Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-35252

Summary
Assigner-hackerone
Assigner Org ID-36234546-b8fa-4601-9d6f-f4e334aa8ea1
Published At-23 Sep, 2022 | 00:00
Updated At-05 May, 2025 | 16:14
Rejected At-
Credits

When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:hackerone
Assigner Org ID:36234546-b8fa-4601-9d6f-f4e334aa8ea1
Published At:23 Sep, 2022 | 00:00
Updated At:05 May, 2025 | 16:14
Rejected At:
â–¼CVE Numbering Authority (CNA)

When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings.

Affected Products
Vendor
n/a
Product
https://github.com/curl/curl
Versions
Affected
  • Fixed in curl 7.85.0
Problem Types
TypeCWE IDDescription
CWECWE-20Improper Input Validation (CWE-20)
Type: CWE
CWE ID: CWE-20
Description: Improper Input Validation (CWE-20)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://hackerone.com/reports/1613943
N/A
https://security.netapp.com/advisory/ntap-20220930-0005/
N/A
https://security.gentoo.org/glsa/202212-01
vendor-advisory
https://support.apple.com/kb/HT213603
N/A
https://support.apple.com/kb/HT213604
N/A
http://seclists.org/fulldisclosure/2023/Jan/20
mailing-list
http://seclists.org/fulldisclosure/2023/Jan/21
mailing-list
https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html
mailing-list
Hyperlink: https://hackerone.com/reports/1613943
Resource: N/A
Hyperlink: https://security.netapp.com/advisory/ntap-20220930-0005/
Resource: N/A
Hyperlink: https://security.gentoo.org/glsa/202212-01
Resource:
vendor-advisory
Hyperlink: https://support.apple.com/kb/HT213603
Resource: N/A
Hyperlink: https://support.apple.com/kb/HT213604
Resource: N/A
Hyperlink: http://seclists.org/fulldisclosure/2023/Jan/20
Resource:
mailing-list
Hyperlink: http://seclists.org/fulldisclosure/2023/Jan/21
Resource:
mailing-list
Hyperlink: https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html
Resource:
mailing-list
â–¼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://hackerone.com/reports/1613943
x_transferred
https://security.netapp.com/advisory/ntap-20220930-0005/
x_transferred
https://security.gentoo.org/glsa/202212-01
vendor-advisory
x_transferred
https://support.apple.com/kb/HT213603
x_transferred
https://support.apple.com/kb/HT213604
x_transferred
http://seclists.org/fulldisclosure/2023/Jan/20
mailing-list
x_transferred
http://seclists.org/fulldisclosure/2023/Jan/21
mailing-list
x_transferred
https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html
mailing-list
x_transferred
Hyperlink: https://hackerone.com/reports/1613943
Resource:
x_transferred
Hyperlink: https://security.netapp.com/advisory/ntap-20220930-0005/
Resource:
x_transferred
Hyperlink: https://security.gentoo.org/glsa/202212-01
Resource:
vendor-advisory
x_transferred
Hyperlink: https://support.apple.com/kb/HT213603
Resource:
x_transferred
Hyperlink: https://support.apple.com/kb/HT213604
Resource:
x_transferred
Hyperlink: http://seclists.org/fulldisclosure/2023/Jan/20
Resource:
mailing-list
x_transferred
Hyperlink: http://seclists.org/fulldisclosure/2023/Jan/21
Resource:
mailing-list
x_transferred
Hyperlink: https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html
Resource:
mailing-list
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
3.13.7LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Version: 3.1
Base score: 3.7
Base severity: LOW
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:support@hackerone.com
Published At:23 Sep, 2022 | 14:15
Updated At:05 May, 2025 | 17:18

