3v2 tags. The issue is evidenced in multiple connected documents (e.g., Astra Linux advisory and Amazon Linux advisories) referencing an out-of-bounds read impacting availability. The conc...

5.5CVSS5.5AI score0.05372EPSS
CVE
CVE
added 2022/01/19 11:25 a.m.359 views

CVE-2022-21341

CVE-2022-21341 is an openly documented vulnerability affecting Oracle Java SE and Oracle GraalVM Enterprise Edition across multiple components (Serialization, JAXP, ImageIO, Hotspot, Libraries, 2D, etc.). Affected versions include Java SE 7u321, 8u311, 11.0.13, 17.0.1 and GraalVM EE 20.3.4/21.3.0...

5.3CVSS4.8AI score0.03765EPSS
CVE
CVE
added 2021/10/20 10:50 a.m.357 views

CVE-2021-35565

CVE-2021-35565 affects Java SE (JSSE) and OpenJDK components across Java releases (7u311, 8u301, 11.0.12) and Oracle GraalVM Enterprise Edition (20.3.3, 21.2.0). The issue arises in TLS handling via the HttpsServer, enabling an unauthenticated network attacker to cause a partial denial of service...

5.3CVSS5AI score0.06886EPSS
CVE
CVE
added 2022/01/19 11:23 a.m.349 views

CVE-2022-21282

CVE-2022-21282 is a combined Java/Oracle Java SE/GraalVM issue reported across multiple advisories. The connected documents identify assorted affected components and versions, notably: Serialization , JAXP , Libraries , Hotspot , and ImageIO within Oracle Java SE and GraalVM Enterprise Edition. A...

5.3CVSS4.5AI score0.02877EPSS
CVE
CVE
added 2022/01/19 11:23 a.m.349 views

CVE-2022-21293

CVE-2022-21293 affects Oracle Java SE (Libraries) and Oracle GraalVM Enterprise Edition as listed: Java SE 7u321, 8u311, 11.0.13, 17.0.1; GraalVM EE 20.3.4 and 21.3.0. The issue allows unauthenticated network-based exploitation via multiple protocols, potentially enabling a partial denial of serv...

5.3CVSS4.8AI score0.08346EPSS
CVE
CVE
added 2020/02/14 4:27 a.m.347 views

CVE-2020-8992

CVE-2020-8992 affects the Linux kernel ext4 implementation (ext4_protect_reserved_inode in fs/ext4/block_validity.c) through version 5.5.3. A crafted journal size can cause a denial of service (soft lockup) via a local attack. Connected advisories (e.g., SUSE-SU-2020:1663-1, Ubuntu USN-4419-1, Un...

5.5CVSS5.5AI score0.00416EPSS
CVE
CVE
added 2021/08/05 12:0 a.m.347 views

CVE-2021-22922

CVE-2021-22922 affects curl’s Metalink download flow: when multiple URLs are provided, a content hash mismatch on a breached server is not discarded during download, allowing potentially malicious data to be kept on disk. Public advisories and vendor bulletins confirm patches in patched curl rele...

6.5CVSS6.6AI score0.04313EPSS
CVE
CVE
added 2021/08/08 7:27 p.m.345 views

CVE-2021-38199

CVE-2021-38199 concerns the Linux kernel’s NFSv4 client. The vulnerability arises from incorrect connection-setup ordering in fs/nfs/nfs4client.c, which can be triggered by remote NFSv4 servers during trunking detection, potentially causing a denial of service by hanging mounts. Connected advisor...

6.5CVSS6.3AI score0.01245EPSS
CVE
CVE
added 2022/01/19 11:23 a.m.345 views

CVE-2022-21294

CVE-2022-21294 is a network-exploitable vulnerability in Oracle Java SE (Libraries) and Oracle GraalVM Enterprise Edition Libraries, allowing an unauthenticated attacker to trigger a partial denial of service. Affected products/versions include Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1 and Or...

5.3CVSS4.8AI score0.0335EPSS
CVE
CVE
added 2021/08/05 12:0 a.m.340 views

CVE-2021-22923

CVE-2021-22923 affects curl's metalink feature: when downloading a metalink XML with user credentials, those credentials are subsequently passed to each server curls contacts, potentially leaking credentials to multiple endpoints. Technical details across sources confirm this credential exposure ...

5.3CVSS6.1AI score0.01843EPSS
CVE
CVE
added 2022/01/19 11:25 a.m.340 views

CVE-2022-21365

CVE-2022-21365 is discussed across multiple connected advisories as affecting Oracle Java SE and GraalVM EE components (ImageIO, JAXP, Libraries, Hotspot) with affected Java versions including 7u321, 8u311, 11.0.13, 17.0.1 (and later 17.01 in some entries); GraalVM EE: 20.3.4 and 21.3.0. The desc...

5.3CVSS4.8AI score0.03486EPSS
CVE
CVE
added 2022/05/16 12:0 a.m.339 views

CVE-2022-1587

CVE-2022-1587 is an out-of-bounds read in the PCRE2 library, specifically in the get_recurse_data_length() function of pcre2_jit_compile.c, affecting recursions in JIT-compiled regular expressions due to duplicate data transfers. Multiple sources (Debian, Alpine Linux, and related advisories) con...

9.1CVSS8.9AI score0.02574EPSS
CVE
CVE
added 2022/01/19 11:25 a.m.339 views

CVE-2022-21349

CVE-2022-21349 is an Oracle Java SE/GraalVM Enterprise Edition vulnerability affecting multiple Java components (e.g., 2D, ImageIO, JAXP, Hotspot, Libraries) across affected releases. Public advisories show affected Java SE versions (e.g., 7u321, 8u311) and GraalVM EE releases (20.3.4, 21.3.0). E...

5.3CVSS4.7AI score0.03306EPSS
CVE
CVE
added 2019/09/24 9:21 p.m.336 views

CVE-2019-5094

CVE-2019-5094 is a vulnerability in the quota file handling of e2fsprogs (ext4 utilities) that can trigger an out-of-bounds write on the heap, enabling potential arbitrary code execution when a malformed ext4 partition is processed. The description across sources identifies the affected component...

7.5CVSS7AI score0.01105EPSS
CVE
CVE
added 2022/01/19 11:23 a.m.334 views

CVE-2022-21296

CVE-2022-21296 affects Oracle Java SE (JAXP, Serialization, Libraries, 2D/Hotspot) and Oracle GraalVM Enterprise Edition. Affected Java SE versions: 7u321, 8u311, 11.0.13, 17.0.1; GraalVM EE: 20.3.4, 21.3.0. The issue allows unauthenticated, network-accessible exploitation that can lead to readin...

5.3CVSS4.5AI score0.02825EPSS
CVE
CVE
added 2019/12/30 4:39 a.m.333 views

CVE-2019-20095

CVE-2019-20095 affects the Linux kernel mwifiex driver (drivers/net/wireless/marvell/mwifiex/cfg80211.c). The description states that certain error-handling paths do not free allocated hostcmd memory, causing a memory leak that can lead to a denial of service. The issue is fixed in kernel version...

5.5CVSS6.5AI score0.00394EPSS
CVE
CVE
added 2020/04/08 1:58 p.m.333 views

CVE-2019-20636

CVE-2019-20636 affects the Linux kernel prior to 5.4.12. The vulnerability is an out-of-bounds write in drivers/input/input.c via a crafted keycode table in input_set_keycode, enabling a local attacker with root privileges to corrupt memory and potentially execute arbitrary code or cause a denial...

7.2CVSS6.4AI score0.00384EPSS
CVE
CVE
added 2021/01/12 8:17 a.m.329 views

CVE-2021-23240

CVE-2021-23240 affects sudoedit in sudo prior to 1.9.5. An unprivileged local user can replace a temporary file with a symlink to an arbitrary target, enabling a file-ownership escalation attack. Impact is described for SELinux RBAC environments in permissive mode; machines without SELinux are no...

7.8CVSS7.8AI score0.01066EPSS
CVE
CVE
added 2019/08/16 1:44 p.m.328 views

CVE-2019-15118

CVE-2019-15118 affects the Linux kernel up to version 5.2.9. The vulnerability arises from the function check_input_term in sound/usb/mixer.c , which mishandles recursion and can cause a kernel stack exhaustion leading to a crash. The connected Nessus entries corroborate the issue and reference U...

5.5CVSS6.5AI score0.00761EPSS
CVE
CVE
added 2020/02/25 3:48 p.m.324 views

CVE-2020-9383

CVE-2020-9383 affects the Linux kernel floppy driver (set_fdc in drivers/block/floppy.c) where the FDC index is not checked for errors before assignment, causing a wait_til_ready out-of-bounds read. Impact per the CVE description: local attacker could cause a denial of service or privilege escala...

7.1CVSS6.7AI score0.00731EPSS
CVE
CVE
added 2022/05/16 12:0 a.m.324 views

CVE-2022-1586

CVE-2022-1586 is a confirmed out-of-bounds read in the PCRE2 library affecting the JIT-compiled regex path. The vulnerability occurs in the compile_xclass_matchingpath() function of pcre2_jit_compile.c, related to Unicode property matching where a character may not be fully read during case-less ...

9.1CVSS9.1AI score0.03193EPSS
CVE
CVE
added 2022/01/19 11:25 a.m.322 views

CVE-2022-21360

CVE-2022-21360 affects Oracle Java SE and Oracle GraalVM Enterprise Edition (ImageIO component). Affected: Oracle Java SE 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition 20.3.4 and 21.3.0. Description: an easily exploitable, unauthenticated remote vulnerability could allow partia...

5.3CVSS4.8AI score0.03486EPSS
CVE
CVE
added 2022/07/07 12:0 a.m.322 views

CVE-2022-32206

CVE-2022-32206 affects curl

6.5CVSS7.9AI score0.3197EPSS
CVE
CVE
added 2022/07/07 12:0 a.m.322 views

CVE-2022-32208

CVE-2022-32208 affects curl when performing FTP transfers secured by krb5 prior to version 7.84.0. The vulnerability arises from how message verification failures are handled during krb5-secured FTP transfers, enabling a man-in-the-middle to go unnoticed and potentially inject data to the client....

5.9CVSS7.4AI score0.06762EPSS
CVE
CVE
added 2022/07/07 12:0 a.m.310 views

CVE-2022-32207

CVE-2022-32207 affects curl: when saving cookies, alt-svc and HSTS data, the final rename can widen target file permissions, exposing updates to more users. Affected versions are curl before 7.84.0; remediation is to upgrade to 7.84.0 or newer (as indicated by multiple advisories).

9.8CVSS8.9AI score0.06823EPSS
CVE
CVE
added 2019/10/03 4:1 p.m.307 views

CVE-2019-15166

CVE-2019-15166 affects tcpdump: lmp_print_data_link_subobjs() in print-lmp.c before 4.9.3 lacks bounds checks, enabling memory corruption that could crash the application when processing crafted data. Connected sources confirm this specific subroutine and bug class, and multiple advisories refere...

7.5CVSS6.8AI score0.04986EPSS
CVE
CVE
added 2021/08/05 12:0 a.m.303 views

CVE-2021-22926

CVE-2021-22926 affects curl/libcurl where using CURLOPT_SSLCERT can be spoofed when libcurl uses macOS Secure Transport. A writable current working directory attacker can cause the app to select a file-based cert over a named cert, resulting in the wrong client certificate being sent in TLS hands...

7.5CVSS7.2AI score0.0982EPSS
CVE
CVE
added 2022/02/16 12:0 a.m.302 views

CVE-2021-3753

CVE-2021-3753 describes a race in the Linux kernel’s vt_k_ioctl() (vt_ioctl.c) that may cause an out-of-bounds read in vt as vc_mode write access is not protected by a lock. Impact is listed as data confidentiality; exploitation details are not provided in the supplied documents. Connected source...

4.7CVSS6AI score0.00364EPSS
CVE
CVE
added 2020/04/29 12:7 p.m.297 views

CVE-2020-11884

CVE-2020-11884 affects the Linux kernel on s390x (versions 4.19–5.6.7). The issue is a race in enable_sacf_uaccess (arch/s390/lib/uaccess.c) that fails to protect against a concurrent page table upgrade (CID-3f777e19d171), potentially allowing code execution or a crash. The initial documents do n...

7CVSS6.6AI score0.00397EPSS
CVE
CVE
added 2022/01/19 11:23 a.m.293 views

CVE-2022-21283

CVE-2022-21283 affects Oracle Java SE (Libraries) and GraalVM Enterprise Edition, with affected versions including Java SE 11.0.13 and 17.0.1, and GraalVM EE 20.3.4/21.3.0. The vulnerability allows unauthenticated network-based access and can cause a partial denial of service (A: PARTIAL) per CVS...

5.3CVSS4.8AI score0.03782EPSS
CVE
CVE
added 2022/01/19 11:25 a.m.284 views

CVE-2022-21366

CVE-2022-21366 affects Oracle Java SE (ImageIO) and Oracle GraalVM Enterprise Edition. The Oracle advisory describes affected versions: Java SE 11.0.13 and 17.0.1; GraalVM EE 20.3.4 and 21.3.0. Exploitation could allow an unauthenticated network attacker to cause a partial denial of service or, d...

5.3CVSS4.7AI score0.03216EPSS
CVE
CVE
added 2021/08/08 7:26 p.m.283 views

CVE-2021-38201

The CVE affects the Linux kernel, specifically net/sunrpc/xdr.c, where an out-of-bounds slab access (xdr_set_page_base) could be triggered by many NFS 4.2 READ_PLUS operations, allowing remote denial-of-service. Affected: Linux kernel versions prior to 5.13.4. Root cause: slab-out-of-bounds acces...

7.5CVSS6.8AI score0.03365EPSS
CVE
CVE
added 2022/01/19 11:22 a.m.279 views

CVE-2022-21277

CVE-2022-21277 affects Oracle Java SE and Oracle GraalVM Enterprise Edition via ImageIO, with additional related CVEs (CVE-2022-21248, CVE-2022-21282, CVE-2022-21283, CVE-2022-21291, CVE-2022-21293, CVE-2022-21294, CVE-2022-21299, CVE-2022-21305, CVE-2022-21341, CVE-2022-21360, CVE-2022-21365, CV...

5.3CVSS4.7AI score0.03091EPSS
CVE
CVE
added 2019/12/08 1:1 a.m.278 views

CVE-2019-19448

CVE-2019-19448 is a use-after-free in Linux kernel’s Btrfs code (try_merge_free_space in fs/btrfs/free-space-cache.c). It can be triggered by mounting a crafted Btrfs image and performing operations followed by a syncfs, due to a pointer alias between left and right data structures. Affected: Lin...

7.8CVSS7AI score0.02143EPSS
CVE
CVE
added 2022/01/19 11:22 a.m.276 views

CVE-2022-21271

CVE-2022-21271 is a vulnerability in Oracle Java SE and Oracle GraalVM Enterprise Edition (Libraries). Affected versions are Oracle Java SE: 7u321, 8u311, 11.0.13; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. The description states it is easily exploitable by an unauthenticated attacker ...

5.3CVSS4.6AI score0.02789EPSS
CVE
CVE
added 2019/02/22 3:0 p.m.274 views

CVE-2019-9003

CVE-2019-9003 affects the Linux kernel prior to 4.20.5. The issue is a use-after-free in drivers/char/ipmi/ipmi_msghandler.c that can trigger an oops under certain concurrent execution, demonstrated by a service ipmievd restart loop. Impact is availability disruption (HIGH) with no confidentialit...

7.8CVSS7.3AI score0.04881EPSS
CVE
CVE
added 2019/12/25 3:1 a.m.272 views

CVE-2019-19965

CVE-2019-19965 is a vulnerability in the Linux kernel (affecting the SAS SAS discover path) where a NULL pointer dereference occurs in drivers/scsi/libsas/sas_discover.c due to mishandling of port disconnection during discovery, related to a PHY down race condition (CID-f70267f379b5). The Unity L...

4.7CVSS6.2AI score0.00654EPSS
Total number of security vulnerabilities192