Netapp Active Iq Unified Manager — known CVE vulnerabilities
Every CVE whose affected-product data names Netapp Active Iq Unified Manager, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVE-2022-31692 — CVSS 9.8 (critical): Spring Security, versions 5.7 prior to 5.7.5 and 5.6 prior to 5.6.9 could be susceptible to authorization rules bypass via forward or…
CVE-2022-22978 — CVSS 9.8 (critical): In spring security versions prior to 5.4.11+, 5.5.7+ , 5.6.4+ and older unsupported versions, RegexRequestMatcher can easily be…
CVE-2021-22931 — CVSS 9.8 (critical): Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Code Execution, XSS, Application crashes due to missing input…
CVE-2024-52533 — CVSS 9.8 (critical): gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not…
CVE-2022-37434 — CVSS 9.8 (critical): zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE…
CVE-2016-9843 — CVSS 9.8 (critical): The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving…
CVE-2020-9547 — CVSS 9.8 (critical): FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to…
CVE-2016-9841 — CVSS 9.8 (critical): inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
CVE-2020-9548 — CVSS 9.8 (critical): FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to…
CVE-2019-18805 — CVSS 9.8 (critical): An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before 5.0.11. There is a net/ipv4/tcp_input.c signed integer…
CVE-2019-17267 — CVSS 9.8 (critical): A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaT…
CVE-2021-20231 — CVSS 9.8 (critical): A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other…
CVE-2019-16943 — CVSS 9.8 (critical): A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either…
CVE-2019-16942 — CVSS 9.8 (critical): A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either…
CVE-2019-3888 — CVSS 9.8 (critical): A vulnerability was found in Undertow web server before 2.0.21. An information exposure of plain text credentials through log files because…
CVE-2020-9546 — CVSS 9.8 (critical): FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to…
CVE-2019-3822 — CVSS 9.8 (critical): libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM…
CVE-2022-2526 — CVSS 9.8 (critical): A use-after-free vulnerability was found in systemd. This issue occurs due to the on_stream_io() function and dns_stream_complete()…
CVE-2019-14379 — CVSS 9.8 (critical): SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of…
CVE-2019-13990 — CVSS 9.8 (critical): initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job…
CVE-2021-3711 — CVSS 9.8 (critical): In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application…
CVE-2019-11068 — CVSS 9.8 (critical): libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon…
CVE-2019-10212 — CVSS 9.8 (critical): A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could abuse this…
CVE-2019-10126 — CVSS 9.8 (critical): A flaw was found in the Linux kernel. A heap based buffer overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mw…
CVE-2019-10125 — CVSS 9.8 (critical): An issue was discovered in aio_poll() in fs/aio.c in the Linux kernel through 5.0.4. A file may be released by aio_poll_wake() if an…
CVE-2023-38545 — CVSS 9.8 (critical): This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to the…
CVE-2021-3520 — CVSS 9.8 (critical): There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow…
CVE-2021-3177 — CVSS 9.8 (critical): Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain…
CVE-2021-32292 — CVSS 9.8 (critical): An issue was discovered in json-c from 20200420 (post 0.14 unreleased code) through 0.15-20200726. A stack-buffer-overflow exists in the…
CVE-2017-10089 — CVSS 9.6 (critical): Vulnerability in the Java SE component of Oracle Java SE (subcomponent: ImageIO). Supported versions that are affected are Java SE: 6u151…
CVE-2017-10107 — CVSS 9.6 (critical): Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are…
CVE-2017-10110 — CVSS 9.6 (critical): Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u151…
CVE-2017-10111 — CVSS 9.6 (critical): Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). The supported version that is…
CVE-2017-10096 — CVSS 9.6 (critical): Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are…
CVE-2017-10285 — CVSS 9.6 (critical): Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are…
CVE-2017-10346 — CVSS 9.6 (critical): Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected…
CVE-2017-10101 — CVSS 9.6 (critical): Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are…
CVE-2017-10090 — CVSS 9.6 (critical): Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected…
CVE-2017-10087 — CVSS 9.6 (critical): Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected…
CVE-2017-10086 — CVSS 9.6 (critical): Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE: 7u141…
CVE-2022-1587 — CVSS 9.1 (critical): An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the…
CVE-2019-10744 — CVSS 9.1 (critical): Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or…
CVE-2021-35942 — CVSS 9.1 (critical): The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c)…
CVE-2022-1586 — CVSS 9.1 (critical): An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the…
CVE-2023-23914 — CVSS 9.1 (critical): A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality fail when…
CVE-2017-10102 — CVSS 9.0 (critical): Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are…
CVE-2018-2938 — CVSS 9.0 (critical): Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Java DB). Supported versions that are affected are Java SE: 6u191…
CVE-2021-3518 — CVSS 8.8 (high): There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application…
CVE-2023-5178 — CVSS 8.8 (high): A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` due to a logical bug in the NVMe/TCP…
CVE-2022-27223 — CVSS 8.8 (high): In drivers/usb/gadget/udc/udc-xilinx.c in the Linux kernel before 5.16.12, the endpoint index is not validated and might be manipulated by…
CVE-2022-24407 — CVSS 8.8 (high): In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement.
