Home/Product/netapp active iq unified manager
Product

netapp active iq unified manager

500 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2025-30722
all versions
Vulnerability in the MySQL Client product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected ar
5.3MEDIUM
 CVE-2025-31672
all versions
Improper Input Validation vulnerability in Apache POI. The issue affects the parsing of OOXML format files like xlsx, docx and ppt
5.3MEDIUM
 CVE-2025-24928
all versions
libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit th
7.8HIGH
 CVE-2024-56171
all versions
libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTable
7.8HIGH
 CVE-2025-26465
all versions
A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed
6.8MEDIUM
 CVE-2025-1181
all versions
A vulnerability classified as critical was found in GNU Binutils 2.43. This vulnerability affects the function _bfd_elf_gc_mark_rs
5.0MEDIUM
 CVE-2025-1178
all versions
A vulnerability was found in GNU Binutils 2.43. It has been declared as problematic. Affected by this vulnerability is the functio
5.6MEDIUM
 CVE-2025-24970
all versions
Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in version 4.1.91.Final and prior
7.5HIGH
 CVE-2025-0411
all versions
7-Zip Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection me
7.0HIGH
 CVE-2025-21502
all versions
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (componen
4.8MEDIUM
 CVE-2025-21492
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected ar
4.9MEDIUM
 CVE-2024-52533
all versions
gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN
9.8CRITICAL
 CVE-2024-50602
all versions
An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can
5.9MEDIUM
 CVE-2024-9823
all versions
There exists a security vulnerability in Jetty's DosFilter which can be exploited by unauthorized users to cause remote denial-of-
5.3MEDIUM
 CVE-2024-47554
all versions
Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class may e
4.3MEDIUM
 CVE-2024-47561
all versions
Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code. Users are
7.3HIGH
 CVE-2024-7254
all versions
Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags
7.5HIGH
 CVE-2024-8096
all versions
When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the serv
6.5MEDIUM
 CVE-2024-8373
all versions
Improper sanitization of the value of the [srcset] attribute in <source> HTML elements in AngularJS allows attackers to bypass com
4.8MEDIUM
 CVE-2024-8372
all versions
Improper sanitization of the value of the 'srcset' attribute in AngularJS allows attackers to bypass common image source restricti
4.8MEDIUM
 CVE-2024-6119
all versions
Issue summary: Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to rea
7.5HIGH
 CVE-2024-38808
all versions
In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially craft
4.3MEDIUM
 CVE-2024-21147
all versions
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (componen
7.4HIGH
 CVE-2024-21140
all versions
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (componen
4.8MEDIUM
 CVE-2024-21138
all versions
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (componen
3.7LOW
 CVE-2024-21131
all versions
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (componen
3.7LOW
 CVE-2024-6387
all versions
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to
8.1HIGH
 CVE-2024-37891
all versions
urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the `Proxy-Auth
4.4MEDIUM
 CVE-2024-33600
all versions
nscd: Null pointer crashes after notfound response If the Name Service Cache Daemon's (nscd) cache fails to add a not-found netgr
5.9MEDIUM
 CVE-2024-2961
all versions
The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes whe
7.3HIGH
 CVE-2024-21102
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Thread Pooling). Supported versions that are affect
4.9MEDIUM
 CVE-2024-21101
all versions
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected ar
2.2LOW
 CVE-2024-21096
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected ar
4.9MEDIUM
 CVE-2024-21094
all versions
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (componen
3.7LOW
 CVE-2024-21087
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that
4.9MEDIUM
 CVE-2024-21085
all versions
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Concurrency). Suppor
3.7LOW
 CVE-2024-21069
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.
4.9MEDIUM
 CVE-2024-21068
all versions
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (componen
3.7LOW
 CVE-2024-21062
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected ar
4.9MEDIUM
 CVE-2024-21061
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Audit Plug-in). Supported versions that are affecte
4.9MEDIUM
 CVE-2024-21060
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Data Dictionary). Supported versions that are affec
4.9MEDIUM
 CVE-2024-21056
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.
4.9MEDIUM
 CVE-2024-21055
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected ar
4.9MEDIUM
 CVE-2024-21054
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected ar
4.9MEDIUM
 CVE-2024-21053
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.
4.9MEDIUM
 CVE-2024-21052
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.
4.9MEDIUM
 CVE-2024-21051
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.
4.9MEDIUM
 CVE-2024-21050
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.
4.9MEDIUM
 CVE-2024-21049
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.
4.9MEDIUM
 CVE-2024-21047
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.36 an
4.9MEDIUM
 CVE-2024-21015
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.
5.5MEDIUM
 CVE-2024-21013
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected ar
4.4MEDIUM
 CVE-2024-21012
all versions
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (componen
3.7LOW
 CVE-2024-21011
all versions
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (componen
3.7LOW
 CVE-2024-21009
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected ar
4.9MEDIUM
 CVE-2024-21008
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected ar
4.4MEDIUM
 CVE-2024-21005
all versions
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported v
3.1LOW
 CVE-2024-21004
all versions
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported v
2.5LOW
 CVE-2024-21003
all versions
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported v
3.1LOW
 CVE-2024-21002
all versions
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported v
2.5LOW
 CVE-2024-21000
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are
3.8LOW
 CVE-2024-20998
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected ar
4.9MEDIUM
 CVE-2024-20994
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are af
5.3MEDIUM
 CVE-2024-20993
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected ar
4.9MEDIUM
 CVE-2024-2398
all versions
When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses
8.6HIGH
 CVE-2024-2379
all versions
libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to u
6.3MEDIUM
 CVE-2024-26641
all versions
In the Linux kernel, the following vulnerability has been resolved: ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv()
5.5MEDIUM
 CVE-2024-22259
all versions
Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL (e.g. through a query paramete
8.1HIGH
 CVE-2024-28757
all versions
libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_Exter
7.5HIGH
 CVE-2024-26462
all versions
Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.
