VIR Vulnerability Intelligence Relay

Search

Found 212 results in 129ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2025-26465 medium 6.8 6.8 FIX rhel rocky sles openbsdnetappredhat 1y ago A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occur…
CVE-2024-21262 medium 6.5 6.5 netapporacle 2y ago Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/ODBC). Supported versions that are affected are 9.0.0 and prior. Easily exploitable vulnerability allows unauthent…
CVE-2024-6119 high 7.5 7.5 FIX rhel sles rocky opensslnetapp 2y ago Moderate: openssl security update
CVE-2024-34397 medium 5.2 5.2 FIX rhel rockydebian debian gnomenetapp 2y ago RHSA-2025:11327: glib2 security update (Moderate)
CVE-2024-6387 high 8.1 9.1 EXPFIX rhelarch arch sles openbsdredhatnetapp 2y ago A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote a…
CVE-2024-33602 high 7.4 7.4 FIX rhel rockydebian debian gnunetapp 2y ago RHSA-2024:3344: glibc security update (Important)
CVE-2024-33600 medium 5.9 5.9 FIX rhel rockydebian debian gnunetapp 2y ago RHSA-2024:3344: glibc security update (Important)
CVE-2024-2961 high 7.3 8.3 EXPFIX rhel rockydebian debian gnunetapp 2y ago RHSA-2024:3269: glibc security update (Important)
CVE-2023-27043 medium 5.3 5.3 FIX rhel rocky sles netapppython 2y ago The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In …
CVE-2023-44487 high 7.5 10.0 KEVEXPFIX rocky rheldebian debian siemensietfnghttp2 3y ago HTTP/2 contains a rapid reset vulnerability that allows for a distributed denial-of-service attack (DDoS).
CVE-2023-38545 critical 9.8 9.8 FIX rhelarch archdebian debian haxxnetapp 3y ago This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to the SOCKS5 proxy to allow that to resolve the address instead of it…
CVE-2023-4911 high 7.8 10.0 KEVEXPFIX rhel rocky sles gnuredhatnetapp 3y ago GNU C Library's dynamic loader ld.so contains a buffer overflow vulnerability when processing the GLIBC_TUNABLES environment variable, allowing a local attacker to execute code with elevated privileg…
CVE-2023-25136 medium 6.5 6.5 FIX arch arch rheldebian debian openbsdnetapp 3y ago OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote a…
CVE-2023-21968 low 3.7 3.7 FIX rhel rocky sles oraclenetapp 3y ago RHSA-2023:4103: java-1.8.0-ibm security update (Important)
CVE-2022-43945 high 7.5 7.5 FIX arch arch rhel rocky netapp 3y ago The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send …
CVE-2022-39399 low 3.7 3.7 FIX rhel sles rocky oraclenetappazul 4y ago RHSA-2022:7012: java-11-openjdk security and bug fix update (Moderate)
CVE-2022-21626 medium 5.3 5.3 FIX rhel sles rocky oraclenetappazul 4y ago RHSA-2023:0128: java-1.8.0-ibm security update (Moderate)
CVE-2022-21624 low 3.7 3.7 FIX rhel sles rocky oraclenetappazul 4y ago RHSA-2023:0128: java-1.8.0-ibm security update (Moderate)
CVE-2022-21619 low 3.7 3.7 FIX rhel sles rocky oraclenetappazul 4y ago RHSA-2023:0128: java-1.8.0-ibm security update (Moderate)
CVE-2022-21618 medium 5.3 5.3 FIX rhel sles rocky oraclenetappazul 4y ago RHSA-2022:7012: java-11-openjdk security and bug fix update (Moderate)
CVE-2022-34169 high 7.5 7.5 FIX debian debian rhel sles apacheoraclenetapp 4y ago RHSA-2022:5726: java-17-openjdk security, bug fix, and enhancement update (Important)
CVE-2022-21549 medium 5.3 5.3 FIX rhel sles rocky oracleazulnetapp 4y ago RHSA-2022:5726: java-17-openjdk security, bug fix, and enhancement update (Important)
CVE-2022-21540 medium 5.3 5.3 FIX rhel sles rocky oraclenetappazul 4y ago RHSA-2022:5726: java-17-openjdk security, bug fix, and enhancement update (Important)
CVE-2022-27781 high 7.5 7.5 FIX arch archdebian debian sles haxxnetappsplunk 4y ago libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make li…
CVE-2022-27775 high 7.5 7.5 FIX rhelarch archdebian debian haxxnetappsplunk 4y ago An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a conn…
CVE-2022-27774 medium 5.7 5.7 FIX rhelarch archdebian debian haxxnetappsplunk 4y ago An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is …
CVE-2022-22576 high 8.1 8.1 FIX rhelarch archdebian debian haxxnetappsplunk 4y ago An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was au…
CVE-2019-13118 medium 5.3 5.3 FIX slesdebian debiansuse suse xmlsoftnetapporacle 4y ago In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, …
CVE-2022-25647 high 7.5 7.5 FIX slesdebian debian googlenetapporacle 4y ago Deserialization of Untrusted Data in Gson
CVE-2022-21476 high 7.5 7.5 FIX rhelarch arch sles oraclenetappazul 4y ago RHSA-2022:1491: java-1.8.0-openjdk security update (Important)
CVE-2022-0778 high 7.5 7.5 FIX rhel sles rocky opensslnetapptenable 4y ago RHSA-2022:5326: compat-openssl10 security update (Low)
CVE-2022-0492 high 7.8 10.0 KEVEXPFIX sles rockydebian debian redhatnetapp 4y ago Linux Kernel contains an improper authentication vulnerability which could allow for privilege escalation via the cgroups v1 release_agent feature.