CVE-2018-14550 — CVSS 8.8 (high): An issue has been found in third-party PNM decoding associated with libpng 1.6.35. It is a stack-based buffer overflow in the function…
CVE-2023-27533 — CVSS 8.8 (high): A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on…
CVE-2023-27534 — CVSS 8.8 (high): A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as…
CVE-2021-45960 — CVSS 8.8 (high): In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc…
CVE-2019-10174 — CVSS 8.8 (high): A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application…
CVE-2024-2398 — CVSS 8.6 (high): When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the…
CVE-2021-3517 — CVSS 8.6 (high): There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted…
CVE-2018-2941 — CVSS 8.3 (high): Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE: 7u181…
CVE-2018-2964 — CVSS 8.3 (high): Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE…
CVE-2018-2942 — CVSS 8.3 (high): Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Windows DLL). Supported versions that are affected are Java SE…
CVE-2017-10114 — CVSS 8.3 (high): Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE: 7u141…
CVE-2020-14664 — CVSS 8.3 (high): Vulnerability in the Java SE product of Oracle Java SE (component: JavaFX). The supported version that is affected is Java SE: 8u251…
CVE-2017-10074 — CVSS 8.3 (high): Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected…
CVE-2020-14583 — CVSS 8.3 (high): Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are…
CVE-2020-2803 — CVSS 8.3 (high): Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are…
CVE-2020-2805 — CVSS 8.3 (high): Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are…
CVE-2017-10116 — CVSS 8.3 (high): Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are…
CVE-2018-2638 — CVSS 8.3 (high): Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE…
CVE-2019-2435 — CVSS 8.1 (high): Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/Python). Supported versions that are affected are…
CVE-2020-24616 — CVSS 8.1 (high): FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to…
CVE-2024-6387 — CVSS 8.1 (high): A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle…
CVE-2024-22259 — CVSS 8.1 (high): Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL (e.g. through a query parameter) AND…
CVE-2018-20836 — CVSS 8.1 (high): An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout() and smp_task_done() in…
CVE-2021-25216 — CVSS 8.1 (high): In BIND 9.5.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.11.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported…
CVE-2021-22901 — CVSS 8.1 (high): curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session…
CVE-2019-11815 — CVSS 8.1 (high): An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8. There is a race condition leading to a…
CVE-2020-2604 — CVSS 8.1 (high): Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected…
CVE-2021-20305 — CVSS 8.1 (high): A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result…
CVE-2021-46143 — CVSS 8.1 (high): In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.
CVE-2021-20190 — CVSS 8.1 (high): A flaw was found in jackson-databind before 2.9.10.7. FasterXML mishandles the interaction between serialization gadgets and typing. The…
CVE-2019-17498 — CVSS 8.1 (high): In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an…
CVE-2020-10650 — CVSS 8.1 (high): A deserialization flaw was discovered in jackson-databind through 2.9.10.4. It could allow an unauthenticated user to perform code…
CVE-2020-11620 — CVSS 8.1 (high): FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to…
CVE-2022-31690 — CVSS 8.1 (high): Spring Security, versions 5.7 prior to 5.7.5, and 5.6 prior to 5.6.9, and older unsupported versions could be susceptible to a privilege…
CVE-2020-14195 — CVSS 8.1 (high): FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to…
CVE-2022-28734 — CVSS 8.1 (high): Out-of-bounds write when handling split HTTP headers; When handling split HTTP headers, GRUB2 HTTP code accidentally moves its internal…
CVE-2017-10078 — CVSS 8.1 (high): Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Scripting). The supported version that is affected is Java SE…
CVE-2022-27778 — CVSS 8.1 (high): A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with…
CVE-2020-14062 — CVSS 8.1 (high): FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to…
CVE-2020-14061 — CVSS 8.1 (high): FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to…
CVE-2020-11619 — CVSS 8.1 (high): FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to…
CVE-2020-14060 — CVSS 8.1 (high): FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to…
CVE-2022-24903 — CVSS 8.1 (high): Rsyslog is a rocket-fast system for log processing. Modules for TCP syslog reception have a potential heap buffer overflow when…
CVE-2020-8174 — CVSS 8.1 (high): napi_get_value_string_*() allows various kinds of memory corruption in node < 10.21.0, 12.18.0, and < 14.4.0.