When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.13.7LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Secondary3.13.7LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Type: Primary
Version: 3.1
Base score: 3.7
Base severity: LOW
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Type: Secondary
Version: 3.1
Base score: 3.7
Base severity: LOW
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
CPE Matches
CURL
haxx
>>curl>>Versions before 7.85.0(exclusive)
cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*
NetApp, Inc.
netapp
>>clustered_data_ontap>>-
cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*
NetApp, Inc.
netapp
>>element_software>>-
cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*
NetApp, Inc.
netapp
>>hci_management_node>>-
cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
NetApp, Inc.
netapp
>>solidfire>>-
cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
NetApp, Inc.
netapp
>>bootstrap_os>>-
cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*
NetApp, Inc.
netapp
>>hci_compute_node>>-
cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*
NetApp, Inc.
netapp
>>h300s_firmware>>-
cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*
NetApp, Inc.
netapp
>>h300s>>-
cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*
NetApp, Inc.
netapp
>>h500s_firmware>>-
cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*
NetApp, Inc.
netapp
>>h500s>>-
cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*
NetApp, Inc.
netapp
>>h700s_firmware>>-
cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*
NetApp, Inc.
netapp
>>h700s>>-
cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*
NetApp, Inc.
netapp
>>h410s_firmware>>-
cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*
NetApp, Inc.
netapp
>>h410s>>-
cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*
Apple Inc.
apple
>>macos>>Versions from 11.0(inclusive) to 11.7.3(exclusive)
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Apple Inc.
apple
>>macos>>Versions from 12.0.0(inclusive) to 12.6.3(exclusive)
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>10.0
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Splunk LLC (Cisco Systems, Inc.)
splunk
>>universal_forwarder>>Versions from 8.2.0(inclusive) to 8.2.12(exclusive)
cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*
Splunk LLC (Cisco Systems, Inc.)
splunk
>>universal_forwarder>>Versions from 9.0.0(inclusive) to 9.0.6(exclusive)
cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*
Splunk LLC (Cisco Systems, Inc.)
splunk
>>universal_forwarder>>9.1.0
cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-20Secondarysupport@hackerone.com
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE ID: CWE-20
Type: Secondary
Source: support@hackerone.com
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://seclists.org/fulldisclosure/2023/Jan/20support@hackerone.com
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2023/Jan/21support@hackerone.com
Mailing List
Third Party Advisory
https://hackerone.com/reports/1613943support@hackerone.com
Exploit
Issue Tracking
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/01/msg00028.htmlsupport@hackerone.com
Mailing List
Third Party Advisory
https://security.gentoo.org/glsa/202212-01support@hackerone.com
Third Party Advisory
https://security.netapp.com/advisory/ntap-20220930-0005/support@hackerone.com
Third Party Advisory
https://support.apple.com/kb/HT213603support@hackerone.com
Third Party Advisory
https://support.apple.com/kb/HT213604support@hackerone.com
Third Party Advisory
http://seclists.org/fulldisclosure/2023/Jan/20af854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2023/Jan/21af854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
https://hackerone.com/reports/1613943af854a3a-2127-422b-91ae-364da2661108
Exploit
Issue Tracking
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/01/msg00028.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
https://security.gentoo.org/glsa/202212-01af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://security.netapp.com/advisory/ntap-20220930-0005/af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://support.apple.com/kb/HT213603af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://support.apple.com/kb/HT213604af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Hyperlink: http://seclists.org/fulldisclosure/2023/Jan/20
Source: support@hackerone.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://seclists.org/fulldisclosure/2023/Jan/21
Source: support@hackerone.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: https://hackerone.com/reports/1613943
Source: support@hackerone.com
Resource:
Exploit
Issue Tracking
Third Party Advisory
Hyperlink: https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html
Source: support@hackerone.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: https://security.gentoo.org/glsa/202212-01
Source: support@hackerone.com
Resource:
Third Party Advisory
Hyperlink: https://security.netapp.com/advisory/ntap-20220930-0005/
Source: support@hackerone.com
Resource:
Third Party Advisory
Hyperlink: https://support.apple.com/kb/HT213603
Source: support@hackerone.com
Resource:
Third Party Advisory
Hyperlink: https://support.apple.com/kb/HT213604
Source: support@hackerone.com
Resource:
Third Party Advisory
Hyperlink: http://seclists.org/fulldisclosure/2023/Jan/20
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://seclists.org/fulldisclosure/2023/Jan/21
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: https://hackerone.com/reports/1613943
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Issue Tracking
Third Party Advisory
Hyperlink: https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: https://security.gentoo.org/glsa/202212-01
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://security.netapp.com/advisory/ntap-20220930-0005/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://support.apple.com/kb/HT213603
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://support.apple.com/kb/HT213604
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

1284Records found
CVE-2022-21443
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-3.7||LOW
EPSS-0.06% / 17.96%
||
7 Day CHG~0.00%
Published-19 Apr, 2022 | 20:37
Updated-03 Aug, 2024 | 02:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

Action-Not Available
Vendor-azulDebian GNU/LinuxNetApp, Inc.Oracle Corporation
Product-bootstrap_osactive_iq_unified_managercloud_insights_acquisition_unithci_compute_nodeelement_softwaresolidfiresantricity_unified_managerdebian_linuxgraalvmzuluhci_management_nodejava_see-series_santricity_os_controllere-series_santricity_storage_managere-series_santricity_web_servicescloud_secure_agentoncommand_insightJava SE JDK and JRE
CVE-2019-2973
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-3.7||LOW
EPSS-0.58% / 68.91%
||
7 Day CHG~0.00%
Published-16 Oct, 2019 | 17:40
Updated-01 Oct, 2024 | 16:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

Action-Not Available
Vendor-Red Hat, Inc.openSUSEOracle CorporationNetApp, Inc.Canonical Ltd.Debian GNU/Linux
Product-enterprise_linux_serverubuntu_linuxenterprise_linux_server_ausenterprise_linuxactive_iq_unified_managersatellitejdke-series_santricity_web_services_proxyoncommand_workflow_automationdebian_linuxe-series_santricity_unified_managersnapmanagerjreenterprise_linux_workstatione-series_santricity_os_controllere-series_santricity_storage_managerenterprise_linux_eusenterprise_linux_server_tusenterprise_linux_desktopleapJava
CVE-2021-35613
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-3.7||LOW
EPSS-0.73% / 72.79%
||
7 Day CHG~0.00%
Published-20 Oct, 2021 | 10:50
Updated-25 Sep, 2024 | 19:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

Action-Not Available
Vendor-NetApp, Inc.Oracle Corporation
Product-oncommand_insightmysql_clustersnapcenterMySQL Cluster
CVE-2020-2755
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-3.7||LOW
EPSS-0.21% / 43.00%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 13:29
Updated-30 Sep, 2024 | 15:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

Action-Not Available
Vendor-Debian GNU/LinuxMcAfee, LLCNetApp, Inc.Fedora ProjectopenSUSEOracle CorporationCanonical Ltd.
Product-ubuntu_linuxopenjdkepolicy_orchestratorcloud_backuponcommand_insighte-series_performance_analyzeractive_iq_unified_managerjdkstoragegridsantricity_unified_managersteelstore_cloud_integrated_storagedebian_linuxsnapmanagerjree-series_santricity_os_controllerfedora7-mode_transition_toole-series_santricity_web_servicescloud_secure_agentleapJava
CVE-2020-2773
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-3.7||LOW
EPSS-0.77% / 73.65%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 13:29
Updated-30 Sep, 2024 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

Action-Not Available
Vendor-Debian GNU/LinuxMcAfee, LLCNetApp, Inc.Fedora ProjectopenSUSEOracle CorporationCanonical Ltd.
Product-ubuntu_linuxopenjdkepolicy_orchestratorcloud_backupe-series_performance_analyzeractive_iq_unified_managerjdkleaponcommand_workflow_automationstoragegridsantricity_unified_managersteelstore_cloud_integrated_storagedebian_linuxsnapmanagerjrefedorae-series_santricity_os_controller7-mode_transition_toole-series_santricity_web_servicescloud_secure_agentoncommand_insightJava
CVE-2020-2659
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-3.7||LOW
EPSS-0.29% / 52.61%
||
7 Day CHG~0.00%
Published-15 Jan, 2020 | 16:34
Updated-30 Sep, 2024 | 15:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241 and 8u231; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

Action-Not Available
Vendor-Red Hat, Inc.openSUSEOracle CorporationNetApp, Inc.Canonical Ltd.Debian GNU/Linux
Product-enterprise_linux_serverubuntu_linuxopenjdkoncommand_insightenterprise_linux_server_ause-series_santricity_management_plug-inse-series_performance_analyzerenterprise_linuxactive_iq_unified_managerjdke-series_santricity_web_services_proxyoncommand_workflow_automationsantricity_unified_managersteelstore_cloud_integrated_storagedebian_linuxjreenterprise_linux_workstatione-series_santricity_os_controllere-series_santricity_storage_managerenterprise_linux_eusenterprise_linux_server_tusenterprise_linux_desktopleapJava
CVE-2020-2756
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-3.7||LOW
EPSS-0.26% / 49.36%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 13:29
Updated-30 Sep, 2024 | 15:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

Action-Not Available
Vendor-Debian GNU/LinuxMcAfee, LLCNetApp, Inc.Fedora ProjectopenSUSEOracle CorporationCanonical Ltd.
Product-ubuntu_linuxopenjdkepolicy_orchestratorcloud_backuponcommand_insighte-series_performance_analyzeractive_iq_unified_managerjdkstoragegridsantricity_unified_managersteelstore_cloud_integrated_storagedebian_linuxsnapmanagerjree-series_santricity_os_controllerfedora7-mode_transition_toole-series_santricity_web_servicescloud_secure_agentleapJava
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2020-2757
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-3.7||LOW
EPSS-0.26% / 49.36%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 13:29
Updated-30 Sep, 2024 | 15:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

Action-Not Available
Vendor-Debian GNU/LinuxMcAfee, LLCNetApp, Inc.Fedora ProjectopenSUSEOracle CorporationCanonical Ltd.
Product-ubuntu_linuxopenjdkepolicy_orchestratorcloud_backuponcommand_insighte-series_performance_analyzeractive_iq_unified_managerjdkoncommand_workflow_automationstoragegridsantricity_unified_managersteelstore_cloud_integrated_storagedebian_linuxsnapmanagerjree-series_santricity_os_controllerfedora7-mode_transition_toole-series_santricity_web_servicescloud_secure_agentleapJava
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2020-2754
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-3.7||LOW
EPSS-0.29% / 52.75%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 13:29
Updated-30 Sep, 2024 | 15:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

Action-Not Available
Vendor-Debian GNU/LinuxMcAfee, LLCNetApp, Inc.Fedora ProjectopenSUSEOracle CorporationCanonical Ltd.
Product-ubuntu_linuxopenjdkdebian_linuxepolicy_orchestratorsnapmanagerjree-series_santricity_os_controlleractive_iq_unified_managerfedorajdkstoragegridleapJava
CVE-2020-2654
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-3.7||LOW
EPSS-0.34% / 56.69%
||
7 Day CHG~0.00%
Published-15 Jan, 2020 | 16:34
Updated-30 Sep, 2024 | 15:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

Action-Not Available
Vendor-Debian GNU/LinuxMcAfee, LLCNetApp, Inc.Red Hat, Inc.openSUSEOracle CorporationCanonical Ltd.
Product-ubuntu_linuxopenjdkepolicy_orchestratore-series_performance_analyzerenterprise_linux_server_ause-series_santricity_management_plug-insenterprise_linuxactive_iq_unified_managerjdke-series_santricity_web_services_proxyleaponcommand_workflow_automationsantricity_unified_managersteelstore_cloud_integrated_storagedebian_linuxjreenterprise_linux_workstatione-series_santricity_os_controllere-series_santricity_storage_managerenterprise_linux_eusenterprise_linux_server_tusenterprise_linux_desktoponcommand_insightJava
CVE-2020-2583
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-3.7||LOW
EPSS-0.52% / 66.91%
||
7 Day CHG~0.00%
Published-15 Jan, 2020 | 16:34
Updated-30 Sep, 2024 | 16:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