CVE-2022-21366 medium 5.3 5.3 FIX sles rockydebian debian oraclenetapp 4y ago RHSA-2022:0185: java-11-openjdk security update (Moderate)
CVE-2022-21360 medium 5.3 5.3 FIX sles rockydebian debian oraclenetapp 4y ago RHSA-2022:0970: java-1.8.0-ibm security update (Moderate)
CVE-2022-21341 medium 5.3 5.3 FIX sles rockydebian debian oraclenetapp 4y ago RHSA-2022:0970: java-1.8.0-ibm security update (Moderate)
CVE-2022-21340 medium 5.3 5.3 FIX sles rockydebian debian oraclenetapp 4y ago RHSA-2022:0970: java-1.8.0-ibm security update (Moderate)
CVE-2022-21305 medium 5.3 5.3 FIX sles rockydebian debian oraclenetapp 4y ago RHSA-2022:0307: java-1.8.0-openjdk security and bug fix update (Moderate)
CVE-2022-21299 medium 5.3 5.3 FIX sles rockydebian debian oraclenetapp 4y ago RHSA-2022:0307: java-1.8.0-openjdk security and bug fix update (Moderate)
CVE-2022-21296 medium 5.3 5.3 FIX sles rockydebian debian oraclenetapp 4y ago RHSA-2022:0307: java-1.8.0-openjdk security and bug fix update (Moderate)
CVE-2022-21294 medium 5.3 5.3 FIX sles rockydebian debian oraclenetapp 4y ago RHSA-2022:0970: java-1.8.0-ibm security update (Moderate)
CVE-2022-21293 medium 5.3 5.3 FIX sles rockydebian debian oraclenetapp 4y ago RHSA-2022:0970: java-1.8.0-ibm security update (Moderate)
CVE-2022-21291 medium 5.3 5.3 FIX sles rockydebian debian oraclenetapp 4y ago RHSA-2022:0185: java-11-openjdk security update (Moderate)
CVE-2022-21283 medium 5.3 5.3 FIX sles rockydebian debian oraclenetapp 4y ago RHSA-2022:0307: java-1.8.0-openjdk security and bug fix update (Moderate)
CVE-2022-21282 medium 5.3 5.3 FIX sles rockydebian debian oraclenetapp 4y ago RHSA-2022:0307: java-1.8.0-openjdk security and bug fix update (Moderate)
CVE-2022-21277 medium 5.3 5.3 FIX sles rockydebian debian oraclenetapp 4y ago RHSA-2022:0185: java-11-openjdk security update (Moderate)
CVE-2022-23305 critical 9.8 9.8 FIX debian debian sles rocky apachenetappbroadcom 4y ago RHSA-2022:0290: parfait:0.5 security update (Important)
CVE-2022-23302 high 8.8 8.8 FIX debian debian sles rocky apachenetappbroadcom 4y ago RHSA-2022:0290: parfait:0.5 security update (Important)
CVE-2021-45105 medium 5.9 5.9 FIX debian debian sles apachenetappsonicwall 5y ago Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thre…
CVE-2021-35556 medium 5.3 5.3 FIX arch arch sles rocky oraclenetapp 5y ago RHSA-2022:0345: java-1.8.0-ibm security update (Important)
CVE-2021-41617 high 7.0 7.0 FIX arch arch sles rocky openbsdnetapporacle 5y ago sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs …
CVE-2016-20012 medium 5.3 5.3 FIX slesarch archdebian debian openbsdnetapp 5y ago OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occu…
CVE-2021-38202 high 7.5 7.5 FIX debian debian linux-kernel netapp 5y ago fs/nfsd/trace.h in the Linux kernel before 5.13.4 might allow remote attackers to cause a denial of service (out-of-bounds read in strlen) by sending NFS traffic when the trace event framework is bei…
CVE-2021-22926 high 7.5 7.5 sles haxxnetapporacle 5y ago libcurl-using applications can ask for a specific client certificate to be used in a transfer. This is done with the `CURLOPT_SSLCERT` option (`--cert` with the command line tool).When libcurl is bui…
CVE-2021-22897 medium 5.3 5.3 FIX arch archdebian debian haxxoraclenetapp 5y ago curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library. The s…
CVE-2021-3522 medium 5.5 5.5 FIX debian debian sles gstreamernetapporacle 5y ago GStreamer before 1.18.4 may perform an out-of-bounds read when handling certain ID3v2 tags.