5.5MEDIUM
 CVE-2024-26461
all versions
Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.
7.5HIGH
 CVE-2024-26458
all versions
Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.
5.3MEDIUM
 CVE-2024-22201
all versions
Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked
7.5HIGH
 CVE-2024-1635
all versions
A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Wheneve
7.5HIGH
 CVE-2023-50868
all versions
The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to c
7.5HIGH
 CVE-2023-6516
all versions
To keep its cache database efficient, named running as a recursive resolver occasionally attempts to clean up the database. It u
7.5HIGH
 CVE-2023-5680
all versions
If a resolver cache has a very large number of ECS records stored for the same name, the process of cleaning the cache database no
5.3MEDIUM
 CVE-2023-5679
all versions
A bad interaction between DNS64 and serve-stale may cause named to crash with an assertion failure during recursive resolution,
7.5HIGH
 CVE-2023-5517
all versions
A flaw in query-handling code can cause named to exit prematurely with an assertion failure when: - `nxdomain-redirect <domai
7.5HIGH
 CVE-2024-0567
all versions
A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This
7.5HIGH
 CVE-2023-31102
all versions
Ppmd7.c in 7-Zip before 23.00 allows an integer underflow and invalid read operation via a crafted 7Z archive.
7.8HIGH
 CVE-2023-5178
all versions
A use-after-free vulnerability was found in drivers/nvme/target/tcp.c in nvmet_tcp_free_crypto` due to a logical bug in the NVMe
8.8HIGH
 CVE-2023-38545
all versions
This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name t
9.8CRITICAL
 CVE-2023-45862
all versions
An issue was discovered in drivers/usb/storage/ene_ub6250.c for the ENE UB6250 reader driver in the Linux kernel before 6.2.5. An
5.5MEDIUM
 CVE-2023-40745
all versions
LibTIFF is vulnerable to an integer overflow. This flaw allows remote attackers to cause a denial of service (application crash) o
6.5MEDIUM
 CVE-2023-41993
all versions
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may lead to arbitrary
8.8HIGH
 CVE-2023-4813
all versions
A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resultin
5.9MEDIUM
 CVE-2023-4863
all versions
Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an
8.8HIGH
 CVE-2023-41105
all versions
An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath(), the path w
7.5HIGH
 CVE-2022-48566
all versions
An issue was discovered in compare_digest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possi
5.9MEDIUM
 CVE-2022-48564
all versions
read_ints in plistlib.py in Python through 3.9.1 is vulnerable to a potential DoS attack via CPU and RAM exhaustion when processin
6.5MEDIUM
 CVE-2021-32292
all versions
An issue was discovered in json-c from 20200420 (post 0.14 unreleased code) through 0.15-20200726. A stack-buffer-overflow exists
9.8CRITICAL
 CVE-2020-19190
all versions
Buffer Overflow vulnerability in _nc_find_entry in tinfo/comp_hash.c:70 in ncurses 6.1 allows remote attackers to cause a denial o
6.5MEDIUM
 CVE-2020-19189
all versions
Buffer Overflow vulnerability in postprocess_terminfo function in tinfo/parse_entry.c:997 in ncurses 6.1 allows remote attackers t
6.5MEDIUM
 CVE-2020-19188
all versions
Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1116 in ncurses 6.1 allows remote attackers to cause a d
6.5MEDIUM
 CVE-2020-19187
all versions
Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1100 in ncurses 6.1 allows remote attackers to cause a d
6.5MEDIUM
 CVE-2020-19186
all versions
Buffer Overflow vulnerability in _nc_find_entry function in tinfo/comp_hash.c:66 in ncurses 6.1 allows remote attackers to cause a
6.5MEDIUM
 CVE-2020-19185
all versions
Buffer Overflow vulnerability in one_one_mapping function in progs/dump_entry.c:1373 in ncurses 6.1 allows remote attackers to cau
6.5MEDIUM
 CVE-2023-36054
all versions
lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A rem
6.5MEDIUM
 CVE-2023-37920
all versions
Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the id
7.5HIGH
 CVE-2022-28734
all versions
Out-of-bounds write when handling split HTTP headers; When handling split HTTP headers, GRUB2 HTTP code accidentally moves its int
8.1HIGH
 CVE-2023-22058
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.
4.4MEDIUM
 CVE-2023-22057
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected
4.9MEDIUM
 CVE-2023-22056
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected ar
4.9MEDIUM
 CVE-2023-22054
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected ar
4.9MEDIUM
 CVE-2023-22053
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs). Supported versions that are affected are
5.9MEDIUM
 CVE-2023-22049
all versions
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (componen
3.7LOW
 CVE-2023-22048
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Pluggable Auth). Supported versions that are affect
3.1LOW
 CVE-2023-22046
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected ar
4.9MEDIUM
 CVE-2023-22045
all versions
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (componen
3.7LOW
 CVE-2023-22041
all versions
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (componen
5.1MEDIUM
 CVE-2023-22038
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are
2.7LOW
 CVE-2023-22036
all versions
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (componen
3.7LOW
 CVE-2023-22033
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.33 an
4.4MEDIUM
 CVE-2023-22008
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.33 an
4.9MEDIUM
 CVE-2023-22006
all versions
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (componen
3.1LOW
 CVE-2023-22005
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected
4.4MEDIUM
 CVE-2023-3338
all versions
A null pointer dereference flaw was found in the Linux kernel's DECnet networking protocol. This issue could allow a remote user t
6.5MEDIUM
 CVE-2023-2911
all versions
If the recursive-clients quota is reached on a BIND 9 resolver configured with both stale-answer-enable yes; and `stale-answer
7.5HIGH
 CVE-2023-2829
all versions
A named instance configured to run as a DNSSEC-validating recursive resolver with the Aggressive Use of DNSSEC-Validated Cache (
7.5HIGH
 CVE-2023-2828
all versions
Every named instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries i
7.5HIGH
 CVE-2023-2953
all versions
A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.
