Skip to main content

Sd Wan Edge

24 CVEs product

Monthly

CVE-2022-22965 Maven CRITICAL POC KEV PATCH THREAT Act Now

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java RCE Code Injection Tomcat Spring Framework +37
NVD
CVSS 3.1
9.8
EPSS
99.7%
CVE-2022-22963 Maven CRITICAL POC KEV PATCH THREAT Act Now

In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java RCE Code Injection Spring Cloud Function Banking Branch +26
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
99.9%
CVE-2021-42340 Maven HIGH PATCH This Week

The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Tomcat Apache Denial Of Service Hci Management Services For Element Software +15
NVD
CVSS 3.1
7.5
EPSS
11.0%
CVE-2021-33037 Maven MEDIUM PATCH This Month

Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Tomcat Request Smuggling Apache Information Disclosure Tomee +20
NVD
CVSS 3.1
5.3
EPSS
75.4%
CVE-2020-35491 Maven HIGH POC PATCH This Week

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Apache Deserialization Jackson Databind Service Level Manager Debian Linux +23
NVD GitHub
CVSS 3.1
8.1
EPSS
9.5%
CVE-2020-17527 Maven HIGH PATCH This Week

While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Apache Tomcat Information Disclosure Element Plug In Oncommand System Manager +9
NVD
CVSS 3.1
7.5
EPSS
24.6%
CVE-2020-25649 Maven HIGH PATCH This Week

A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Jackson Databind Oncommand Api Services Oncommand Workflow Automation Service Level Manager +35
NVD GitHub
CVSS 3.1
7.5
EPSS
17.6%
CVE-2020-13943 Maven MEDIUM PATCH This Month

If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection (in violation. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Apache Tomcat Information Disclosure Debian Linux Instantis Enterprisetrack +1
NVD
CVSS 3.1
4.3
EPSS
57.3%
CVE-2020-24394 HIGH PATCH This Week

In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Linux Information Disclosure Linux Kernel Ubuntu Linux Leap +2
NVD
CVSS 3.1
7.1
EPSS
0.4%
CVE-2020-16166 LOW PATCH Monitor

The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Linux Information Disclosure Linux Kernel Leap Fedora +12
NVD GitHub
CVSS 3.1
3.7
EPSS
5.3%
CVE-2020-14606 CRITICAL PATCH Act Now

Vulnerability in the Oracle SD-WAN Edge product of Oracle Communications Applications (component: User Interface). Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Information Disclosure Sd Wan Edge
NVD
CVSS 3.1
10.0
EPSS
2.5%
CVE-2020-12723 HIGH PATCH This Week

regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Perl Oncommand Workflow Automation Snap Creator Framework Fedora +12
NVD GitHub
CVSS 3.1
7.5
EPSS
6.0%
CVE-2020-10543 HIGH PATCH This Week

Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Integer Overflow Perl Fedora Leap +12
NVD GitHub
CVSS 3.1
8.2
EPSS
11.3%
CVE-2020-12771 MEDIUM POC PATCH This Month

An issue was discovered in the Linux kernel through 5.6.11. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Linux Information Disclosure Linux Kernel Debian Linux Leap +21
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2019-5108 MEDIUM POC PATCH THREAT This Month

An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5.3. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Linux Information Disclosure Linux Kernel Debian Linux Ubuntu Linux +13
NVD
CVSS 3.1
6.5
EPSS
10.1%
CVE-2019-19922 MEDIUM POC PATCH This Month

kernel/sched/fair.c in the Linux kernel before 5.3.9, when cpu.cfs_quota_us is used (e.g., with Kubernetes), allows attackers to cause a denial of service against non-cpu-bound applications by. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Linux Kubernetes Linux Kernel Sd Wan Edge +12
NVD GitHub
CVSS 3.1
5.5
EPSS
0.9%
CVE-2019-19535 MEDIUM PATCH This Month

In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_fd.c driver, aka CID-30a8beeb3042. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Linux Information Disclosure Linux Kernel Debian Linux Leap +1
NVD
CVSS 3.1
4.6
EPSS
0.5%
CVE-2019-19063 MEDIUM PATCH This Month

Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption),. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Linux Linux Kernel Sd Wan Edge Ubuntu Linux +15
NVD GitHub
CVSS 3.1
4.6
EPSS
0.9%
CVE-2019-19052 HIGH PATCH This Week

A memory leak in the gs_can_open() function in drivers/net/can/usb/gs_usb.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Linux Linux Kernel Sd Wan Edge Ubuntu Linux +15
NVD GitHub
CVSS 3.1
7.5
EPSS
5.4%
CVE-2019-10219 Maven MEDIUM POC PATCH This Month

A vulnerability was found in Hibernate-Validator. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Hibernate Validator Fuse Jboss Data Grid Jboss Enterprise Application Platform +184
NVD GitHub
CVSS 3.1
6.1
EPSS
2.2%
CVE-2019-14821 HIGH PATCH This Week