CVE-2019-16168 medium 6.5 6.5 FIX rocky slesdebian debian sqlitenetapptenable 5y ago RHSA-2021:1968: mingw packages security and bug fix update (Moderate)
CVE-2020-36183 high 8.1 8.1 FIX debian debian fasterxmlnetapporacle 6y ago Unsafe Deserialization in jackson-databind
CVE-2020-35728 high 8.1 8.1 FIX slesdebian debian fasterxmlnetapporacle 6y ago Serialization gadget exploit in jackson-databind
CVE-2020-1971 medium 5.9 5.9 FIX arch arch slesdebian debian openssloraclenetapp 6y ago RHSA-2020:5476: openssl security and bug fix update (Important)
CVE-2020-14060 high 8.1 8.1 FIX debian debian fasterxmlnetapporacle 6y ago Deserialization of untrusted data in Jackson Databind
CVE-2020-14062 high 8.1 8.1 FIX debian debian fasterxmlnetapporacle 6y ago Deserialization of untrusted data in Jackson Databind
CVE-2020-11619 high 8.1 8.1 FIX debian debian fasterxmlnetapporacle 6y ago jackson-databind mishandles the interaction between serialization gadgets and typing
CVE-2020-11113 high 8.8 8.8 FIX debian debian fasterxmlnetapporacle 6y ago jackson-databind mishandles the interaction between serialization gadgets and typing
CVE-2020-11112 high 8.8 8.8 FIX debian debian fasterxmlnetapporacle 6y ago jackson-databind mishandles the interaction between serialization gadgets and typing
CVE-2020-9546 critical 9.8 9.8 FIX debian debian rocky rhel fasterxmlnetapporacle 6y ago RHSA-2020:1644: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (Moderate)
CVE-2019-17571 critical 9.8 9.8 FIX debian debian slesubuntu ubuntu apachenetapporacle 7y ago Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization ga…
CVE-2019-15213 medium 4.6 4.6 FIX slesdebian debian linux-kernel netapp 7y ago An issue was discovered in the Linux kernel before 5.2.3. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/dvb-usb/dvb-usb-init.c driver.
CVE-2019-11068 critical 9.8 9.8 FIX slesdebian debianubuntu ubuntu xmlsoftoraclenetapp 7y ago RHSA-2020:4464: libxslt security update (Moderate)
CVE-2019-7317 medium 5.3 5.3 FIX arch arch slesdebian debian libpngoraclehp 7y ago png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.
CVE-2019-6109 medium 6.8 6.8 FIX arch arch slesubuntu ubuntu openbsdwinscpnetapp 7y ago An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the…
CVE-2016-10708 high 7.5 7.5 FIX slesdebian debianubuntu ubuntu openbsdnetapp 9y ago sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, relat…
CVE-2017-5753 medium 5.6 6.6 EXPFIX arch arch slesdebian debian inteloraclesynology 9y ago Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
CVE-2017-14583 medium 6.5 6.5 netapp 9y ago NetApp Clustered Data ONTAP versions 9.x prior to 9.1P10 and 9.2P2 are susceptible to a vulnerability which allows an attacker to cause a Denial of Service (DoS) in SMB environments.