7.5HIGH
 CVE-2023-0045
all versions
The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall. The ib_prctl_set function
4.7MEDIUM
 CVE-2023-20862
all versions
In Spring Security, versions 5.7.x prior to 5.7.8, versions 5.8.x prior to 5.8.3, and versions 6.0.x prior to 6.0.3, the logout su
6.3MEDIUM
 CVE-2023-27043
all versions
The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion
5.3MEDIUM
 CVE-2023-26049
all versions
Jetty is a java based web server and servlet engine. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies
2.4LOW
 CVE-2023-21971
all versions
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are
5.3MEDIUM
 CVE-2023-21962
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are a
4.9MEDIUM
 CVE-2023-21955
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Partition). Supported versions that are affected ar
4.9MEDIUM
 CVE-2023-21953
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Partition). Supported versions that are affected ar
4.9MEDIUM
 CVE-2023-21947
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are a
4.4MEDIUM
 CVE-2023-21946
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected ar
6.5MEDIUM
 CVE-2023-21945
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected ar
4.9MEDIUM
 CVE-2023-21940
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are a
4.4MEDIUM
 CVE-2023-21935
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected ar
4.9MEDIUM
 CVE-2023-21933
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.
4.9MEDIUM
 CVE-2023-21929
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.
5.5MEDIUM
 CVE-2023-21920
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected ar
4.9MEDIUM
 CVE-2023-21919
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.
4.9MEDIUM
 CVE-2023-21911
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.32 an
4.9MEDIUM
 CVE-2023-27538
all versions
An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection d
5.5MEDIUM
 CVE-2023-27537
all versions
A double free vulnerability exists in libcurl <8.0.0 when sharing HSTS data between separate "handles". This sharing was introduce
5.9MEDIUM
 CVE-2023-27536
all versions
An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously establishe
5.9MEDIUM
 CVE-2023-27535
all versions
An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong crede
5.9MEDIUM
 CVE-2023-27534
all versions
A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced whe
8.8HIGH
 CVE-2023-27533
all versions
A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pa
8.8HIGH
 CVE-2023-28487
all versions
Sudo before 1.9.13 does not escape control characters in sudoreplay output.
5.3MEDIUM
 CVE-2023-28486
all versions
Sudo before 1.9.13 does not escape control characters in log messages.
5.3MEDIUM
 CVE-2022-23240
< 9.11p1
Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.11P1 are susceptible to a vulnerabi
6.5MEDIUM
 CVE-2022-23239
< 9.11p1
Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.11P1 are susceptible to a vulnerabi
4.8MEDIUM
 CVE-2023-23915
all versions
A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality to beh
6.5MEDIUM
 CVE-2023-23914
all versions
A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality fail w
9.1CRITICAL
 CVE-2023-0482
all versions
In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which
5.5MEDIUM
 CVE-2023-24329
all versions
An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL
7.5HIGH
 CVE-2023-0361
all versions
A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be suffici
7.4HIGH
 CVE-2020-10650
all versions
A deserialization flaw was discovered in jackson-databind through 2.9.10.4. It could allow an unauthenticated user to perform code
8.1HIGH
 CVE-2022-43551
all versions
A vulnerability exists in curl <7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support, c
7.5HIGH
 CVE-2022-40304
all versions
An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially
7.8HIGH
 CVE-2022-40303
all versions
An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option
7.5HIGH
 CVE-2022-3970
all versions
A vulnerability was found in LibTIFF. It has been classified as critical. This affects the function TIFFReadRGBATileExt of the fil
6.3MEDIUM
 CVE-2022-45061
all versions
An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs
7.5HIGH
 CVE-2022-43945
all versions
The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number
7.5HIGH
 CVE-2022-31692
all versions
Spring Security, versions 5.7 prior to 5.7.5 and 5.6 prior to 5.6.9 could be susceptible to authorization rules bypass via forward
9.8CRITICAL
 CVE-2022-31690
all versions
Spring Security, versions 5.7 prior to 5.7.5, and 5.6 prior to 5.6.9, and older unsupported versions could be susceptible to a pri
8.1HIGH
 CVE-2022-3705
all versions
A vulnerability was found in vim and classified as problematic. Affected by this issue is the function qf_update_buffer of the fil
5.0MEDIUM
 CVE-2022-43680
all versions
In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCr
7.5HIGH
 CVE-2022-3649
all versions
A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_new_inode of the
3.1LOW
 CVE-2022-3627
all versions
LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiff
5.5MEDIUM
 CVE-2022-3626
all versions
LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c:340 when called from processCropSelections, tools/ti
5.5MEDIUM
 CVE-2022-3599
all versions
LibTIFF 4.4.0 has an out-of-bounds read in writeSingleSection in tools/tiffcrop.c:7345, allowing attackers to cause a denial-of-se
5.5MEDIUM
 CVE-2022-3598
all versions
LibTIFF 4.4.0 has an out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c:3604, allowing attackers to caus
5.5MEDIUM
 CVE-2022-3597
all versions
LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiff
5.5MEDIUM
 CVE-2022-38178
all versions
By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak.