CVE-2019-19816 — CVSS 7.8 (high): In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image and performing some operations can cause slab-out-of-bounds write…
CVE-2020-12653 — CVSS 7.8 (high): An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv() function in drivers/net/wireless/marvell/mwifiex/scan.c…
CVE-2023-31102 — CVSS 7.8 (high): Ppmd7.c in 7-Zip before 23.00 allows an integer underflow and invalid read operation via a crafted 7Z archive.
CVE-2019-19448 — CVSS 7.8 (high): In the Linux kernel 5.0.21 and 5.3.11, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs…
CVE-2024-56171 — CVSS 7.8 (high): libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in…
CVE-2019-18218 — CVSS 7.8 (high): cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer…
CVE-2020-10757 — CVSS 7.8 (high): A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. This flaw allows a local attacker…
CVE-2020-8574 — CVSS 7.8 (high): Active IQ Unified Manager for Linux versions prior to 9.6 ship with the Java Management Extension Remote Method Invocation (JMX RMI)…
CVE-2020-29661 — CVSS 7.8 (high): A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free…
CVE-2020-25671 — CVSS 7.8 (high): A vulnerability was found in Linux Kernel, where a refcount leak in llcp_sock_connect() causing use-after-free which might lead to…
CVE-2025-24928 — CVSS 7.8 (high): libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD…
CVE-2020-14356 — CVSS 7.8 (high): A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found in the way when reboot the…
CVE-2022-40304 — CVSS 7.8 (high): An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading…
CVE-2020-25670 — CVSS 7.8 (high): A vulnerability was found in Linux Kernel where refcount leak in llcp_sock_bind() causing use-after-free which might lead to privilege…
CVE-2019-19377 — CVSS 7.8 (high): In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and unmounting can lead to a…
CVE-2019-19447 — CVSS 7.8 (high): In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a…
CVE-2018-2755 — CVSS 7.7 (high): Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are…
CVE-2022-25647 — CVSS 7.7 (high): The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in…
CVE-2015-20107 — CVSS 7.6 (high): In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap…
CVE-2022-0391 — CVSS 7.5 (high): A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings…
CVE-2019-17359 — CVSS 7.5 (high): The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigger a large attempted memory allocation, and resultant OutOfMemoryError…
CVE-2017-10388 — CVSS 7.5 (high): Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected…
CVE-2024-6119 — CVSS 7.5 (high): Issue summary: Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an…
CVE-2019-19044 — CVSS 7.5 (high): Two memory leaks in the v3d_submit_cl_ioctl() function in drivers/gpu/drm/v3d/v3d_gem.c in the Linux kernel before 5.3.11 allow attackers…
CVE-2019-19050 — CVSS 7.5 (high): A memory leak in the crypto_reportstat() function in crypto/crypto_user_stat.c in the Linux kernel through 5.3.11 allows attackers to cause…
CVE-2019-19052 — CVSS 7.5 (high): A memory leak in the gs_can_open() function in drivers/net/can/usb/gs_usb.c in the Linux kernel before 5.3.11 allows attackers to cause a…
CVE-2019-19053 — CVSS 7.5 (high): A memory leak in the rpmsg_eptdev_write_iter() function in drivers/rpmsg/rpmsg_char.c in the Linux kernel through 5.3.11 allows attackers…
CVE-2022-1199 — CVSS 7.5 (high): A flaw was found in the Linux kernel. This flaw allows an attacker to crash the Linux kernel by simulating amateur radio from the user…
CVE-2019-19060 — CVSS 7.5 (high): A memory leak in the adis_update_scan_mode() function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows attackers to…
CVE-2019-19061 — CVSS 7.5 (high): A memory leak in the adis_update_scan_mode_burst() function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows…
CVE-2019-19069 — CVSS 7.5 (high): A memory leak in the fastrpc_dma_buf_attach() function in drivers/misc/fastrpc.c in the Linux kernel before 5.3.9 allows attackers to cause…
CVE-2022-1259 — CVSS 7.5 (high): A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may cause overhead or a denial…
CVE-2019-19343 — CVSS 7.5 (high): A flaw was found in Undertow when using Remoting as shipped in Red Hat Jboss EAP before version 7.2.4. A memory leak in HttpOpenListener…
CVE-2020-2816 — CVSS 7.5 (high): Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14…
CVE-2017-10176 — CVSS 7.5 (high): Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are…
CVE-2021-27219 — CVSS 7.5 (high): An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit…
CVE-2019-10184 — CVSS 7.5 (high): undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted…
CVE-2021-36222 — CVSS 7.5 (high): ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2…
CVE-2021-27218 — CVSS 7.5 (high): An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or…
CVE-2017-10118 — CVSS 7.5 (high): Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are…
CVE-2019-12615 — CVSS 7.5 (high): An issue was discovered in get_vdev_port_node_info in arch/sparc/kernel/mdesc.c in the Linux kernel through 5.1.6. There is an unchecked…
CVE-2018-2627 — CVSS 7.5 (high): Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Installer). Supported versions that are affected are Java SE: 8u152…
CVE-2017-10115 — CVSS 7.5 (high): Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are…
CVE-2021-25215 — CVSS 7.5 (high): In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview…
CVE-2019-14888 — CVSS 7.5 (high): A vulnerability was found in the Undertow HTTP server in versions before 2.0.28.SP1 when listening on HTTPS. An attacker can target the…
CVE-2023-2953 — CVSS 7.5 (high): A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.