Action-Not Available
Vendor-Debian GNU/LinuxMcAfee, LLCNetApp, Inc.Red Hat, Inc.openSUSEOracle CorporationCanonical Ltd.
Product-enterprise_linux_serverubuntu_linuxopenjdkepolicy_orchestratoroncommand_insightenterprise_linux_server_ause-series_performance_analyzerenterprise_linuxactive_iq_unified_managerjdkoncommand_workflow_automationsantricity_unified_managersteelstore_cloud_integrated_storagedebian_linuxjreenterprise_linux_workstatione-series_santricity_os_controllere-series_santricity_storage_managere-series_santricity_managemententerprise_linux_euse-series_santricity_web_servicesenterprise_linux_server_tusenterprise_linux_desktopleapJava
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2019-2983
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-3.7||LOW
EPSS-0.34% / 57.01%
||
7 Day CHG~0.00%
Published-16 Oct, 2019 | 17:40
Updated-01 Oct, 2024 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

Action-Not Available
Vendor-Red Hat, Inc.openSUSEOracle CorporationNetApp, Inc.Canonical Ltd.Debian GNU/Linux
Product-enterprise_linux_serverubuntu_linuxenterprise_linux_server_ausenterprise_linuxsatellitejdke-series_santricity_web_services_proxyoncommand_workflow_automationdebian_linuxe-series_santricity_unified_managersnapmanagerjreenterprise_linux_workstatione-series_santricity_os_controllere-series_santricity_storage_managerenterprise_linux_eusenterprise_linux_server_tusenterprise_linux_desktopleapJava
CVE-2024-21144
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-3.7||LOW
EPSS-0.05% / 14.87%
||
7 Day CHG~0.00%
Published-16 Jul, 2024 | 22:39
Updated-25 Mar, 2025 | 16:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

Action-Not Available
Vendor-NetApp, Inc.Oracle Corporation
Product-jrejdkoncommand_workflow_automationgraalvmJava SE JDK and JRE
CVE-2024-21085
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-3.7||LOW
EPSS-0.10% / 27.26%
||
7 Day CHG~0.00%
Published-16 Apr, 2024 | 21:26
Updated-21 May, 2025 | 19:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

Action-Not Available
Vendor-Oracle CorporationNetApp, Inc.Debian GNU/Linux
Product-jregraalvmdata_infrastructure_insights_storage_workload_security_agentjdkdata_infrastructure_insights_acquisition_unitdebian_linuxactive_iq_unified_manageroncommand_insightoncommand_workflow_automationJava SE JDK and JRE
CVE-2020-14578
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-3.7||LOW
EPSS-0.16% / 36.21%
||
7 Day CHG~0.00%
Published-15 Jul, 2020 | 17:34
Updated-27 May, 2025 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

Action-Not Available
Vendor-Fedora ProjectDebian GNU/LinuxNetApp, Inc.Oracle CorporationCanonical Ltd.openSUSEMcAfee, LLC
Product-steelstore_cloud_integrated_storageactive_iq_unified_managerstoragegridsantricity_unified_managere-series_performance_analyzeroncommand_workflow_automationepolicy_orchestratorcloud_secure_agent7-mode_transition_toolubuntu_linuxopenjdksnapmanagerleapcloud_backupjdkfedorae-series_santricity_os_controllere-series_santricity_web_servicesdebian_linuxjreoncommand_insightJava
CVE-2020-14779
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-3.7||LOW
EPSS-0.20% / 41.78%
||
7 Day CHG~0.00%
Published-21 Oct, 2020 | 14:04
Updated-27 May, 2025 | 16:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

Action-Not Available
Vendor-Fedora ProjectDebian GNU/LinuxNetApp, Inc.Oracle CorporationopenSUSE
Product-active_iq_unified_managersantricity_cloud_connectorsantricity_unified_managersolidfire7-mode_transition_toolopenjdkjresnapmanagerleaponcommand_unified_manager_core_packagejdke-series_santricity_storage_managerfedorae-series_santricity_os_controllere-series_santricity_web_serviceshci_storage_nodedebian_linuxhci_management_nodeoncommand_insightJava SE JDK and JRE
CVE-2020-11810
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-3.7||LOW
EPSS-2.36% / 85.05%
||
7 Day CHG~0.00%
Published-27 Apr, 2020 | 14:47
Updated-04 Aug, 2024 | 11:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in OpenVPN 2.4.x before 2.4.9. An attacker can inject a data channel v2 (P_DATA_V2) packet using a victim's peer-id. Normally such packets are dropped, but if this packet arrives before the data channel crypto parameters have been initialized, the victim's connection will be dropped. This requires careful timing due to the small time window (usually within a few seconds) between the victim client connection starting and the server PUSH_REPLY response back to the client. This attack will only work if Negotiable Cipher Parameters (NCP) is in use.

Action-Not Available
Vendor-openvpnn/aDebian GNU/LinuxFedora Project
Product-debian_linuxfedoraopenvpnn/a
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2020-11080
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-3.7||LOW
EPSS-1.25% / 79.45%
||
7 Day CHG+0.51%
Published-03 Jun, 2020 | 00:00
Updated-09 Jun, 2025 | 15:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial of service in nghttp2

In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes (2400 individual settings entries) over and over again. The attack causes the CPU to spike at 100%. nghttp2 v1.41.0 fixes this vulnerability. There is a workaround to this vulnerability. Implement nghttp2_on_frame_recv_callback callback, and if received frame is SETTINGS frame and the number of settings entries are large (e.g., > 32), then drop the connection.

Action-Not Available
Vendor-nghttp2nghttp2Oracle CorporationFedora ProjectDebian GNU/LinuxNode.js (OpenJS Foundation)openSUSE
Product-debian_linuxblockchain_platformgraalvmnghttp2fedorabanking_extensibility_workbenchenterprise_communications_brokermysqlnode.jsleapnghttp2
CWE ID-CWE-707
Improper Neutralization
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2019-2964
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-3.7||LOW
EPSS-0.48% / 64.98%
||
7 Day CHG~0.00%
Published-16 Oct, 2019 | 17:40
Updated-01 Oct, 2024 | 16:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

Action-Not Available
Vendor-Red Hat, Inc.openSUSEOracle CorporationNetApp, Inc.Canonical Ltd.Debian GNU/Linux
Product-enterprise_linux_serverubuntu_linuxenterprise_linux_server_ausenterprise_linuxsatellitejdke-series_santricity_web_services_proxyoncommand_workflow_automationdebian_linuxe-series_santricity_unified_managersnapmanagerjreenterprise_linux_workstatione-series_santricity_os_controllere-series_santricity_storage_managerenterprise_linux_eusenterprise_linux_server_tusenterprise_linux_desktopleapJava
CVE-2024-21138
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-3.7||LOW
EPSS-0.33% / 56.17%
||
7 Day CHG~0.00%
Published-16 Jul, 2024 | 22:39
Updated-13 Mar, 2025 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

Action-Not Available
Vendor-NetApp, Inc.Oracle Corporation
Product-bluexpgraalvmjredata_infrastructure_insights_storage_workload_security_agentactive_iq_unified_managerjdkoncommand_workflow_automationgraalvm_for_jdkoncommand_insightJava SE JDK and JRE
CVE-2019-2987
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-3.7||LOW
EPSS-0.71% / 72.38%
||
7 Day CHG~0.00%
Published-16 Oct, 2019 | 17:40
Updated-01 Oct, 2024 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java SE product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

Action-Not Available
Vendor-Red Hat, Inc.Debian GNU/LinuxNetApp, Inc.Oracle Corporation
Product-enterprise_linux_serverdebian_linuxe-series_santricity_unified_managersnapmanagerjreenterprise_linux_workstatione-series_santricity_os_controllere-series_santricity_storage_managerjdke-series_santricity_web_services_proxyoncommand_workflow_automationenterprise_linux_desktopJava
CVE-2019-2962
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-3.7||LOW
EPSS-0.48% / 64.98%
||
7 Day CHG~0.00%
Published-16 Oct, 2019 | 17:40
Updated-01 Oct, 2024 | 16:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

Action-Not Available
Vendor-Red Hat, Inc.openSUSEOracle CorporationNetApp, Inc.Canonical Ltd.Debian GNU/Linux
Product-enterprise_linux_serverubuntu_linuxenterprise_linux_server_ausenterprise_linuxsatellitejdke-series_santricity_web_services_proxyoncommand_workflow_automationdebian_linuxe-series_santricity_unified_managersnapmanagerjreenterprise_linux_workstatione-series_santricity_os_controllere-series_santricity_storage_managerenterprise_linux_eusenterprise_linux_server_tusenterprise_linux_desktopleapJava
CVE-2023-22036
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-3.7||LOW
EPSS-0.10% / 26.57%
||
7 Day CHG~0.00%
Published-18 Jul, 2023 | 20:18
Updated-13 Feb, 2025 | 16:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Utility). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

Action-Not Available
Vendor-Debian GNU/LinuxOracle CorporationNetApp, Inc.
Product-debian_linuxgraalvmcloud_insights_storage_workload_security_agentjre7-mode_transition_toolactive_iq_unified_managerjdkcloud_insights_acquisition_unitgraalvm_for_jdkoncommand_insightJava SE JDK and JRE
CVE-2024-21011
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-3.7||LOW
EPSS-0.34% / 56.71%
||
7 Day CHG~0.00%
Published-16 Apr, 2024 | 21:26
Updated-21 May, 2025 | 19:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

Action-Not Available
Vendor-Oracle CorporationNetApp, Inc.Debian GNU/Linux
Product-graalvm_for_jdkjregraalvmdata_infrastructure_insights_storage_workload_security_agentjdkdata_infrastructure_insights_acquisition_unitdebian_linuxactive_iq_unified_manageroncommand_insightoncommand_workflow_automationJava SE JDK and JRE
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2025-4215
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-2.3||LOW
EPSS-1.34% / 80.18%
||
7 Day CHG~0.00%
Published-02 May, 2025 | 20:31
Updated-17 Jun, 2025 | 14:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
gorhill uBlock Origin UI 1p-filters.js currentStateChanged redos

A vulnerability was found in gorhill uBlock Origin up to 1.63.3b16. It has been classified as problematic. Affected is the function currentStateChanged of the file src/js/1p-filters.js of the component UI. The manipulation leads to inefficient regular expression complexity. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 1.63.3b17 is able to address this issue. The patch is identified as eaedaf5b10d2f7857c6b77fbf7d4a80681d4d46c. It is recommended to upgrade the affected component.

