Vulnerabilities (CVE)

Vendor filter

Netapp Subscribe

Filter

227 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-15902 4 Linux, Netapp, Debian and 1 more 6 Linux Kernel, Active Iq Performance Analytics Services, Service Processor and 3 more 2019-10-10 4.7
A backporting error was discovered in the Linux stable/longterm kernel 4.4.x through 4.4.190, 4.9.x through 4.9.190, 4.14.x through 4.14.141, 4.19.x through 4.19.69, and 5.2.x through 5.2.11. Misuse of the upstream "x86/ptrace: Fix possible...
CVE-2019-7612 2 Netapp, Elastic 2 Active Iq Performance Analytics Services, Logstash 2019-10-09 5.0
A sensitive data disclosure flaw was found in the way Logstash versions before 5.6.15 and 6.6.1 logs malformed URLs. If a malformed URL is specified as part of the Logstash configuration, the credentials for the URL could be inadvertently logged...
CVE-2018-5737 2 Isc, Netapp 3 Bind, Cloud Backup, Data Ontap Edge 2019-10-09 5.0
A problem with the implementation of the new serve-stale feature in BIND 9.12 can lead to an assertion failure in rbtdb.c, even when stale-answer-enable is off. Additionally, problematic interaction between the serve-stale feature and NSEC...
CVE-2018-5734 2 Isc, Netapp 3 Bind, Data Ontap Edge, Solidfire Element Os Management Node 2019-10-09 5.0
While handling a particular type of malformed packet BIND erroneously selects a SERVFAIL rcode instead of a FORMERR rcode. If the receiving view has the SERVFAIL cache feature enabled, this can trigger an assertion failure in badcache.c when the...
CVE-2018-12538 2 Eclipse, Netapp 10 Jetty, E-series Santricity Management Plug-ins, E-series Santricity Web Services Proxy and 7 more 2019-10-09 6.5
In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access/hijack other HttpSessions and even delete...
CVE-2018-10933 6 Libssh, Canonical, Debian and 3 more 8 Libssh, Ubuntu Linux, Debian Linux and 5 more 2019-10-09 6.4
A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access.
CVE-2017-3145 4 Isc, Netapp, Debian and 1 more 9 Bind, Data Ontap Edge, Debian Linux and 6 more 2019-10-09 5.0
BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named. Affects BIND 9.0.0 to 9.8.x, 9.9.0 to 9.9.11, 9.10.0...
CVE-2017-3140 2 Isc, Netapp 4 Bind, Data Ontap Edge, Element Software and 1 more 2019-10-09 4.3
If named is configured to use Response Policy Zones (RPZ) an error processing some rule types can lead to a condition where BIND will endlessly loop while handling a query. Affects BIND 9.9.10, 9.10.5, 9.11.0->9.11.1, 9.9.10-S1, 9.10.5-S1.
CVE-2017-3137 4 Isc, Netapp, Debian and 1 more 11 Bind, Data Ontap Edge, Element Software and 8 more 2019-10-09 5.0
Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could lead to a situation in which named would exit with an assertion failure when processing a response in which...
CVE-2017-3136 4 Isc, Netapp, Debian and 1 more 11 Bind, Data Ontap Edge, Element Software and 8 more 2019-10-09 4.3
A query with a specific set of characteristics could cause a server using DNS64 to encounter an assertion failure and terminate. An attacker could deliberately construct a query, enabling denial-of-service against a server if it was configured to...
CVE-2017-3135 4 Isc, Netapp, Debian and 1 more 10 Bind, Data Ontap Edge, Element Software Management Node and 7 more 2019-10-09 4.3
Under some conditions when using both DNS64 and RPZ to rewrite query responses, query processing can resume in an inconsistent state leading to either an INSIST assertion failure or an attempt to read through a NULL pointer. Affects BIND 9.8.8,...
CVE-2016-9778 2 Isc, Netapp 3 Bind, Data Ontap Edge, Solidfire Element Os Management Node 2019-10-09 4.3
An error in handling certain queries can cause an assertion failure when a server is using the nxdomain-redirect feature to cover a zone for which it is also providing authoritative service. A vulnerable server could be intentionally stopped by...
CVE-2018-2810 3 Oracle, Canonical, Netapp 6 Mysql, Ubuntu Linux, Oncommand Insight and 3 more 2019-10-03 4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple...
CVE-2017-15519 1 Netapp 1 Snapcenter Server 2019-10-03 6.4
Versions of SnapCenter 2.0 through 3.0.1 allow unauthenticated remote attackers to view and modify backup related data via the Plug-in for NAS File Services. All users are urged to move to version 3.0.1 and perform the mitigation steps or upgrade...
CVE-2018-10546 4 Php, Canonical, Netapp and 1 more 4 Php, Ubuntu Linux, Storage Automation Store and 1 more 2019-10-03 5.0
An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. An infinite loop exists in ext/iconv/iconv.c because the iconv stream filter does not reject invalid multibyte sequences.
CVE-2018-2846 3 Oracle, Canonical, Netapp 6 Mysql, Ubuntu Linux, Oncommand Insight and 3 more 2019-10-03 4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network...
CVE-2018-2812 3 Oracle, Canonical, Netapp 6 Mysql, Ubuntu Linux, Oncommand Insight and 3 more 2019-10-03 5.5
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via...
CVE-2018-3693 6 Arm, Intel, Netapp and 3 more 37 Cortex-a, Cortex-r, Atom C and 34 more 2019-10-03 4.7
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis.
CVE-2018-3056 3 Oracle, Netapp, Canonical 6 Mysql, Oncommand Insight, Oncommand Workflow Automation and 3 more 2019-10-03 4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows low privileged...
CVE-2018-2826 3 Oracle, Netapp, Canonical 13 Jdk, Jre, Cloud Backup and 10 more 2019-10-03 5.1
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). The supported version that is affected is Java SE: 10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...