CVE-2023-2911 — CVSS 7.5 (high): If the `recursive-clients` quota is reached on a BIND 9 resolver configured with both `stale-answer-enable yes;` and `stale-answer-client-ti…
CVE-2023-2829 — CVSS 7.5 (high): A `named` instance configured to run as a DNSSEC-validating recursive resolver with the Aggressive Use of DNSSEC-Validated Cache (RFC 8198)…
CVE-2023-2828 — CVSS 7.5 (high): Every `named` instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has…
CVE-2021-43618 — CVSS 7.5 (high): GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via…
CVE-2022-23457 — CVSS 7.5 (high): ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. Prior to version 2.3.0.0, the…
CVE-2025-24970 — CVSS 7.5 (high): Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in version 4.1.91.Final and prior to…
CVE-2018-25032 — CVSS 7.5 (high): zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
CVE-2023-24329 — CVSS 7.5 (high): An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that…
CVE-2024-22201 — CVSS 7.5 (high): Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked when it…
CVE-2023-5517 — CVSS 7.5 (high): A flaw in query-handling code can cause `named` to exit prematurely with an assertion failure when: - `nxdomain-redirect <domain>;` is…
CVE-2023-5679 — CVSS 7.5 (high): A bad interaction between DNS64 and serve-stale may cause `named` to crash with an assertion failure during recursive resolution, when both…
CVE-2023-50868 — CVSS 7.5 (high): The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a…
CVE-2023-6516 — CVSS 7.5 (high): To keep its cache database efficient, `named` running as a recursive resolver occasionally attempts to clean up the database. It uses…
CVE-2024-0567 — CVSS 7.5 (high): A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue…
CVE-2024-7254 — CVSS 7.5 (high): Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can…
CVE-2024-1635 — CVSS 7.5 (high): A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a…
CVE-2021-22884 — CVSS 7.5 (high): Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes “localhost6”…
CVE-2021-35515 — CVSS 7.5 (high): When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite…
CVE-2021-35516 — CVSS 7.5 (high): When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out of…
CVE-2023-41105 — CVSS 7.5 (high): An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath(), the path will be…
CVE-2021-35517 — CVSS 7.5 (high): When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an out of…
CVE-2023-37920 — CVSS 7.5 (high): Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of…
CVE-2021-36090 — CVSS 7.5 (high): When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of…
CVE-2022-23913 — CVSS 7.5 (high): In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource…
CVE-2019-19956 — CVSS 7.5 (high): xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs.
CVE-2022-45061 — CVSS 7.5 (high): An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the…
CVE-2022-43945 — CVSS 7.5 (high): The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages…
CVE-2017-10067 — CVSS 7.5 (high): Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151…
CVE-2021-22926 — CVSS 7.5 (high): libcurl-using applications can ask for a specific client certificate to be used in a transfer. This is done with the `CURLOPT_SSLCERT`…
CVE-2020-28196 — CVSS 7.5 (high): MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because…
CVE-2022-43680 — CVSS 7.5 (high): In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in…
CVE-2019-20907 — CVSS 7.5 (high): In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by…
CVE-2022-1319 — CVSS 7.5 (high): A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse…
CVE-2022-1473 — CVSS 7.5 (high): The OPENSSL_LH_flush() function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash…
CVE-2022-43551 — CVSS 7.5 (high): A vulnerability exists in curl <7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support, curl can…
CVE-2022-40303 — CVSS 7.5 (high): An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled…
CVE-2020-1967 — CVSS 7.5 (high): Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer…
CVE-2024-26461 — CVSS 7.5 (high): Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.
CVE-2022-38178 — CVSS 7.5 (high): By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is…
CVE-2022-38177 — CVSS 7.5 (high): By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is…
CVE-2022-21449 — CVSS 7.5 (high): Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions…
CVE-2022-36946 — CVSS 7.5 (high): nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service…
CVE-2024-28757 — CVSS 7.5 (high): libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via…
CVE-2022-21476 — CVSS 7.5 (high): Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions…
CVE-2022-34169 — CVSS 7.5 (high): The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be…
CVE-2020-36518 — CVSS 7.5 (high): jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.
CVE-2019-9674 — CVSS 7.5 (high): Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb.
CVE-2020-15778 — CVSS 7.4 (high): scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the…