Lucene search
K
NetappStoragegrid

72 matches found

CVE
CVE
added 2017/06/20 1:0 a.m.7613 views

CVE-2017-3167

CVE-2017-3167 affects Apache httpd 2.2.x prior to 2.2.33 and 2.4.x prior to 2.4.26. The issue is that third‑party modules using ap_get_basic_auth_pw() outside the authentication phase can bypass authentication requirements. Connected sources confirm the impact and upstream fixes: update to httpd ...

9.8CVSS9.6AI score0.20231EPSS
CVE
CVE
added 2018/03/26 3:0 p.m.7380 views

CVE-2018-1312

CVE-2018-1312 affects Apache httpd 2.2.0–2.4.29 where nonce generation for HTTP Digest authentication was not seeded with a proper pseudo-random seed. This allowed replay across servers in a common Digest configuration. Public advisories (CentOS, Debian, Arch Linux, ALT Linux) fix confirmed in ve...

9.8CVSS7.5AI score0.15885EPSS
CVE
CVE
added 2021/09/16 2:40 p.m.6643 views

CVE-2021-39275

CVE-2021-39275 affects Apache HTTP Server (httpd) up to 2.4.48 and earlier. The issue is an out-of-bounds write in ap_escape_quotes() when given malicious input, potentially crashing the server or enabling code execution in some environments. Several connected sources concur this vulnerability ex...

9.8CVSS9.3AI score0.36339EPSS
CVE
CVE
added 2017/06/20 1:0 a.m.6044 views

CVE-2017-7668

CVE-2017-7668: Apache httpd contains a buffer over-read in ap_find_token() caused by strict HTTP parsing changes in 2.2.32 and 2.4.24. A remote attacker can craft headers to crash the httpd process or have ap_find_token() return an incorrect value. Affected distributions have addressed this by up...

7.5CVSS8.4AI score0.57472EPSS
CVE
CVE
added 2018/03/26 3:0 p.m.4800 views

CVE-2017-15715

CVE-2017-15715 affects Apache HTTP Server 2.4.0–2.4.29. The issue: the expression could treat a trailing '$' as a newline in a malicious filename, bypassing filename-end checks and potentially allowing uploads that would otherwise be blocked. Documents consistently describe this as a bypass vuln...

8.1CVSS7.2AI score0.86006EPSS
In wild
CVE
CVE
added 2021/09/16 2:40 p.m.4714 views

CVE-2021-40438

CVE-2021-40438 is an SSRF flaw in Apache HTTP Server 2.4.x through older revisions where a crafted request URI path can cause mod_proxy to forward the request to an origin server chosen by the remote user. The issue affects Apache httpd 2.4.48 and earlier; the CVSSv3.1 base score is 9.0 (CRITICAL...

9CVSS9.5AI score0.99999EPSS
In wild
CVE
CVE
added 2018/01/21 10:0 p.m.4209 views

CVE-2016-10708

OpenSSH sshd before 7.4 is vulnerable to a denial of service caused by a NULL pointer dereference when processing an out-of-sequence NEWKEYS message (kex.c/packet.c). This affects the OpenSSH server; exploitation leads to daemon crash as demonstrated by Honggfuzz. Affected products include OpenSS...

7.5CVSS5.9AI score0.15716EPSS
CVE
CVE
added 2018/03/26 3:0 p.m.3569 views

CVE-2018-1283

In Apache httpd (mod_session) versions 2.4.0–2.4.29, when SessionEnv forwarding is enabled to CGI applications, a remote attacker can influence their content by sending a crafted Session header. This arises from mod_session forwarding data using the HTTP_SESSION variable name, which overlaps with...

5.3CVSS7AI score0.10118EPSS
CVE
CVE
added 2018/03/26 3:0 p.m.2994 views

CVE-2017-15710

The CVE-2017-15710 issue affects Apache httpd when mod_authnz_ldap is used with AuthLDAPCharsetConfig. A crafted Accept-Language header is looked up in a charset table; if not present, it is truncated to two characters, and values shorter than two characters trigger an out-of-bounds write of a NU...

7.5CVSS7.5AI score0.18197EPSS
CVE
CVE
added 2025/03/12 8:53 p.m.2053 views

CVE-2025-25292

Ruby-saml contains an authentication bypass vulnerability caused by a parser differential between ReXML and Nokogiri. The issue affects versions older than 1.12.4 and 1.18.0, enabling a Signature Wrapping attack that can lead to bypassing SAML authentication. A patch exists in versions 1.12.4 and...

9.8CVSS7AI score0.63792EPSS
CVE
CVE
added 2021/09/16 2:40 p.m.2021 views

CVE-2021-34798

CVE-2021-34798 is a vulnerability in Apache HTTP Server where malformed requests may cause a NULL pointer dereference in the httpd core. The issue affects Apache HTTP Server 2.4.48 and earlier, and the resulting crash can lead to a Denial of Service. Multiple connected advisories confirm the same...

7.5CVSS8.8AI score0.64509EPSS
CVE
CVE
added 2025/03/12 8:16 p.m.2011 views

CVE-2025-25291

ruby-saml vulnerabilities CVE-2025-25291/25292/25293 relate to a parser differential between ReXML and Nokogiri that enables a Signature Wrapping authentication bypass and related DoS when handling SAML inputs. Affected versions prior to 1.12.4 and 1.18.0 are vulnerable; fixes are shipped in 1.12...

9.8CVSS7AI score0.19506EPSS
CVE
CVE
added 2021/09/16 2:40 p.m.1520 views

CVE-2021-36160

CVE-2021-36160 affects Apache HTTP Server mod_proxy_uwsgi. A crafted request URI-path can cause mod_proxy_uwsgi to read beyond allocated memory, triggering a DoS. The issue is reported for Apache httpd versions 2.4.30–2.4.48. Public sources in connected documents corroborate the impact as an out-...

7.5CVSS8.5AI score0.62887EPSS
In wild
CVE
CVE
added 2022/03/15 5:5 p.m.1352 views

CVE-2022-0778

CVE-2022-0778 describes an infinite loop in BN_mod_sqrt() when parsing certain ASN.1 elliptic-curve parameters, enabling DoS during certificate or key processing. Affected OpenSSL versions include 1.0.2, 1.1.1, and 3.0 (specific ranges: 1.0.2 (1.0.2–1.0.2zc), 1.1.1 (1.1.1–1.1.1m), 3.0 (3.0.0–3.0....

7.5CVSS7.8AI score0.70561EPSS
In wildWeb
CVE
CVE
added 2022/08/05 12:0 a.m.1220 views

CVE-2022-37434

CVE-2022-37434 describes a heap-based buffer over-read/overflow in zlib’s inflate() (inflate.c) when handling a large gzip header extra field. The vulnerability is limited to code paths that call inflateGetHeader, and is fixed in subsequent zlib revisions. Connected advisories indicate affected e...

9.8CVSS9.9AI score0.1593EPSS
CVE
CVE
added 2018/03/26 3:0 p.m.1176 views

CVE-2018-1301

CVE-2018-1301 affects the Apache HTTP Server (httpd) prior to 2.4.30, caused by an out-of-bounds access after a size limit is reached when reading the HTTP header. Impact described as a crash (low risk for normal usage). Affected component is httpd’s HTTP header parsing; root cause is an out-of-b...

5.9CVSS7.5AI score0.15564EPSS
CVE
CVE
added 2018/03/26 3:0 p.m.1168 views

CVE-2018-1303

CVE-2018-1303: An out-of-bounds read in mod_cache_socache could crash the Apache HTTP Server prior to 2.4.30, enabling a DoS against users of httpd. The issue is discussed across multiple advisories (Debian/ALT Linux/Arch Linux security notes and CentOS RH advisories) and is attributed to imprope...

7.5CVSS7.3AI score0.70783EPSS
CVE
CVE
added 2018/03/26 3:0 p.m.1067 views

CVE-2018-1302

Apache HTTP Server (httpd) before 2.4.30 may write a NULL pointer to freed memory when an HTTP/2 stream is destroyed after handling. This is described as low risk and hard to trigger in standard configurations, with no reproducibility outside debug builds. Affected releases include older 2.4.x li...

5.9CVSS6.4AI score0.13436EPSS
CVE
CVE
added 2019/02/27 11:0 p.m.920 views

CVE-2019-1559

OpenSSL vulnerability CVE-2019-1559 describes a padding-oracle weakness where, if an application encounters a fatal protocol error and then calls SSL_shutdown() twice (to send close_notify and to receive one), the server may respond differently to a 0-byte record with invalid padding versus inval...

5.9CVSS6.3AI score0.17139EPSS
CVE
CVE
added 2021/03/25 2:25 p.m.813 views

CVE-2021-3449

CVE-2021-3449 affects OpenSSL 1.1.1.x where a TLSv1.2 server may crash (DoS) if it receives a renegotiation ClientHello that omits the signature_algorithms extension but includes signature_algorithms_cert. The issue is a NULL pointer dereference leading to a denial of service; OpenSSL clients are...