7.5HIGH
 CVE-2022-38177
all versions
By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak.
7.5HIGH
 CVE-2022-2526
all versions
A use-after-free vulnerability was found in systemd. This issue occurs due to the on_stream_io() function and dns_stream_complete(
9.8CRITICAL
 CVE-2022-2764
all versions
A flaw was found in Undertow. Denial of service can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invoca
4.9MEDIUM
 CVE-2022-1319
all versions
A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have th
7.5HIGH
 CVE-2022-1259
all versions
A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may cause overhead or
7.5HIGH
 CVE-2022-1199
all versions
A flaw was found in the Linux kernel. This flaw allows an attacker to crash the Linux kernel by simulating amateur radio from the
7.5HIGH
 CVE-2022-23235
< 9.10
Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.10P1 are susceptible to a vulnerabi
5.3MEDIUM
 CVE-2021-4209
all versions
A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-leng
6.5MEDIUM
 CVE-2021-3800
all versions
A flaw was found in glib before version 2.63.6. Due to random charset alias, pkexec can leak content from files owned by privilege
5.5MEDIUM
 CVE-2022-35278
all versions
In Apache ActiveMQ Artemis prior to 2.24.0, an attacker could show malicious content and/or redirect users to a malicious URL in t
6.1MEDIUM
 CVE-2022-37434
all versions
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra fie
9.8CRITICAL
 CVE-2022-34526
all versions
A stack overflow was discovered in the _TIFFVGetField function of Tiffsplit v4.4.0. This vulnerability allows attackers to cause a
6.5MEDIUM
 CVE-2022-36946
all versions
nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of s
7.5HIGH
 CVE-2022-36879
all versions
An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount t
5.5MEDIUM
 CVE-2022-21569
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are
6.5MEDIUM
 CVE-2022-21556
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are
6.5MEDIUM
 CVE-2022-21553
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are
4.9MEDIUM
 CVE-2022-21550
all versions
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are
6.3MEDIUM
 CVE-2022-21549
all versions
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported
5.3MEDIUM
 CVE-2022-21547
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Federated). Supported versions that are affected are
4.9MEDIUM
 CVE-2022-21541
all versions
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported v
5.9MEDIUM
 CVE-2022-21540
all versions
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported v
5.3MEDIUM
 CVE-2022-21539
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.29 and
5.0MEDIUM
 CVE-2022-21538
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are a
3.1LOW
 CVE-2022-21537
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.29 and
4.9MEDIUM
 CVE-2022-21534
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affec
4.9MEDIUM
 CVE-2022-21531
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are
4.9MEDIUM
 CVE-2022-21530
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are
4.9MEDIUM
 CVE-2022-21529
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are
4.9MEDIUM
 CVE-2022-21528
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are
5.5MEDIUM
 CVE-2022-21527
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are
5.5MEDIUM
 CVE-2022-21526
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are
4.9MEDIUM
 CVE-2022-21525
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are
4.9MEDIUM
 CVE-2022-21522
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affec
4.4MEDIUM
 CVE-2022-21519
all versions
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are
5.9MEDIUM
 CVE-2022-21517
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.29 and
4.9MEDIUM
 CVE-2022-21515
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 5
4.9MEDIUM
 CVE-2022-21509
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are
5.5MEDIUM
 CVE-2022-21455
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PAM Auth Plugin). Supported versions that are affect
4.9MEDIUM
 CVE-2022-34169
all versions
The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This c
7.5HIGH
 CVE-2022-2097
all versions
AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data
5.3MEDIUM
 CVE-2022-34903
all versions
GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and othe
6.5MEDIUM
 CVE-2022-2058
all versions
Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users
5.5MEDIUM
 CVE-2022-2057
all versions
Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users
5.5MEDIUM
 CVE-2022-2056
all versions
Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users
5.5MEDIUM
 CVE-2022-27778
all versions
A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when --no-clobber is used together
8.1HIGH
 CVE-2022-1678
all versions
An issue was discovered in the Linux Kernel from 4.18 to 4.19, an improper update of sock reference in TCP pacing can lead to memo
5.9MEDIUM
 CVE-2021-3629
all versions
A flaw was found in Undertow. A potential security issue in flow control handling by the browser over http/2 may potentially cause
5.9MEDIUM
 CVE-2021-3597
all versions
A flaw was found in undertow. The HTTP2SourceChannel fails to write the final frame under some circumstances, resulting in a denia
5.9MEDIUM
 CVE-2022-22978
all versions
In spring security versions prior to 5.4.11+, 5.5.7+ , 5.6.4+ and older unsupported versions, RegexRequestMatcher can easily be mi
9.8CRITICAL
 CVE-2022-22976
all versions
Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and earlier unsupported versions contain an integer overflow
5.3MEDIUM
 CVE-2022-1587
all versions
An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit
9.1CRITICAL
 CVE-2022-1586
all versions
An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2
9.1CRITICAL
 CVE-2022-22970
all versions
In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vu
5.3MEDIUM
 CVE-2022-24823
all versions
Netty is an open-source, asynchronous event-driven network application framework. The package io.netty:netty-codec-http prior to
5.5MEDIUM
 CVE-2022-24903
all versions
Rsyslog is a rocket-fast system for log processing. Modules for TCP syslog reception have a potential heap buffer overflow when oc
8.1HIGH
 CVE-2022-1473
all versions
The OPENSSL_LH_flush() function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the remov
7.5HIGH
 CVE-2022-1434
all versions
The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This makes the MAC key tri
5.9MEDIUM
 CVE-2022-1343
all versions
The function OCSP_basic_verify verifies the signer certificate on an OCSP response. In the case where the (non-default) flag OCS