An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Denial Of Service Buffer Overflow Linux Memory Corruption Linux Kernel +27
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2019-15218 MEDIUM POC PATCH This Month

An issue was discovered in the Linux kernel before 5.1.8. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Linux Linux Kernel H410c Firmware +8
NVD
CVSS 3.1
4.6
EPSS
0.8%
CVE-2019-1010238 CRITICAL POC PATCH Act Now

Gnome Pango 1.42 and later is affected by: Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow RCE Memory Corruption Pango Sd Wan Edge +11
NVD
CVSS 3.1
9.8
EPSS
6.3%
CVE-2019-3900 HIGH PATCH This Week

An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Linux Linux Kernel Fedora Enterprise Linux +11
NVD
CVSS 3.1
7.7
EPSS
4.4%
EPSS 100% CVSS 9.8
CRITICAL POC KEV PATCH THREAT Act Now

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java RCE Code Injection +39
NVD
EPSS 100% CVSS 9.8
CRITICAL POC KEV PATCH THREAT Act Now

In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java RCE Code Injection +28
NVD Exploit-DB
EPSS 11% CVSS 7.5
HIGH PATCH This Week

The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Tomcat Apache Denial Of Service +17
NVD
EPSS 75% CVSS 5.3
MEDIUM PATCH This Month

Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Tomcat Request Smuggling Apache +22
NVD
EPSS 9% CVSS 8.1
HIGH POC PATCH This Week

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Apache Deserialization Jackson Databind +25
NVD GitHub
EPSS 25% CVSS 7.5
HIGH PATCH This Week

While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Apache Tomcat Information Disclosure +11
NVD
EPSS 18% CVSS 7.5
HIGH PATCH This Week

A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Jackson Databind Oncommand Api Services +37
NVD GitHub
EPSS 57% CVSS 4.3
MEDIUM PATCH This Month

If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection (in violation. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Apache Tomcat Information Disclosure +3
NVD
EPSS 0% CVSS 7.1
HIGH PATCH This Week

In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Linux Information Disclosure Linux Kernel +4
NVD
EPSS 5% CVSS 3.7
LOW PATCH Monitor

The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Linux Information Disclosure Linux Kernel +14
NVD GitHub
EPSS 3% CVSS 10.0
CRITICAL PATCH Act Now

Vulnerability in the Oracle SD-WAN Edge product of Oracle Communications Applications (component: User Interface). Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Information Disclosure Sd Wan Edge
NVD
EPSS 6% CVSS 7.5
HIGH PATCH This Week

regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Perl Oncommand Workflow Automation +14
NVD GitHub
EPSS 11% CVSS 8.2
HIGH PATCH This Week

Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Integer Overflow Perl +14
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM POC PATCH This Month

An issue was discovered in the Linux kernel through 5.6.11. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Linux Information Disclosure Linux Kernel +23
NVD
EPSS 10% CVSS 6.5
MEDIUM POC PATCH THREAT This Month

An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5.3. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Linux Information Disclosure Linux Kernel +15
NVD
EPSS 1% CVSS 5.5
MEDIUM POC PATCH This Month

kernel/sched/fair.c in the Linux kernel before 5.3.9, when cpu.cfs_quota_us is used (e.g., with Kubernetes), allows attackers to cause a denial of service against non-cpu-bound applications by. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Linux Kubernetes +14
NVD GitHub
EPSS 1% CVSS 4.6
MEDIUM PATCH This Month

In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_fd.c driver, aka CID-30a8beeb3042. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Linux Information Disclosure Linux Kernel +3
NVD
EPSS 1% CVSS 4.6
MEDIUM PATCH This Month

Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption),. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Linux Linux Kernel +17
NVD GitHub
EPSS 5% CVSS 7.5
HIGH PATCH This Week

A memory leak in the gs_can_open() function in drivers/net/can/usb/gs_usb.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Linux Linux Kernel +17
NVD GitHub
EPSS 2% CVSS 6.1
MEDIUM POC PATCH This Month

A vulnerability was found in Hibernate-Validator. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Hibernate Validator Fuse +186
NVD GitHub
EPSS 1% CVSS 8.8
HIGH PATCH This Week

An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Denial Of Service Buffer Overflow Linux +29
NVD
EPSS 1% CVSS 4.6
MEDIUM POC PATCH This Month

An issue was discovered in the Linux kernel before 5.1.8. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Linux +10
NVD
EPSS 6% CVSS 9.8
CRITICAL POC PATCH Act Now

Gnome Pango 1.42 and later is affected by: Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow RCE Memory Corruption +13
NVD
EPSS 4% CVSS 7.7
HIGH PATCH This Week

An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Linux Linux Kernel +13
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy