Lucene search
K
NetappStorage Automation Store

113 matches found

CVE
CVE
added 2019/01/10 12:0 a.m.5801 views

CVE-2018-20685

CVE-2018-20685 affects OpenSSH scp client: scp.c allows remote servers to bypass access restrictions via the filename "." or an empty filename, potentially enabling modification of the client-directory permissions. Multiple advisories confirm this vulnerability and fix paths: Arch Linux ASA-20190...

5.3CVSS6.3AI score0.03681EPSS
In wild
CVE
CVE
added 2019/01/31 12:0 a.m.5562 views

CVE-2019-6110

CVE-2019-6110 (OpenSSH SCP client) affects OpenSSH 7.9. The vulnerability arises from accepting and displaying arbitrary stderr output from the SCP server, allowing a malicious server or MITM to spoof SCP client output and potentially mask or override transferred files. Connected advisories confi...

6.8CVSS6.2AI score0.20906EPSS
In wild
CVE
CVE
added 2019/01/31 12:0 a.m.4868 views

CVE-2019-6109

OpenSSH 7.9 contains CVE-2019-6109: missing character encoding in the progress display allows a malicious server/MITM to spoof scp client output by crafting object names (refresh_progress_meter in progressmeter.c). The vulnerability can enable spoofing of file transfer output; related issues incl...

6.8CVSS6.7AI score0.03807EPSS
In wild
CVE
CVE
added 2018/03/26 3:0 p.m.4808 views

CVE-2017-15715

CVE-2017-15715 affects Apache HTTP Server 2.4.0–2.4.29. The issue: the expression could treat a trailing '$' as a newline in a malicious filename, bypassing filename-end checks and potentially allowing uploads that would otherwise be blocked. Documents consistently describe this as a bypass vuln...

8.1CVSS7.2AI score0.86006EPSS
In wild
CVE
CVE
added 2018/03/26 3:0 p.m.3574 views

CVE-2018-1283

In Apache httpd (mod_session) versions 2.4.0–2.4.29, when SessionEnv forwarding is enabled to CGI applications, a remote attacker can influence their content by sending a crafted Session header. This arises from mod_session forwarding data using the HTTP_SESSION variable name, which overlaps with...

5.3CVSS7AI score0.10118EPSS
CVE
CVE
added 2019/01/30 10:0 p.m.3432 views

CVE-2018-17199

In Apache HTTP Server 2.4.x up to 2.4.37, the vulnerability CVE-2018-17199 is caused by mod_session_cookie: the session expiry time is checked before decoding the session, so expiry is ignored for mod_session_cookie sessions. This means session expiry may not be enforced for affected sessions. Th...

7.5CVSS6.4AI score0.19994EPSS
CVE
CVE
added 2017/07/13 4:0 p.m.3291 views

CVE-2017-9788

Apache httpd vulnerability CVE-2017-9788 stems from mod_auth_digest not initializing or resetting the value placeholder in Digest Proxy-Authorization headers between key=value assignments, which can leak previous memory data or cause a segfault/DoS. Affected: httpd 2.2.34 and 2.4.x prior to 2.4.2...

9.1CVSS8.4AI score0.5677EPSS
CVE
CVE
added 2018/03/09 8:0 p.m.3151 views

CVE-2016-8612

CVE-2016-8612 affects Apache HTTP Server mod_cluster prior to httpd 2.4.23, with a flaw in the protocol parsing logic of the load balancer that can cause a Segmentation Fault in the httpd process due to improper input validation. Exploitation details are not provided in the connected documents; r...

4.3CVSS5.2AI score0.04692EPSS
CVE
CVE
added 2018/03/26 3:0 p.m.2998 views

CVE-2017-15710

The CVE-2017-15710 issue affects Apache httpd when mod_authnz_ldap is used with AuthLDAPCharsetConfig. A crafted Accept-Language header is looked up in a charset table; if not present, it is truncated to two characters, and values shorter than two characters trigger an out-of-bounds write of a NU...

7.5CVSS7.5AI score0.18197EPSS
CVE
CVE
added 2019/03/08 11:0 p.m.2594 views

CVE-2019-9641

CVE-2019-9641 affects PHP's EXIF extension (older PHP 7.1.x/7.2.x/7.3.x branches). Affected versions are PHP 7.1.0–7.1.26/7.2.0–7.2.15/7.3.0–7.3.2 (per sources: 7.1.27, 7.2.16, 7.3.3 as fixed). The root cause is an uninitialized read in exif_process_IFD_in_TIFF (with related notes on exif_process...

9.8CVSS9.2AI score0.09395EPSS
CVE
CVE
added 2018/09/25 9:0 p.m.1655 views

CVE-2018-11763

CVE-2018-11763 affects Apache HTTP Server 2.4.17–2.4.34 and targets the HTTP/2 implementation. The issue arises when a client sends continuous, large SETTINGS frames, allowing a single connection to occupy a server thread and CPU time without triggering a connection timeout. Impact is limited to ...

5.9CVSS5.6AI score0.51002EPSS
CVE
CVE
added 2019/02/22 11:0 p.m.1631 views

CVE-2019-9020

CVE-2019-9020 affects PHP versions before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. It stems from invalid input to xmlrpc_decode(), enabling a heap out-of-bounds read via xml_elem_parse_buf in ext/xmlrpc/libxmlrpc/xml_element.c. The impact is a memory access issue th...

9.8CVSS8.4AI score0.10059EPSS
CVE
CVE
added 2019/02/22 11:0 p.m.1339 views

CVE-2019-9021

CVE-2019-9021 affects PHP releases prior to 5.6.40, 7.x prior to 7.1.26, 7.2.x prior to 7.2.14, and 7.3.x prior to 7.3.1. It describes a heap-based buffer over-read in PHAR reading functions of the PHAR extension (phar_detect_phar_fname_ext in ext/phar/phar.c) that can cause reading memory past t...

9.8CVSS8.5AI score0.10059EPSS
CVE
CVE
added 2019/02/22 11:0 p.m.1331 views

CVE-2019-9024

CVE-2019-9024 affects PHP’s xmlrpc_decode() path via base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c. A hostile XMLRPC server can cause memory to be read outside allocated areas. Affected: PHP 5.6.x before 5.6.40; PHP 7.x before 7.1.26; 7.2.x before 7.2.14; 7.3.x before 7.3.1. Remediation (...

7.5CVSS8.3AI score0.0712EPSS
CVE
CVE
added 2018/06/18 6:0 p.m.1289 views

CVE-2018-1333

CVE-2018-1333 affects Apache HTTP Server. By specially crafting HTTP/2 requests, workers could be allocated 60 seconds longer than necessary, causing worker exhaustion and denial of service. Affected versions: 2.4.18–2.4.30 and 2.4.33; fixed in 2.4.34. The vulnerability originates from the HTTP/2...

7.5CVSS6.3AI score0.17103EPSS
CVE
CVE
added 2018/03/26 3:0 p.m.1179 views

CVE-2018-1301

CVE-2018-1301 affects the Apache HTTP Server (httpd) prior to 2.4.30, caused by an out-of-bounds access after a size limit is reached when reading the HTTP header. Impact described as a crash (low risk for normal usage). Affected component is httpd’s HTTP header parsing; root cause is an out-of-b...

5.9CVSS7.5AI score0.15564EPSS
CVE
CVE
added 2019/02/22 11:0 p.m.1173 views

CVE-2019-9023

CVE-2019-9023 affects PHP mbstring: heap-based buffer over-read when regcomp/regexec/regparse in mbstring are fed invalid multibyte data. Affected versions include PHP 5.6.40 and PHP 7.x prior to 7.1.26 (7.1.x), 7.2.x prior to 7.2.14, and 7.3.x prior to 7.3.1. Root cause is memory read outside al...

9.8CVSS8.5AI score0.09317EPSS
CVE
CVE
added 2018/03/26 3:0 p.m.1171 views

CVE-2018-1303

CVE-2018-1303: An out-of-bounds read in mod_cache_socache could crash the Apache HTTP Server prior to 2.4.30, enabling a DoS against users of httpd. The issue is discussed across multiple advisories (Debian/ALT Linux/Arch Linux security notes and CentOS RH advisories) and is attributed to imprope...

7.5CVSS7.3AI score0.70783EPSS
CVE
CVE
added 2018/08/02 3:0 p.m.1167 views

CVE-2017-9120

CVE-2017-9120 affects PHP 7.x through 7.1.5, due to an Integer overflow in mysqli_real_escape_string that can trigger a denial of service (buffer overflow and application crash). The connected documents confirm this root cause and impact across multiple advisories and listings (e.g., CVE-2017-912...

9.8CVSS9.8AI score0.07562EPSS
In wild
CVE
CVE
added 2019/01/30 10:0 p.m.1157 views

CVE-2018-17189

CVE-2018-17189 : In Apache HTTP Server 2.4.37 and earlier, mod_http2 can cause a DoS by handling slowloris-style request bodies, unnecessarily occupying a server thread for the h2 stream on HTTP/2 connections. Affected product: Apache HTTP Server with mod_http2. Impact: denial of service via thre...