5.3MEDIUM
 CVE-2022-1292
all versions
The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by so
7.3HIGH
 CVE-2022-29824
all versions
In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf) and tree.c (xmlBuffer) don't check for integer ove
6.5MEDIUM
 CVE-2022-25647
all versions
The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() meth
7.7HIGH
 CVE-2022-24891
all versions
ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. Prior to version 2.3.0
5.4MEDIUM
 CVE-2022-23457
all versions
ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. Prior to version 2.3.0
7.5HIGH
 CVE-2022-21496
all versions
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported vers
5.3MEDIUM
 CVE-2022-21490
all versions
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are
6.3MEDIUM
 CVE-2022-21489
all versions
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are
6.3MEDIUM
 CVE-2022-21486
all versions
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are
2.9LOW
 CVE-2022-21485
all versions
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are
2.9LOW
 CVE-2022-21484
all versions
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are
2.9LOW
 CVE-2022-21483
all versions
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are
6.3MEDIUM
 CVE-2022-21482
all versions
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are
6.3MEDIUM
 CVE-2022-21479
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are
5.5MEDIUM
 CVE-2022-21478
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are
5.5MEDIUM
 CVE-2022-21476
all versions
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported
7.5HIGH
 CVE-2022-21462
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are
4.9MEDIUM
 CVE-2022-21460
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Logging). Supported versions that are affected are 5
4.4MEDIUM
 CVE-2022-21459
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are
5.5MEDIUM
 CVE-2022-21457
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PAM Auth Plugin). Supported versions that are affect
5.9MEDIUM
 CVE-2022-21454
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that a
6.5MEDIUM
 CVE-2022-21452
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are
4.9MEDIUM
 CVE-2022-21451
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.37 and
4.4MEDIUM
 CVE-2022-21449
all versions
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported
7.5HIGH
 CVE-2022-21444
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 5.7.3
4.4MEDIUM
 CVE-2022-21443
all versions
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported
3.7LOW
 CVE-2022-21440
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are
5.5MEDIUM
 CVE-2022-21438
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are
4.9MEDIUM
 CVE-2022-21437
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are
4.9MEDIUM
 CVE-2022-21436
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are
4.9MEDIUM
 CVE-2022-21435
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are
4.9MEDIUM
 CVE-2022-21434
all versions
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported
5.3MEDIUM
 CVE-2022-21427
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.7.3
4.9MEDIUM
 CVE-2022-21426
all versions
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported vers
5.3MEDIUM
 CVE-2022-21425
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.2
5.5MEDIUM
 CVE-2022-21423
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.28 and
2.7LOW
 CVE-2022-21418
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.28 and
5.0MEDIUM
 CVE-2022-21417
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.37 and
4.9MEDIUM
 CVE-2022-21415
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected a
4.9MEDIUM
 CVE-2022-21414
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are
4.9MEDIUM
 CVE-2022-21413
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.2
4.9MEDIUM
 CVE-2022-21412
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are
4.9MEDIUM
 CVE-2022-22968
all versions
In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on
5.3MEDIUM
 CVE-2015-20107
all versions
In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mai
7.6HIGH
 CVE-2022-28796
all versions
jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel before 5.17.1 has a use-after-free caused by a transaction_
7.0HIGH
 CVE-2022-1056
all versions
Out-of-bounds Read error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For u
5.5MEDIUM
 CVE-2021-4203
all versions
A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen
6.8MEDIUM
 CVE-2018-25032
all versions
zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
7.5HIGH
 CVE-2022-27223
all versions
In drivers/usb/gadget/udc/udc-xilinx.c in the Linux kernel before 5.16.12, the endpoint index is not validated and might be manipu
8.8HIGH
 CVE-2022-26966
all versions
An issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows attackers to obtain sensitive informat
5.5MEDIUM
 CVE-2020-36518
all versions
jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.
7.5HIGH
 CVE-2022-26488
all versions
In Python before 3.10.3 on Windows, local users can gain privileges because the search path is inadequately secured. The installer
7.0HIGH
 CVE-2022-0891
all versions
A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger u
6.1MEDIUM
 CVE-2022-0865
all versions
Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users th
5.5MEDIUM
 CVE-2022-26336
all versions
A shortcoming in the HMEF package of poi-scratchpad (Apache POI) allows an attacker to cause an Out of Memory exception. This pack
5.5MEDIUM
 CVE-2022-23308
all versions
valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.
7.5HIGH
 CVE-2022-24407
all versions
In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement
8.8HIGH
 CVE-2021-20322
all versions
A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was fo
7.4HIGH
 CVE-2022-25258
all versions
An issue was discovered in drivers/usb/gadget/composite.c in the Linux kernel before 5.16.10. The USB Gadget subsystem lacks certa
4.6MEDIUM
 CVE-2021-3753
all versions
A race problem was seen in the vt_k_ioctl in drivers/tty/vt/vt_ioctl.c in the Linux kernel, which may cause an out of bounds read
4.7MEDIUM
 CVE-2022-0391
all versions
A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) st
7.5HIGH
 CVE-2022-23913
all versions
In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled
7.5HIGH
 CVE-2021-22570
all versions
Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call
6.5MEDIUM
 CVE-2022-23437
all versions
There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads.