Action-Not Available
Vendor-ublockorigingorhillDebian GNU/Linux
Product-debian_linuxublock_originuBlock Origin
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2019-2988
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-3.7||LOW
EPSS-0.51% / 66.69%
||
7 Day CHG~0.00%
Published-16 Oct, 2019 | 17:40
Updated-01 Oct, 2024 | 16:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

Action-Not Available
Vendor-Red Hat, Inc.openSUSEOracle CorporationNetApp, Inc.Canonical Ltd.Debian GNU/Linux
Product-enterprise_linux_serverubuntu_linuxenterprise_linux_server_ausenterprise_linuxsatellitejdke-series_santricity_web_services_proxyoncommand_workflow_automationdebian_linuxe-series_santricity_unified_managersnapmanagerjreenterprise_linux_workstatione-series_santricity_os_controllere-series_santricity_storage_managerenterprise_linux_eusenterprise_linux_server_tusenterprise_linux_desktopleapJava
CVE-2021-2411
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-3.7||LOW
EPSS-0.91% / 75.87%
||
7 Day CHG~0.00%
Published-20 Jul, 2021 | 22:44
Updated-26 Sep, 2024 | 13:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: JS module). Supported versions that are affected are 8.0.25 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

Action-Not Available
Vendor-NetApp, Inc.Oracle Corporation
Product-mysql_clusteroncommand_insightMySQL Cluster
CVE-2018-2952
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-3.7||LOW
EPSS-0.12% / 30.30%
||
7 Day CHG~0.00%
Published-18 Jul, 2018 | 13:00
Updated-02 Oct, 2024 | 20:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171; JRockit: R28.3.18. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

Action-Not Available
Vendor-Canonical Ltd.Debian GNU/LinuxHP Inc.NetApp, Inc.Oracle CorporationRed Hat, Inc.
Product-enterprise_linux_serverubuntu_linuxvirtual_storage_consolexp7_command_viewcloud_backupenterprise_linux_server_ausactive_iq_unified_managersatellitejdkoncommand_workflow_automationjrockitsteelstore_cloud_integrated_storagedebian_linuxplug-in_for_symantec_netbackupstorage_replication_adapter_for_clustered_data_ontapsnapmanagerjreenterprise_linux_workstatione-series_santricity_os_controllere-series_santricity_storage_managerenterprise_linux_eusvasa_provider_for_clustered_data_ontapenterprise_linux_server_tusoncommand_unified_managerenterprise_linux_desktoponcommand_insightJava
CVE-2020-14579
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-3.7||LOW
EPSS-0.16% / 36.21%
||
7 Day CHG~0.00%
Published-15 Jul, 2020 | 17:34
Updated-27 May, 2025 | 16:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

Action-Not Available
Vendor-Fedora ProjectDebian GNU/LinuxNetApp, Inc.Oracle CorporationCanonical Ltd.openSUSEMcAfee, LLC
Product-steelstore_cloud_integrated_storageactive_iq_unified_managerstoragegridsantricity_unified_managere-series_performance_analyzeroncommand_workflow_automationepolicy_orchestratorcloud_secure_agent7-mode_transition_toolubuntu_linuxopenjdksnapmanagerleapcloud_backupjdkfedorae-series_santricity_os_controllere-series_santricity_web_servicesdebian_linuxjreoncommand_insightJava
CVE-2019-2981
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-3.7||LOW
EPSS-0.33% / 56.12%
||
7 Day CHG~0.00%
Published-16 Oct, 2019 | 17:40
Updated-01 Oct, 2024 | 16:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

Action-Not Available
Vendor-Red Hat, Inc.openSUSEOracle CorporationNetApp, Inc.Canonical Ltd.Debian GNU/Linux
Product-enterprise_linux_serverubuntu_linuxenterprise_linux_server_ausenterprise_linuxsatellitejdke-series_santricity_web_services_proxyoncommand_workflow_automationdebian_linuxe-series_santricity_unified_managersnapmanagerjreenterprise_linux_workstatione-series_santricity_os_controllere-series_santricity_storage_managerenterprise_linux_eusenterprise_linux_server_tusenterprise_linux_desktopleapJava
CVE-2019-2992
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-3.7||LOW
EPSS-0.90% / 75.79%
||
7 Day CHG~0.00%
Published-16 Oct, 2019 | 17:40
Updated-01 Oct, 2024 | 16:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