5.3CVSS6.1AI score0.19404EPSS
CVE
CVE
added 2018/03/26 3:0 p.m.1070 views

CVE-2018-1302

Apache HTTP Server (httpd) before 2.4.30 may write a NULL pointer to freed memory when an HTTP/2 stream is destroyed after handling. This is described as low risk and hard to trigger in standard configurations, with no reproducibility outside debug builds. Affected releases include older 2.4.x li...

5.9CVSS6.4AI score0.13436EPSS
CVE
CVE
added 2019/01/27 2:0 a.m.1044 views

CVE-2019-6977

The CVE-2019-6977 issue affects the GD Graphics Library (LibGD) via gdImageColorMatch in gd_color_match.c. A heap-based buffer overflow in this function affects GD 2.2.5 and PHP builds before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1 when imagecolormatch processes cra...

8.8CVSS8.6AI score0.65116EPSS
Web
CVE
CVE
added 2019/03/08 11:0 p.m.965 views

CVE-2019-9637

CVE-2019-9637 concerns a PHP file-rename across filesystems: during the rename, the target may briefly have incorrect permissions, potentially allowing unauthorized data access. The initial description specifies affected PHP versions: before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Co...

7.5CVSS8.3AI score0.07347EPSS
CVE
CVE
added 2019/02/27 11:0 p.m.925 views

CVE-2019-1559

OpenSSL vulnerability CVE-2019-1559 describes a padding-oracle weakness where, if an application encounters a fatal protocol error and then calls SSL_shutdown() twice (to send close_notify and to receive one), the server may respond differently to a 0-byte record with invalid padding versus inval...

5.9CVSS6.3AI score0.17139EPSS
CVE
CVE
added 2019/03/08 11:0 p.m.883 views

CVE-2019-9639

CVE-2019-9639 affects the PHP EXIF extension: uninitialized read in exif_process_IFD_in_MAKERNOTE (data_len mishandling) on PHP < 7.1.27, < 7.2.16, and

7.5CVSS8.3AI score0.08202EPSS
CVE
CVE
added 2019/03/08 11:0 p.m.881 views

CVE-2019-9638

CVE-2019-9638 affects PHP’s EXIF component. Root cause: uninitialized read in exif_process_IFD_in_MAKERNOTE due to mishandling maker_note->offset/value_len. Affected versions: PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Impact is potential arbitrary code execution on the sy...

7.5CVSS8.3AI score0.06677EPSS
CVE
CVE
added 2018/05/16 4:0 p.m.877 views

CVE-2018-8014

CVE-2018-8014 affects the default configuration of Tomcat’s CORS filter, where default settings enable supportsCredentials for all origins across multiple releases (9.0.0.M1–9.0.8, 8.5.0–8.5.31, 8.0.0.RC1–8.0.52, 7.0.41–7.0.88). The issue is that environments relying on the default CORS configura...

9.8CVSS8.6AI score0.21979EPSS
CVE
CVE
added 2018/09/16 3:0 p.m.712 views

CVE-2018-17082

The CVE-2018-17082 entry covers a cross-site scripting vulnerability in the Apache2 module of PHP. Affected releases are PHP with Apache2 handler: PHP 5.6.38 and earlier in 5.6.x; 7.0.x before 7.0.32; 7.1.x before 7.1.22; and 7.2.x before 7.2.10. The root cause is mishandling of the bucket brigad...

6.1CVSS6AI score0.04103EPSS
CVE
CVE
added 2019/01/16 7:0 p.m.668 views

CVE-2019-2537

CVE-2019-2537 affects the MySQL Server component (subcomponent: Server: DDL) of Oracle MySQL. Affected: 5.6.42 and prior, 5.7.24 and prior, 8.0.13 and prior. Description in connected docs confirms an easily exploitable, network-accessible vulnerability that can cause the MySQL Server to hang or c...

4.9CVSS5.1AI score0.04457EPSS
CVE
CVE
added 2019/01/16 7:0 p.m.639 views

CVE-2019-2529

CVE-2019-2529 affects Oracle MySQL Server (Server: Optimizer). Affected: 5.6.42 and prior, 5.7.24 and prior, 8.0.13 and prior. Low-privilege, network-access attacker can cause a hang or complete DOS. Remediation: advisories/applicable updates exist (e.g., ALAS/CentOS/RHSA); update mariadb/mysql p...

6.5CVSS6.2AI score0.0461EPSS
CVE
CVE
added 2018/04/29 9:0 p.m.626 views

CVE-2018-10549

PHP contains an out-of-bounds read in exif_read_data() (ext/exif/exif.c) when parsing crafted JPEG data due to MakerNote handling lacking a final '\0' character. Affected are PHP 5.6.x up to 5.6.36, 7.0.x up to 7.0.30, 7.1.x up to 7.1.17, and 7.2.x up to 7.2.5. Impact: potential reads beyond boun...

8.8CVSS7.8AI score0.07159EPSS
CVE
CVE
added 2018/04/29 9:0 p.m.614 views

CVE-2018-10545

Technical details (affected products, versions, exploit information, and fixes) are not provided in the supplied documents. Please monitor for updates.

4.7CVSS5.5AI score0.00831EPSS
CVE
CVE
added 2019/02/22 11:0 p.m.600 views

CVE-2019-9022

CVE-2019-9022 affects PHP 7.x prior to 7.1.26, 7.2.x prior to 7.2.14, and 7.3.x prior to 7.3.2. dns_get_record may misparse a DNS response, enabling a hostile DNS server to cause memcpy misuse and read past the buffer allocated for DNS data in php_parserr (ext/standard/dns.c) for DNS_CAA and DNS_...

7.5CVSS8.3AI score0.04188EPSS
CVE
CVE
added 2017/04/17 9:0 p.m.599 views

CVE-2017-5645

CVE-2017-5645 affects Apache Log4j 2.x prior to 2.8.2. The vulnerability arises when using a TCP/UDP socket server to receive serialized log events from another application; a crafted binary payload can be deserialized to execute arbitrary code. The documented impact is remote code execution via ...

9.8CVSS9.5AI score0.8904EPSS
CVE
CVE
added 2018/04/29 9:0 p.m.589 views

CVE-2018-10547

CVE-2018-10547: Reflected XSS on PHAR 403/404 error pages due to an incomplete fix for CVE-2018-5712. Affected PHP versions are: 5.6 before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. Exploitation involves request data for a .phar file leading to XSS on error pages. ...

6.1CVSS7.2AI score0.0363EPSS
CVE
CVE
added 2018/07/18 1:0 p.m.542 views

CVE-2018-3064

CVE-2018-3064 affects the MySQL Server component (InnoDB). The initial description lists affected versions as 5.6.40 and earlier, 5.7.22 and earlier, and 8.0.11 and earlier, with a network-accessible, low-privilege exploit that can cause a hang/crash (DoS) and unauthorized read/write of data. Con...

7.1CVSS6.7AI score0.03162EPSS
CVE
CVE
added 2018/10/30 12:0 p.m.536 views

CVE-2018-0734

CVE-2018-0734 (OpenSSL) describes a timing side-channel in the DSA signature algorithm that could enable private key recovery. The initial entry notes fixes in OpenSSL releases 1.1.1a (and 1.1.0j, 1.0.2q) for affected branches. Connected advisories (CloudLinux, Arch Linux, Amazon/Linux distributi...

5.9CVSS5.9AI score0.12154EPSS
CVE
CVE
added 2017/11/07 9:0 p.m.524 views

CVE-2017-16642

CVE-2017-16642 is a PHP core timelib_meridian parsing bug in ext/date/lib/parse_date.c causing out-of-bounds reads. Affected are PHP versions before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11. The issue can leak information from the interpreter if attackers supply crafted date strings. Th...

7.5CVSS8.2AI score0.26373EPSS
CVE
CVE
added 2018/08/03 1:0 p.m.517 views

CVE-2018-14883

CVE-2018-14883 is a heap-based buffer over-read in exif_thumbnail_extract (exif.c) of PHP. Affected are PHP 5.6.37 and 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. Some sources note potential remote code execution in vulnerable scenarios. Remediation is to upgrade to the fixe...

7.5CVSS7.5AI score0.08975EPSS
CVE
CVE
added 2018/04/29 9:0 p.m.502 views

CVE-2018-10548

CVE-2018-10548 affects PHP’s ext/ldap/ldap.c, where mishandling of the ldap_get_dn return value enables a remote LDAP server to trigger a NULL pointer dereference and cause denial of service (application crash). Affected branches: PHP 5.6.x up to 5.6.36, 7.0.x up to 7.0.30, 7.1.x up to 7.1.17, an...