6.5MEDIUM
 CVE-2022-21366
all versions
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported v
5.3MEDIUM
 CVE-2022-21365
all versions
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported v
5.3MEDIUM
 CVE-2022-21360
all versions
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported v
5.3MEDIUM
 CVE-2022-21341
all versions
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Suppo
5.3MEDIUM
 CVE-2022-21340
all versions
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported
5.3MEDIUM
 CVE-2022-21339
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are
4.9MEDIUM
 CVE-2022-21305
all versions
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported v
5.3MEDIUM
 CVE-2022-21304
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 5.
4.9MEDIUM
 CVE-2022-21303
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affec
4.9MEDIUM
 CVE-2022-21302
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.27 and
5.3MEDIUM
 CVE-2022-21301
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.2
5.5MEDIUM
 CVE-2022-21299
all versions
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported vers
5.3MEDIUM
 CVE-2022-21296
all versions
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported vers
5.3MEDIUM
 CVE-2022-21294
all versions
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported
5.3MEDIUM
 CVE-2022-21293
all versions
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported
5.3MEDIUM
 CVE-2022-21291
all versions
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported v
5.3MEDIUM
 CVE-2022-21283
all versions
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported
5.3MEDIUM
 CVE-2022-21282
all versions
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported vers
5.3MEDIUM
 CVE-2022-21277
all versions
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported v
5.3MEDIUM
 CVE-2022-21271
all versions
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported
5.3MEDIUM
 CVE-2022-21270
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Federated). Supported versions that are affected are
4.9MEDIUM
 CVE-2022-21265
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are
3.8LOW
 CVE-2022-21264
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are
4.9MEDIUM
 CVE-2022-21256
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that a
4.9MEDIUM
 CVE-2022-21254
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are
5.3MEDIUM
 CVE-2022-21253
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are
4.9MEDIUM
 CVE-2022-21249
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.2
2.7LOW
 CVE-2022-21248
all versions
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Suppo
3.7LOW
 CVE-2022-21245
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are a
4.3MEDIUM
 CVE-2021-46143
all versions
In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.
8.1HIGH
 CVE-2021-45960
all versions
In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to real
8.8HIGH
 CVE-2021-44228
all versions
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration
10.0CRITICAL
 CVE-2021-43618
all versions
GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow
7.5HIGH
 CVE-2021-22096
all versions
In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide
4.3MEDIUM
 CVE-2021-35621
all versions
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are
6.3MEDIUM
 CVE-2021-35618
all versions
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are
1.8LOW
 CVE-2021-35603
all versions
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions th
3.7LOW
 CVE-2021-35588
all versions
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions
3.1LOW
 CVE-2021-35586
all versions
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions
5.3MEDIUM
 CVE-2021-35578
all versions
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions th
5.3MEDIUM
 CVE-2021-35567
all versions
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versio
6.8MEDIUM
 CVE-2021-35565
all versions
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions th
5.3MEDIUM
 CVE-2021-35564
all versions
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Keytool). Supported versions
5.3MEDIUM
 CVE-2021-35561
all versions
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Utility). Supported versions
5.3MEDIUM
 CVE-2021-35559
all versions
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions t
5.3MEDIUM
 CVE-2021-35556
all versions
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions t
5.3MEDIUM
 CVE-2021-35550
all versions
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions th
5.9MEDIUM
 CVE-2021-41617
all versions
sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because
7.0HIGH
 CVE-2021-3711
all versions
In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an applic
9.8CRITICAL
 CVE-2021-22931
all versions
Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Code Execution, XSS, Application crashes due to missing input
9.8CRITICAL
 CVE-2021-22926
all versions
libcurl-using applications can ask for a specific client certificate to be used in a transfer. This is done with the `CURLOPT_SSLC
7.5HIGH
 CVE-2021-36222
all versions
ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x befor
7.5HIGH
 CVE-2021-35942
all versions
The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wor
9.1CRITICAL
 CVE-2021-2389
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and
5.9MEDIUM
 CVE-2021-2372
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and
4.4MEDIUM
 CVE-2021-35043
all versions
OWASP AntiSamy before 1.6.4 allows XSS via HTML attributes when using the HTML output serializer (XHTML is not affected). This was
6.1MEDIUM
 CVE-2021-36090
all versions
When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an ou
7.5HIGH
 CVE-2021-35517
all versions
When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an ou
7.5HIGH
 CVE-2021-35516
all versions
When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out
7.5HIGH
 CVE-2021-35515
all versions
When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infi
7.5HIGH
 CVE-2021-3541
all versions
A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and lea
6.5MEDIUM
 CVE-2021-36086
all versions
The CIL compiler in SELinux 3.2 has a use-after-free in cil_reset_classpermission (called from cil_reset_classperms_set and cil_re
3.3LOW
 CVE-2021-34428
all versions
For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, if an exception is thrown from the SessionListener#sessionDestroyed()
2.9LOW
 CVE-2021-22901
all versions
curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3
8.1HIGH
 CVE-2021-28169
all versions
For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded
5.3MEDIUM
 CVE-2021-3522
all versions
GStreamer before 1.18.4 may perform an out-of-bounds read when handling certain ID3v2 tags.