5.9CVSS6.7AI score0.62906EPSS
CVE
CVE
added 2016/04/21 10:0 a.m.779 views

CVE-2016-3427

CVE-2016-3427 is an unspecified vulnerability in Oracle Java SE (affecting 6u113, 7u99, 8u77) and JRockit, tied to the Java Management Extensions (JMX) component. Exploitation can affect confidentiality, integrity, and availability via JMX-related vectors; the issue is described as an unspecified...

10CVSS6.8AI score0.92334EPSS
In wild
CVE
CVE
added 2021/07/15 1:47 p.m.623 views

CVE-2021-34558

CVE-2021-34558 affects the Go crypto/tls implementation. In Go up to 1.16.5, the certificate public-key type is not properly validated for RSA-based key exchanges, allowing a TLS server to trigger a panic in the client. Several connected advisories link this to Go’s TLS handling and note remediat...

6.5CVSS7AI score0.07032EPSS
CVE
CVE
added 2021/03/25 2:25 p.m.564 views

CVE-2021-3450

CVE-2021-3450 affects OpenSSL 1.1.1h–1.1.1j where a bug in the X509_V_FLAG_X509_STRICT path overwrote a prior CA-check result, bypassing the non-CA certificates prohibition unless a programmed purpose is used. When a purpose is configured, the certificate chain is still rejected; the issue is fix...

7.4CVSS7.6AI score0.18339EPSS
CVE
CVE
added 2022/02/11 12:16 a.m.511 views

CVE-2022-23773

CVE-2022-23773 affects the Go toolchain component cmd/go. Impact: branch names may be misinterpreted as version tags, potentially granting inappropriate access to create branches but not tags. Affected: Go before 1.16.14 and 1.17.x before 1.17.7. Mitigation: upgrade to fixed releases (Go 1.16.14+...

7.5CVSS8.1AI score0.02698EPSS
CVE
CVE
added 2022/02/11 12:0 a.m.503 views

CVE-2022-23806

CVE-2022-23806 affects Go's crypto/elliptic IsOnCurve, which can incorrectly return true when a big.Int value is not a valid field element. Impact: potential impact to availability and integrity as implied by the vulnerability description. Root cause is an out-of-spec check in IsOnCurve for inval...

9.1CVSS9.1AI score0.03015EPSS
CVE
CVE
added 2021/01/26 2:23 a.m.502 views

CVE-2021-3114

CVE-2021-3114 affects Go’s elliptic curve implementation on the P-224 curve. Affected products/versions: Go before 1.14.14 and 1.15.x before 1.15.7. Root cause: the crypto/elliptic/p224.go path can produce incorrect outputs due to an underflow of the lowest limb during the final complete reductio...

6.5CVSS7AI score0.02689EPSS
CVE
CVE
added 2020/07/15 5:34 p.m.497 views

CVE-2020-14556

CVE-2020-14556 and related CVEs (e.g., 14577, 14578, 14579, 14581, 14583, 14593, 14621, 14664) pertain to Oracle Java SE/OpenJDK/OpenJDK-derived runtimes across multiple components (Libraries, JSSE, 2D, JAXP, JavaFX, etc.). The primary 2020 issue affects Java SE and Java SE Embedded on various ve...

5.8CVSS4.9AI score0.03022EPSS
CVE
CVE
added 2022/02/11 12:11 a.m.470 views

CVE-2022-23772

CVE-2022-23772 affects Go (golang) where Rat.SetString in math/big can overflow, leading to uncontrolled memory consumption. Connected advisories confirm this issue alongside other Go vulnerabilities (e.g., CVE-2022-23773, CVE-2022-23806) across multiple Go components (cmd/go, crypto/elliptic, ar...

7.8CVSS8.4AI score0.0283EPSS
CVE
CVE
added 2020/07/15 5:34 p.m.429 views

CVE-2020-14577

CVE-2020-14577 is a TLS/JSSE-related issue in Oracle Java SE and Java SE Embedded (affecting Java 7u261, 8u251, 11.0.7 and 14.0.1; Embedded 8u251) enabling unauthenticated network access to read some data. Connected advisories show vendor-specific mitigations: for example, Amazon Linux ALAS advis...

4.3CVSS4.4AI score0.03284EPSS
CVE
CVE
added 2020/07/15 5:34 p.m.418 views

CVE-2020-14581

CVE-2020-14581 affects Oracle Java SE/Java SE Embedded (component: 2D) with affected versions Java SE: 8u251, 11.0.7, 14.0.1 and Java SE Embedded: 8u251. The CVE is listed with a low overall base score (CVSS 3.1: 3.7) and confidentiality impact (C:L) and no impact on integrity/availability (I:N/A...

4.3CVSS4AI score0.03284EPSS
CVE
CVE
added 2020/04/15 1:29 p.m.411 views

CVE-2020-2803

CVE-2020-2803 affects OpenJDK (Libraries component, Java SE/OpenJDK). The connected document confirms a vulnerability in boundary checks of java.nio buffer classes that allows an untrusted Java applet/application to bypass Java sandbox restrictions. Affected versions align with the original descr...

8.3CVSS8.2AI score0.0623EPSS
CVE
CVE
added 2020/04/15 1:29 p.m.407 views

CVE-2020-2754

CVE-2020-2754 affects Oracle Java SE/Embedded (Scripting) with affected versions Java SE 8u241, 11.0.6 and 14; Java SE Embedded 8u241. Root cause: a parsing/validation weakness in the Scripting component allows an unauthenticated, network-based attacker to cause a partial Denial of Service on Jav...

4.3CVSS4.2AI score0.04128EPSS
CVE
CVE
added 2020/04/15 1:29 p.m.403 views

CVE-2020-2757

CVE-2020-2757 affects Oracle Java SE/SE Embedded (Serialization). Vulnerable: Java SE: 7u251, 8u241, 11.0.6, 14; SE Embedded: 8u241. Impact: unauthenticated network access leading to partial DoS on Java SE/SE Embedded. Root cause: serialization-related handling in the affected component; sandboxe...

4.3CVSS4.2AI score0.04211EPSS
CVE
CVE
added 2020/04/15 1:29 p.m.402 views

CVE-2020-2830

CVE-2020-2830 affects Oracle Java SE/Java SE Embedded (Concurrency component) with Java SE versions 7u251, 8u241, 11.0.6 and 14; Java SE Embedded 8u241. The vulnerability allows unauthenticated network-based exploitation via multiple protocols, potentially enabling partial denial of service on Ja...

5.3CVSS5AI score0.04948EPSS
CVE
CVE
added 2020/04/15 1:29 p.m.398 views

CVE-2020-2773

CVE-2020-2773 is a vulnerability in Oracle Java SE and Java SE Embedded (component: Security) that can be exploited remotely by unauthenticated attackers to cause a partial denial of service on affected Java runtimes. Affected versions include Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedde...

4.3CVSS4.2AI score0.03625EPSS
CVE
CVE
added 2020/04/15 1:29 p.m.397 views

CVE-2020-2800

CVE-2020-2800 affects Oracle Java SE/Java SE Embedded, specifically the Lightweight HTTP Server component. Affected versions include Java SE 7u251, 8u241, 11.0.6, 14 and Java SE Embedded 8u241. The vulnerability can be exploited over a network with unauthenticated access via multiple protocols, p...

5.8CVSS4.9AI score0.02879EPSS
CVE
CVE
added 2020/07/15 5:34 p.m.395 views

CVE-2020-14593

CVE-2020-14593 is a vulnerability in the 2D component of Oracle Java SE/SE Embedded. Affected: Java SE 7u261, 8u251, 11.0.7, 14.0.1; Java SE Embedded 8u251. Vulnerability type is unspecified in the provided sources, but exploitation is described as unauthenticated with network access via multiple...

7.4CVSS7.1AI score0.03864EPSS
CVE
CVE
added 2020/07/15 5:34 p.m.390 views

CVE-2020-14583

CVE-2020-14583 affects Oracle Java SE/Java SE Embedded (Libraries component). Affected: Java SE 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded 8u251. Exploitation requires network access with user interaction and can lead to takeover of Java SE/Embedded with high impact on confidentiality, int...

8.3CVSS8.2AI score0.04029EPSS
CVE
CVE
added 2020/04/15 1:29 p.m.388 views

CVE-2020-2781

CVE-2020-2781 concerns Oracle/OpenJDK Java SE JSSE vulnerability that allows unauthenticated network access to degrade availability in Java SE and Java SE Embedded (client/server deployment). The Chainguard data confirms affected OpenJDK JSSE components and versions, aligning with the CVE descrip...

5.3CVSS5.3AI score0.04948EPSS
CVE
CVE
added 2020/04/15 1:29 p.m.385 views

CVE-2020-2756

CVE-2020-2756 affects Oracle Java SE/Java SE Embedded (component: Serialization). Affected: Java SE 7u251, 8u241, 11.0.6, 14; Java SE Embedded 8u241. An unauthenticated, network-exposed attacker can exploit to cause a partial Denial of Service. Connected advisories show remediation via updating t...

4.3CVSS4.2AI score0.04211EPSS
CVE
CVE
added 2020/07/15 5:34 p.m.383 views

CVE-2020-14579

CVE-2020-14579 affects Oracle Java SE/Embedded (Libraries component) with affected Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. The connected advisories confirm network-remote, unauthenticated access leading to a partial denial of service via multiple protocols, per CVSS 3.1 Base Score 3.7 ...

4.3CVSS4.3AI score0.04044EPSS
CVE
CVE
added 2020/04/15 1:29 p.m.377 views

CVE-2020-2755

CVE-2020-2755 is reported in the Oracle Java SE scripting component affecting Java SE 8u241, 11.0.6 and 14 (and Java SE Embedded 8u241). The vulnerability allows an unauthenticated attacker with network access to cause a partial denial of service in Java SE/Java SE Embedded. The CVSS base score i...

4.3CVSS4.2AI score0.03899EPSS
CVE
CVE
added 2020/07/30 8:5 p.m.375 views

CVE-2020-16166

CVE-2020-16166 affects the Linux kernel by allowing remote observers to infer the network RNG internal state via drivers/char/random.c and kernel/time/timer.c. Affected platforms show fixes across multiple distributions: Debian LTS (linux package updates to 4.9.240-1/ -2; multiple CVEs), IBM advi...

4.3CVSS5.6AI score0.05228EPSS
CVE
CVE
added 2020/04/15 1:29 p.m.375 views

CVE-2020-2805

CVE-2020-2805 is an OpenJDK/OpenJDK Libraries issue. The connected Chainguard entry states the flaw resides in the readObject() method of the MethodType class within the Libraries component of OpenJDK, which can allow an untrusted Java applet or application to bypass Java sandbox restrictions. Th...

8.3CVSS8.2AI score0.04051EPSS
CVE
CVE
added 2020/07/15 5:34 p.m.368 views

CVE-2020-14578

CVE-2020-14578 affects Oracle Java SE and Java SE Embedded (Libraries component) with Java SE 7u261 and 8u251; Java SE Embedded 8u251. It is exploitable over a network (multiple protocols) by unauthenticated attackers, including via sandboxed Java Web Start apps, applets, or direct API input, lea...

4.3CVSS4.3AI score0.04044EPSS
CVE
CVE
added 2021/01/26 2:14 a.m.367 views

CVE-2021-3115

The CVE-2021-3115 entry involves the Go toolchain (golang) prior to Go 1.14.14 and 1.15.x prior to 1.15.7 on Windows, where using go get to fetch modules that use cgo can lead to command injection and remote code execution. The vulnerability stems from cgo-enabled module fetch that can execute a ...

7.5CVSS8.1AI score0.06497EPSS
CVE
CVE
added 2020/04/15 1:29 p.m.317 views

CVE-2020-2816

CVE-2020-2816 affects Oracle Java SE JSSE in Java SE 11.0.6 and 14. The vulnerability allows an unauthenticated attacker with network access via HTTPS to compromise Java SE, potentially enabling unauthorized creation, deletion, or modification of data in Java SE‑accessible data. The description n...

7.5CVSS6.8AI score0.02698EPSS
CVE
CVE
added 2017/11/13 10:0 p.m.298 views

CVE-2016-8610

CVE-2016-8610 is a denial-of-service flaw in OpenSSL affecting TLS/SSL alert packet processing during handshakes. The issue exists in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0, enabling a remote attacker to cause high CPU usage and denial of service by sending many alert messages. Con...

7.5CVSS7.4AI score0.39657EPSS
CVE
CVE
added 2020/04/15 1:29 p.m.292 views

CVE-2020-2767

CVE-2020-2767 affects Oracle Java SE JSSE: vulnerable in Java SE 11.0.6 and 14 (client/server deployment). The vulnerability allows unauthenticated network access over HTTPS to modify or read Java SE data due to TLS/JSSE handling flaws, with potential for unauthorized updates, insertions, deletio...

5.8CVSS4.6AI score0.02108EPSS
CVE
CVE
added 2020/04/15 1:29 p.m.292 views

CVE-2020-2778

CVE-2020-2778 affects Oracle Java SE JSSE (Java 11.0.6 and 14). It can be triggered over HTTPS by unauthenticated remote attackers, potentially enabling read access to a subset of Java SE data. The related connected advisories (e.g., CentOS/RH/OpenJDK tracking) describe the issue as an incomplete...

4.3CVSS3.7AI score0.02298EPSS
Total number of security vulnerabilities72