7.5CVSS6.2AI score0.08677EPSS
CVE
CVE
added 2019/04/18 4:57 p.m.492 views

CVE-2019-11034

CVE-2019-11034 (and related CVEs) affects PHP’s EXIF extension. The issue is a heap-based/over-read when processing certain files that allows reading beyond allocated buffers via exif_process_IFD_TAG (and related functions such as exif_iif_add_value). Affected PHP branches: 7.1.x < 7.1.28, 7.2...

9.1CVSS7AI score0.04094EPSS
CVE
CVE
added 2018/08/07 3:0 p.m.490 views

CVE-2018-15132

The CVE-2018-15132 issue affects PHP's Windows implementation in ext/standard/link_win32.c. The linkinfo function does not perform an open_basedir check, enabling potential access to files outside allowed directories. Affected versions are PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1....

7.5CVSS7.3AI score0.04592EPSS
CVE
CVE
added 2018/07/18 1:0 p.m.490 views

CVE-2018-3060

CVE-2018-3060 affects Oracle MySQL Server (InnoDB) with affected versions 5.5/5.6 per IBM/Guardium disclosures. The vulnerability is described as an unspecified issue in InnoDB that could allow an authenticated attacker to achieve no confidentiality impact, but high integrity and high availabilit...

6.5CVSS6.3AI score0.02947EPSS
CVE
CVE
added 2019/01/16 7:0 p.m.479 views

CVE-2019-2534

CVE-2019-2534 affects Oracle MySQL Server (subcomponent: Server: Replication). Affected versions are 5.6.42 and earlier, 5.7.24 and earlier, and 8.0.13 and earlier. The vulnerability is exploitable by a low-privileged attacker with network access via multiple protocols, potentially leading to una...

7.1CVSS6.4AI score0.0203EPSS
CVE
CVE
added 2019/04/18 4:57 p.m.474 views

CVE-2019-11035

CVE-2019-11035 affects the PHP EXIF extension: reading past the allocated buffer in exif_iif_add_value can disclose information or crash. Affected are PHP 7.1.x < 7.1.28, 7.2.x < 7.2.17, and 7.3.x

9.1CVSS7AI score0.04409EPSS
CVE
CVE
added 2018/10/17 12:0 p.m.473 views

CVE-2018-10933

CVE-2018-10933 affects libssh, specifically the server-side state machine, where versions prior to 0.7.6 and 0.8.4 allow an unauthenticated attacker to create channels and gain unauthorized access. The underlying issue is an authentication bypass in the server code, reported by multiple vendors a...

9.1CVSS8.5AI score0.91789EPSS
CVE
CVE
added 2018/04/29 9:0 p.m.470 views

CVE-2018-10546

CVE-2018-10546 affects PHP versions prior to 5.6.36, 7.0.x prior to 7.0.30, 7.1.x prior to 7.1.17, and 7.2.x prior to 7.2.5. The root cause is an infinite loop in ext/iconv/iconv.c caused by the iconv stream filter not rejecting invalid multibyte sequences. Consequences include potential denial o...

7.5CVSS6.8AI score0.10433EPSS
CVE
CVE
added 2018/07/18 1:0 p.m.469 views

CVE-2018-3081

CVE-2018-3081 affects the MySQL Client component of Oracle MySQL. Affected versions: 5.5.60 and prior, 5.6.40 and prior, 5.7.22 and prior, and 8.0.11 and prior. Attackers with network access via multiple protocols can exploit it to cause a hang or a crash (DoS) and may update/insert/delete data i...

5CVSS5.2AI score0.02444EPSS
CVE
CVE
added 2018/10/17 1:0 a.m.458 views

CVE-2018-3156

CVE-2018-3156 affects Oracle MySQL Server (subcomponents: InnoDB; also referenced in multiple advisories) with affected versions: 5.6.41 and earlier, 5.7.23 and earlier, and 8.0.12 and earlier. According to the connected advisories for Linux distributions, the vulnerability enables network-access...

6.5CVSS6.9AI score0.03716EPSS
CVE
CVE
added 2018/10/17 1:0 a.m.458 views

CVE-2018-3251

CVE-2018-3251 affects Oracle MySQL Server (InnoDB). Affected: 5.6.41 and earlier, 5.7.23 and earlier, 8.0.12 and earlier. Exploitation via network against multiple protocols can cause a hang or crash (DOS). Several advisories reference fixes in corresponding OS/package updates (e.g., ALAS and Deb...

6.5CVSS6.9AI score0.03053EPSS
Total number of security vulnerabilities113