5.5MEDIUM
 CVE-2021-3520
all versions
There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer
9.8CRITICAL
 CVE-2020-25673
all versions
A vulnerability was found in Linux kernel where non-blocking socket in llcp_sock_connect() leads to leak and eventually hanging-up
5.5MEDIUM
 CVE-2020-25671
all versions
A vulnerability was found in Linux Kernel, where a refcount leak in llcp_sock_connect() causing use-after-free which might lead to
7.8HIGH
 CVE-2020-25670
all versions
A vulnerability was found in Linux Kernel where refcount leak in llcp_sock_bind() causing use-after-free which might lead to privi
7.8HIGH
 CVE-2020-25672
all versions
A memory leak vulnerability was found in Linux kernel in llcp_sock_connect
7.5HIGH
 CVE-2021-3517
all versions
There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a
8.6HIGH
 CVE-2021-3518
all versions
There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an applic
8.8HIGH
 CVE-2021-3537
all versions
A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content,
5.9MEDIUM
 CVE-2020-13529
all versions
An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a serve
6.1MEDIUM
 CVE-2021-25216
all versions
In BIND 9.5.0 - 9.11.29, 9.12.0 - 9.16.13, and versions BIND 9.11.3-S1 - 9.11.29-S1 and 9.16.8-S1 - 9.16.13-S1 of BIND Supported P
8.1HIGH
 CVE-2021-25215
all versions
In BIND 9.0.0 - 9.11.29, 9.12.0 - 9.16.13, and versions BIND 9.9.3-S1 - 9.11.29-S1 and 9.16.8-S1 - 9.16.13-S1 of BIND Supported Pr
7.5HIGH
 CVE-2021-25214
all versions
In BIND 9.8.5 - 9.8.8, 9.9.3 - 9.11.29, 9.12.0 - 9.16.13, and versions BIND 9.9.3-S1 - 9.11.29-S1 and 9.16.8-S1 - 9.16.13-S1 of BI
6.5MEDIUM
 CVE-2021-2308
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are aff
2.7LOW
 CVE-2021-2307
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Packaging). Supported versions that are affected are
6.1MEDIUM
 CVE-2021-2305
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.2
4.9MEDIUM
 CVE-2021-2304
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affec
5.5MEDIUM
 CVE-2021-2301
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are aff
2.7LOW
 CVE-2021-2300
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.2
4.9MEDIUM
 CVE-2021-2299
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are
4.9MEDIUM
 CVE-2021-2298
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are
6.5MEDIUM
 CVE-2021-2293
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affec
4.9MEDIUM
 CVE-2021-2278
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are
4.9MEDIUM
 CVE-2021-2232
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that a
1.9LOW
 CVE-2021-2230
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are
4.9MEDIUM
 CVE-2021-2226
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are aff
4.9MEDIUM
 CVE-2021-2217
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affec
4.9MEDIUM
 CVE-2021-2215
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affec
4.9MEDIUM
 CVE-2021-2213
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are
4.9MEDIUM
 CVE-2021-2212
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are
4.9MEDIUM
 CVE-2021-2208
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Partition). Supported versions that are affected are
4.9MEDIUM
 CVE-2021-2203
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are
4.9MEDIUM
 CVE-2021-2202
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected a
6.5MEDIUM
 CVE-2021-2201
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Partition). Supported versions that are affected are
4.9MEDIUM
 CVE-2021-2196
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.2
4.9MEDIUM
 CVE-2021-2194
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.33 and
4.9MEDIUM
 CVE-2021-2193
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are
4.9MEDIUM
 CVE-2021-2180
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.33 and
4.9MEDIUM
 CVE-2021-2179
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that a
4.9MEDIUM
 CVE-2021-2178
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected a
6.5MEDIUM
 CVE-2021-2174
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.33 and
4.4MEDIUM
 CVE-2021-2172
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.2
6.5MEDIUM
 CVE-2021-2171
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected a
4.4MEDIUM
 CVE-2021-2170
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are
4.9MEDIUM
 CVE-2021-2169
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are
4.9MEDIUM
 CVE-2021-2166
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.3
4.9MEDIUM
 CVE-2021-2164
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are
4.9MEDIUM
 CVE-2021-2163
all versions
Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries)
5.3MEDIUM
 CVE-2021-2162
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Audit Plug-in). Supported versions that are affected
4.3MEDIUM
 CVE-2021-2161
all versions
Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries)
5.9MEDIUM
 CVE-2021-2160
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are
4.9MEDIUM
 CVE-2021-2154
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.3
4.9MEDIUM
 CVE-2021-2146
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 5
4.9MEDIUM
 CVE-2021-2144
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 5.
7.2HIGH
 CVE-2021-29425
all versions
In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo",
4.8MEDIUM
 CVE-2021-20305
all versions
A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDS
8.1HIGH
 CVE-2021-3449
all versions
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renego
5.9MEDIUM
 CVE-2019-19343
all versions
A flaw was found in Undertow when using Remoting as shipped in Red Hat Jboss EAP before version 7.2.4. A memory leak in HttpOpenLi
7.5HIGH
 CVE-2021-20231
all versions
A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other c
9.8CRITICAL
 CVE-2021-22884
all versions
Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes “localhos
7.5HIGH
 CVE-2021-20220
all versions
A flaw was found in Undertow. A regression in the fix for CVE-2020-10687 was found. HTTP request smuggling related to CVE-2017-266
4.8MEDIUM
 CVE-2021-27219
all versions
An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on
7.5HIGH
 CVE-2021-27218
all versions
An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer
7.5HIGH
 CVE-2021-23337
all versions
Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.
7.2HIGH
 CVE-2021-21290
all versions
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high perfor
6.2MEDIUM
 CVE-2021-3156
all versions
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalatio
7.8HIGH
 CVE-2021-2011
all versions
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.32 and
5.9MEDIUM
 CVE-2021-2010
all versions
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.50 and
4.2MEDIUM
 CVE-2021-2007
all versions
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and
3.7LOW
 CVE-2021-2006
all versions
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 8.0.19 and
5.3MEDIUM
 CVE-2021-1998
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are
3.8LOW
 CVE-2021-20190
all versions
A flaw was found in jackson-databind before 2.9.10.7. FasterXML mishandles the interaction between serialization gadgets and typin
8.1HIGH
 CVE-2021-3177
all versions
Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in ce
9.8CRITICAL
 CVE-2020-8908
all versions
A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potent
3.3LOW
 CVE-2020-29661
all versions
A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-aft
7.8HIGH
 CVE-2020-29660
all versions
A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and dri
4.4MEDIUM
 CVE-2020-1971
all versions
The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPar
5.9MEDIUM
 CVE-2020-25711
all versions
A flaw was found in infinispan 10 REST API, where authorization permissions are not checked while performing some server managemen
6.5MEDIUM
 CVE-2020-13956
all versions
Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed
5.3MEDIUM
 CVE-2020-28196
all versions
MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message
7.5HIGH
 CVE-2020-25689
all versions
A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tries to reconnect in a loop, ge
5.3MEDIUM
 CVE-2020-14869
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: LDAP Auth). Supported versions that are af
4.9MEDIUM
 CVE-2020-14868
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are
4.9MEDIUM
 CVE-2020-14867
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 5.6.4
4.4MEDIUM
 CVE-2020-14866
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are
4.9MEDIUM
 CVE-2020-14861
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are
4.9MEDIUM
 CVE-2020-14860
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affect
2.7LOW
 CVE-2020-14853
all versions
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: NDBCluster Plugin). Supported versions that are af
4.6MEDIUM
 CVE-2020-14852
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Charsets). Supported versions that are affected are
4.9MEDIUM
 CVE-2020-14848
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.21 and
4.9MEDIUM
 CVE-2020-14846
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are
6.5MEDIUM
 CVE-2020-14845
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are
4.9MEDIUM
 CVE-2020-14844
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 8.0.21
4.9MEDIUM
 CVE-2020-14839
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are
4.9MEDIUM
 CVE-2020-14838
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are a
4.3MEDIUM
 CVE-2020-14837
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are
4.9MEDIUM
 CVE-2020-14836
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are
6.5MEDIUM
 CVE-2020-14830
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are
6.5MEDIUM
 CVE-2020-14829
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.21 and
4.9MEDIUM
 CVE-2020-14828
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.2
7.2HIGH
 CVE-2020-14827
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: LDAP Auth). Supported versions that are af
6.5MEDIUM
 CVE-2020-14821
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.21 and
4.9MEDIUM
 CVE-2020-14812
>= 9.5
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). Supported versions that are affected are 5
4.9MEDIUM
 CVE-2020-14809
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are
4.9MEDIUM
 CVE-2020-14804
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 8.0.2
4.9MEDIUM
 CVE-2020-14803
>= 9.5
Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 1
5.3MEDIUM
 CVE-2020-14800
>= 9.5
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are a
6.5MEDIUM
 CVE-2020-14799
>= 9.5
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are a
4.9MEDIUM
 CVE-2020-14798
>= 9.5
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affec
3.1LOW
 CVE-2020-14797
>= 9.5
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affec
3.7LOW
 CVE-2020-14796
>= 9.5
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affec
3.1LOW
 CVE-2020-14794
>= 9.5
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are
4.9MEDIUM
 CVE-2020-14793
>= 9.5
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are
4.9MEDIUM
 CVE-2020-14792
>= 9.5
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Hotspot). Supported versions that are affecte
4.2MEDIUM
 CVE-2020-14791
>= 9.5
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.21 and
2.2LOW
 CVE-2020-14790
>= 9.5
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 5.7.31
4.9MEDIUM
 CVE-2020-14789
>= 9.5
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.7.3
4.9MEDIUM
 CVE-2020-14786
>= 9.5
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 8.0.21
4.9MEDIUM
 CVE-2020-14785
>= 9.5
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are
4.9MEDIUM
 CVE-2020-14782
>= 9.5
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affec
3.7LOW
 CVE-2020-14781
>= 9.5
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JNDI). Supported versions that are affected a
3.7LOW
 CVE-2020-14779
>= 9.5
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are a
3.7LOW
 CVE-2020-14777
>= 9.5
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are
4.9MEDIUM
 CVE-2020-14775
>= 9.5
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.31 and
6.5MEDIUM
 CVE-2020-14773
>= 9.5
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are
4.9MEDIUM
 CVE-2020-14771
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: LDAP Auth). Supported versions that are af
2.2LOW
 CVE-2020-14769
>= 9.5
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are
6.5MEDIUM
 CVE-2020-14765
>= 9.5
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.6.4
6.5MEDIUM
 CVE-2020-14672
>= 9.5
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affec
4.9MEDIUM
 CVE-2020-24977
>= 9.5
GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The
6.5MEDIUM
 CVE-2020-24616
all versions
FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.
8.1HIGH
 CVE-2020-14356
all versions
A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found in the way when reboot
7.8HIGH
 CVE-2020-8575
< 9.5
Active IQ Unified Manager for VMware vSphere and Windows versions prior to 9.5 are susceptible to a vulnerability which allows adm
4.4MEDIUM
 CVE-2020-8574
< 9.6
Active IQ Unified Manager for Linux versions prior to 9.6 ship with the Java Management Extension Remote Method Invocation (JMX RM
7.8HIGH
 CVE-2020-16166
>= 9.5
The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the i
3.7LOW
 CVE-2020-15707
>= 9.5
Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shi
5.7MEDIUM
 CVE-2020-8174
all versions
napi_get_value_string_*() allows various kinds of memory corruption in node < 10.21.0, 12.18.0, and < 14.4.0.
8.1HIGH
 CVE-2020-14725
>= 9.5
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are
4.9MEDIUM
 CVE-2020-15778
>= 9.5
scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in th
7.4HIGH
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin