Vulnerabilities (CVE)

Vendor filter

Netapp Subscribe

Filter

206 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-9169 2 Gnu, Netapp 4 Glibc, Cloud Backup, Ontap Select Deploy Administration Utility and 1 more 2019-04-16 7.5
In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.
CVE-2018-8014 4 Apache, Canonical, Netapp and 1 more 7 Tomcat, Ubuntu Linux, Oncommand Insight and 4 more 2019-04-15 7.5
The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable 'supportsCredentials' for all origins. It is expected that users of the CORS...
CVE-2018-11784 5 Apache, Netapp, Canonical and 2 more 10 Tomcat, Snap Creator Framework, Ubuntu Linux and 7 more 2019-04-15 4.3
When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to...
CVE-2019-3863 5 Libssh2, Netapp, Debian and 2 more 10 Libssh2, Ontap Select Deploy Administration Utility, Debian Linux and 7 more 2019-04-15 6.8
A flaw was found in libssh2 before 1.8.1. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out of...
CVE-2019-3862 5 Libssh2, Netapp, Debian and 2 more 5 Libssh2, Ontap Select Deploy Administration Utility, Debian Linux and 2 more 2019-04-15 6.4
An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of...
CVE-2019-3861 4 Libssh2, Netapp, Debian and 1 more 4 Libssh2, Ontap Select Deploy Administration Utility, Debian Linux and 1 more 2019-04-15 6.4
An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH packets with a padding length value greater than the packet length are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of...
CVE-2019-3860 4 Libssh2, Netapp, Debian and 1 more 4 Libssh2, Ontap Select Deploy Administration Utility, Debian Linux and 1 more 2019-04-15 6.4
An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.
CVE-2019-3859 5 Libssh2, Netapp, Debian and 2 more 5 Libssh2, Ontap Select Deploy Administration Utility, Debian Linux and 2 more 2019-04-15 6.4
An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the _libssh2_packet_require and _libssh2_packet_requirev functions. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the...
CVE-2019-3858 5 Libssh2, Netapp, Debian and 2 more 5 Libssh2, Ontap Select Deploy Administration Utility, Debian Linux and 2 more 2019-04-15 6.4
An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.
CVE-2019-3857 5 Libssh2, Netapp, Debian and 2 more 10 Libssh2, Ontap Select Deploy Administration Utility, Debian Linux and 7 more 2019-04-15 6.8
An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to...
CVE-2019-3856 5 Libssh2, Netapp, Debian and 2 more 10 Libssh2, Ontap Select Deploy Administration Utility, Debian Linux and 7 more 2019-04-15 6.8
An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client...
CVE-2019-3855 6 Libssh2, Netapp, Debian and 3 more 11 Libssh2, Ontap Select Deploy Administration Utility, Debian Linux and 8 more 2019-04-15 9.3
An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client...
CVE-2019-6977 5 Libgd, Php, Debian and 2 more 5 Libgd, Php, Debian Linux and 2 more 2019-04-10 6.8
gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow....
CVE-2019-6454 7 Freedesktop, Netapp, Canonical and 4 more 12 Systemd, Active Iq Performance Analytics Services, Ubuntu Linux and 9 more 2019-04-10 4.9
An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can...
CVE-2019-3822 4 Haxx, Canonical, Debian and 1 more 4 Libcurl, Ubuntu Linux, Debian Linux and 1 more 2019-04-09 7.5
libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (`lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()`), generates the request HTTP header...
CVE-2018-16890 4 Haxx, Canonical, Debian and 1 more 4 Libcurl, Ubuntu Linux, Debian Linux and 1 more 2019-04-09 5.0
libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is...
CVE-2019-1559 7 Openssl, Canonical, Debian and 4 more 16 Openssl, Ubuntu Linux, Debian Linux and 13 more 2019-04-08 4.3
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with...
CVE-2018-11212 6 Ijg, Netapp, Oracle and 3 more 11 Libjpeg, Oncommand Unified Manager, Oncommand Workflow Automation and 8 more 2019-03-25 4.3
An issue was discovered in libjpeg 9a. The alloc_sarray function in jmemmgr.c allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted file.
CVE-2018-16597 2 Linux, Netapp 3 Linux Kernel, Active Iq Performance Analytics Services, Element Software 2019-03-25 4.9
An issue was discovered in the Linux kernel before 4.8. Incorrect access checking in overlayfs mounts could be used by local attackers to modify or truncate files in the underlying filesystem.
CVE-2018-3060 3 Oracle, Netapp, Canonical 6 Mysql, Oncommand Insight, Oncommand Workflow Automation and 3 more 2019-03-25 5.5
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network...