Action-Not Available
Vendor-Red Hat, Inc.openSUSEOracle CorporationNetApp, Inc.Canonical Ltd.Debian GNU/Linux
Product-enterprise_linux_serverubuntu_linuxenterprise_linux_server_ausenterprise_linuxsatellitejdke-series_santricity_web_services_proxyoncommand_workflow_automationdebian_linuxe-series_santricity_unified_managersnapmanagerjreenterprise_linux_workstatione-series_santricity_os_controllere-series_santricity_storage_managerenterprise_linux_eusenterprise_linux_server_tusenterprise_linux_desktopleapJava
CVE-2019-2978
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-3.7||LOW
EPSS-0.48% / 64.99%
||
7 Day CHG~0.00%
Published-16 Oct, 2019 | 17:40
Updated-01 Oct, 2024 | 16:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

Action-Not Available
Vendor-Red Hat, Inc.openSUSEOracle CorporationNetApp, Inc.Canonical Ltd.Debian GNU/Linux
Product-enterprise_linux_serverubuntu_linuxenterprise_linux_server_ausenterprise_linuxactive_iq_unified_managersatellitejdke-series_santricity_web_services_proxyoncommand_workflow_automationdebian_linuxe-series_santricity_unified_managersnapmanagerjreenterprise_linux_workstatione-series_santricity_os_controllere-series_santricity_storage_managerenterprise_linux_eusenterprise_linux_server_tusenterprise_linux_desktopleapJava
CVE-2022-35666
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.31% / 53.90%
||
7 Day CHG~0.00%
Published-11 Aug, 2022 | 14:45
Updated-23 Apr, 2025 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Acrobat Reader Improper Input Validation Remote Code Execution Vulnerability

Adobe Acrobat Reader versions 22.001.20169 (and earlier), 20.005.30362 (and earlier) and 17.012.30249 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Reader
CWE ID-CWE-20
Improper Input Validation
CVE-2012-0641
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-5||MEDIUM
EPSS-0.56% / 68.27%
||
7 Day CHG~0.00%
Published-08 Mar, 2012 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CFNetwork in Apple iOS before 5.1 does not properly construct request headers during parsing of URLs, which allows remote attackers to obtain sensitive information via a malformed URL, a different vulnerability than CVE-2011-3447.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2018-14339
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.72% / 82.55%
||
7 Day CHG~0.00%
Published-19 Jul, 2018 | 02:00
Updated-05 Aug, 2024 | 09:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the MMSE dissector could go into an infinite loop. This was addressed in epan/proto.c by adding offset and length validation.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/Linux
Product-wiresharkdebian_linuxn/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CWE ID-CWE-20
Improper Input Validation
CVE-2012-0867
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-1.87% / 83.24%
||
7 Day CHG~0.00%
Published-18 Jul, 2012 | 23:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 truncates the common name to only 32 characters when verifying SSL certificates, which allows remote attackers to spoof connections when the host name is exactly 32 characters.

Action-Not Available
Vendor-n/aopenSUSEThe PostgreSQL Global Development GroupRed Hat, Inc.Debian GNU/Linux
Product-debian_linuxenterprise_linux_serverdesktop_workstationenterprise_linux_workstationenterprise_linux_desktopopensusepostgresqlenterprise_linux_server_eusenterprise_linux_hpc_nodeenterprise_linux_server_ausenterprise_linuxn/a
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-295
Improper Certificate Validation
CVE-2026-7360
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-3.1||LOW
EPSS-0.03% / 8.82%
||
7 Day CHG~0.00%
Published-28 Apr, 2026 | 22:35
Updated-30 Apr, 2026 | 16:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient validation of untrusted input. in Compositing in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationGoogle LLCLinux Kernel Organization, Inc
Product-chromewindowslinux_kernelmacosChrome
CWE ID-CWE-20
Improper Input Validation
CVE-2026-7916
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-8.3||HIGH
EPSS-0.10% / 26.85%
||
7 Day CHG~0.00%
Published-06 May, 2026 | 18:12
Updated-08 May, 2026 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient data validation in InterestGroups in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Apple Inc.Google LLCLinux Kernel Organization, IncMicrosoft Corporation
Product-chromewindowslinux_kernelmacosChrome
CWE ID-CWE-20
Improper Input Validation
CVE-2022-36351
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.14% / 33.88%
||
7 Day CHG+0.06%
Published-11 Aug, 2023 | 02:36
Updated-13 Feb, 2025 | 16:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow an unauthenticated user to potentially enable denial of service via adjacent access.

Action-Not Available
Vendor-n/aIntel CorporationDebian GNU/LinuxFedora Project
Product-killer_wi-fi_6e_ax1690wi-fi_6_ax203debian_linuxfedorakillerwi-fi_6_ax201wi-fi_6e_ax211killer_wi-fi_6e_ax1675wi-fi_6e_ax210wi-fi_6_ax200wi-fi_6e_ax411killer_wi-fi_6_ax1650wi-fi_6_ax101uefi_firmwareproset\/wireless_wifiIntel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software
CWE ID-CWE-20
Improper Input Validation
CVE-2026-7989
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-4.2||MEDIUM
EPSS-0.04% / 10.70%
||
7 Day CHG~0.00%
Published-06 May, 2026 | 18:13
Updated-08 May, 2026 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient data validation in DataTransfer in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Apple Inc.Google LLCLinux Kernel Organization, IncMicrosoft Corporation
Product-chromewindowslinux_kernelmacosChrome
CWE ID-CWE-20
Improper Input Validation
CVE-2015-7079
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-9.3||HIGH
EPSS-1.10% / 78.14%
||
7 Day CHG~0.00%
Published-11 Dec, 2015 | 11:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

dyld in Apple iOS before 9.2 and tvOS before 9.1 mishandles segment validation, which allows attackers to execute arbitrary code in a privileged context via a crafted app.

Action-Not Available
Vendor-n/aApple Inc.
Product-tvosiphone_osn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2012-0584
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-6.4||MEDIUM
EPSS-0.70% / 72.18%
||
7 Day CHG~0.00%
Published-12 Mar, 2012 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Internationalized Domain Name (IDN) feature in Apple Safari before 5.1.4 on Windows does not properly restrict the characters in URLs, which allows remote attackers to spoof a domain name via unspecified homoglyphs.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.
Product-windowssafarin/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-7094
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-2.6||LOW
EPSS-0.34% / 56.46%
||
7 Day CHG~0.00%
Published-11 Dec, 2015 | 11:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CFNetwork HTTPProtocol in Apple iOS before 9.2 and OS X before 10.11.2 allows man-in-the-middle attackers to bypass the HSTS protection mechanism via a crafted URL.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osmac_os_xn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2022-35668
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-0.22% / 44.84%
||
7 Day CHG~0.00%
Published-11 Aug, 2022 | 14:44
Updated-23 Apr, 2025 | 17:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Acrobat Reader Improper Input Validation Memory leak

Adobe Acrobat Reader versions 22.001.20169 (and earlier), 20.005.30362 (and earlier) and 17.012.30249 (and earlier) are affected by an Improper Input Validation vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Reader
CWE ID-CWE-20
Improper Input Validation
CVE-2015-7703
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-8.07% / 92.20%
||
7 Day CHG~0.00%
Published-24 Jul, 2017 | 14:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The "pidfile" or "driftfile" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, when ntpd is configured to allow remote configuration, allows remote attackers with an IP address that is allowed to send configuration requests, and with knowledge of the remote configuration password to write to arbitrary files via the :config command.

Action-Not Available
Vendor-ntpn/aOracle CorporationRed Hat, Inc.Debian GNU/LinuxNetApp, Inc.
Product-data_ontapdebian_linuxenterprise_linux_serverenterprise_linux_workstationoncommand_performance_managerntpenterprise_linux_desktopenterprise_linux_server_tusclustered_data_ontapenterprise_linux_server_euslinuxenterprise_linux_server_ausoncommand_unified_managern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-7702
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.77% / 82.83%
||
7 Day CHG~0.00%
Published-07 Aug, 2017 | 20:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.

Action-Not Available
Vendor-ntpn/aOracle CorporationRed Hat, Inc.Debian GNU/LinuxNetApp, Inc.
Product-data_ontapdebian_linuxenterprise_linux_serverenterprise_linux_workstationoncommand_performance_managerntpenterprise_linux_desktopenterprise_linux_server_tusclustered_data_ontapenterprise_linux_server_euslinuxenterprise_linux_server_ausoncommand_unified_managern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2012-0674
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.36% / 58.14%
||
7 Day CHG~0.00%
Published-08 May, 2012 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Safari in Apple iOS before 5.1.1 allows remote attackers to spoof the location bar's URL via a crafted web site.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2012-0051
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7.4||HIGH
EPSS-1.35% / 80.27%
||
7 Day CHG~0.00%
Published-07 Nov, 2019 | 17:23
Updated-06 Aug, 2024 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tahoe-LAFS 1.9.0 fails to ensure integrity which allows remote attackers to corrupt mutable files or directories upon retrieval.

Action-Not Available
Vendor-tahoe-lafstahoe-lafsDebian GNU/Linux
Product-tahoe-lafsdebian_linuxtahoe-lafs
CWE ID-CWE-20
Improper Input Validation
CVE-2012-0247
Matching Score-6
Assigner-CERT/CC
ShareView Details
Matching Score-6
Assigner-CERT/CC
CVSS Score-8.8||HIGH
EPSS-4.21% / 88.82%
||
7 Day CHG~0.00%
Published-05 Jun, 2012 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset and count values in the ResolutionUnit tag in the EXIF IFD0 of an image.

Action-Not Available
Vendor-n/aCanonical Ltd.ImageMagick Studio LLCRed Hat, Inc.Debian GNU/Linux
Product-debian_linuximagemagickubuntu_linuxenterprise_linux_serverenterprise_linux_workstationenterprise_linux_desktopstorageenterprise_linux_server_eusenterprise_linux_server_ausenterprise_linux_eusn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2018-14680
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-2.92% / 86.51%
||
7 Day CHG~0.00%
Published-28 Jul, 2018 | 23:00
Updated-05 Aug, 2024 | 09:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM filenames.

Action-Not Available
Vendor-cabextract_projectcabextractn/aCanonical Ltd.Red Hat, Inc.Debian GNU/Linux
Product-enterprise_linux_serverubuntu_linuxlibmspackdebian_linuxenterprise_linux_workstationenterprise_linux_desktopcabextractansible_towern/a
CWE ID-CWE-20
Improper Input Validation
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 25
  • 26
  • Next
Details not found