CVE-2016-6904 high 8.1 8.1 netapp 9y ago Versions of VASA Provider for Clustered Data ONTAP prior to 7.0P1 contain a web server that accepts plain text authentication. This could allow an unauthenticated attacker to obtain authentication cr…
CVE-2017-15707 medium 6.2 6.2 apachenetapporacle 9y ago Moderate severity vulnerability that affects org.apache.struts:struts2-rest-plugin
CVE-2017-15517 medium 5.5 5.5 netapp 9y ago AltaVault OST Plug-in versions prior to 1.2.2 may allow attackers to obtain sensitive information via unspecified vectors. All users are urged to move to a fixed version and change passwords used by …
CVE-2017-15516 high 8.8 8.8 netapp 9y ago NetApp SnapCenter Server versions 1.1 through 2.x are susceptible to a Cross-Site Request Forgery (CSRF) vulnerability which could be used to cause an unintended authenticated action in the user inte…
CVE-2016-8610 high 7.5 7.5 FIX sles rheldebian debian opensslredhatnetapp 9y ago A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote…
CVE-2017-5201 medium 5.7 5.7 netapp 9y ago NetApp Clustered Data ONTAP before 8.3.2P8 and 9.0 before P2 allow remote authenticated users to obtain sensitive cluster and tenant information via unspecified vectors, a different vulnerability tha…
CVE-2017-11461 medium 4.3 4.3 netapp 9y ago NetApp OnCommand Unified Manager for 7-mode (core package) versions prior to 5.2.1 are susceptible to a clickjacking or "UI redress attack" which could be used to cause a user to perform an unintende…
CVE-2017-16642 high 7.5 8.5 EXP slesdebian debianubuntu ubuntu phpnetapp 9y ago In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension's timelib_meridian handling of 'front of' and 'back of' directives could be used by attackers able to …
CVE-2017-15906 medium 5.3 5.3 FIX slesdebian debian rhel openbsdoraclenetapp 9y ago The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.
CVE-2010-5312 medium 6.1 6.1 FIX debian debianfedora fedora jqueryuinetappapache 9y ago Cross-site Scripting in jquery-ui
CVE-2017-10388 high 7.5 7.5 FIX slesdebian debian rhel oracleredhatnetapp 9y ago Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u…
CVE-2017-10384 medium 6.5 6.5 slesdebian debian rhel oraclemariadbnetapp 9y ago Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.57 and earlier 5.6.37 and earlier 5.7.19 and earlier. Easily expl…
CVE-2017-10379 medium 6.5 6.5 slesdebian debian rhel oraclemariadbredhat 9y ago Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Ea…
CVE-2017-10378 medium 6.5 6.5 slesdebian debian rhel oraclemariadbredhat 9y ago Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.11 and earlier. …
CVE-2017-10365 low 3.8 3.8 sles oraclemariadbnetapp 9y ago Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high p…
CVE-2017-10357 medium 5.3 5.3 FIX slesdebian debian rhel oracleredhatnetapp 9y ago Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded…
CVE-2017-10356 medium 6.2 6.2 FIX slesdebian debian rhel oracleredhatnetapp 9y ago Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embe…
CVE-2017-10355 medium 5.3 6.3 EXPFIX slesdebian debian rhel oracleredhatnetapp 9y ago Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Em…
CVE-2017-10350 medium 5.3 5.3 FIX slesdebian debian rhel oracleredhatnetapp 9y ago Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAX-WS). Supported versions that are affected are Java SE: 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easil…
CVE-2017-10349 medium 5.3 5.3 FIX slesdebian debian rhel oracleredhatnetapp 9y ago Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. …
CVE-2017-10348 medium 5.3 5.3 FIX slesdebian debian rhel oracleredhatnetapp 9y ago Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u…
CVE-2017-10347 medium 5.3 5.3 FIX slesdebian debian rhel oracleredhatnetapp 9y ago Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. …
CVE-2017-10346 critical 9.6 9.6 FIX sles rheldebian debian oracleredhatnetapp 9y ago Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u14…
CVE-2017-10345 low 3.1 3.1 FIX slesdebian debian rhel oracleredhatnetapp 9y ago Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE…
CVE-2017-10320 medium 4.9 4.9 sles oraclemariadbnetapp 9y ago Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.7.19 and earlier. Easily exploitable vulnerability allows high p…
CVE-2017-10309 high 7.1 8.1 EXPFIX sles rheldebian debian oracleredhatnetapp 9y ago Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 8u144 and 9. Easily exploitable vulnerability allows unauthentic…
CVE-2017-10295 medium 4.0 4.0 FIX slesdebian debian rhel oracleredhatnetapp 9y ago Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Em…