Vulnerabilities (CVE)

Vendor filter

Netapp Subscribe

Filter

279 total CVE
CVE Vendors Products Updated CVSS
CVE-2017-16642 4 Php, Netapp, Canonical and 1 more 5 Php, Storage Automation Store, Ubuntu Linux and 2 more 2019-05-01 5.0
In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension's timelib_meridian handling of 'front of' and 'back of' directives could be used by attackers able to supply date strings to leak information from...
CVE-2019-3859 5 Libssh2, Netapp, Debian and 2 more 5 Libssh2, Ontap Select Deploy Administration Utility, Debian Linux and 2 more 2019-05-01 6.4
An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the _libssh2_packet_require and _libssh2_packet_requirev functions. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the...
CVE-2019-5492 1 Netapp 1 Hyper Converged Infrastructure Compute Node 2019-04-30 5.0
Element Plug-in for vCenter Server versions prior to 4.2.3 may disclose sensitive account information to an unauthenticated attacker. NetApp HCI Compute Node versions prior to 1.4P2 bundle affected versions of Element Plug-in for vCenter Server.
CVE-2019-9023 5 Php, Debian, Canonical and 2 more 5 Php, Debian Linux, Ubuntu Linux and 2 more 2019-04-30 7.5
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid...
CVE-2019-9024 5 Php, Debian, Canonical and 2 more 5 Php, Debian Linux, Ubuntu Linux and 2 more 2019-04-30 5.0
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. xmlrpc_decode() can allow a hostile XMLRPC server to cause PHP to read memory outside of allocated areas in base64_decode_xmlrpc in...
CVE-2019-9020 5 Php, Debian, Canonical and 2 more 5 Php, Debian Linux, Ubuntu Linux and 2 more 2019-04-30 7.5
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Invalid input to the function xmlrpc_decode() can lead to an invalid memory access (heap out of bounds read or read after free). This is...
CVE-2019-9021 5 Php, Debian, Canonical and 2 more 5 Php, Debian Linux, Ubuntu Linux and 2 more 2019-04-30 7.5
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A heap-based buffer over-read in PHAR reading functions in the PHAR extension may allow an attacker to read allocated or unallocated...
CVE-2018-1258 3 Pivotal Software, Oracle, Netapp 35 Spring Framework, Application Testing Suite, Communications Diameter Signaling Router and 32 more 2019-04-30 6.5
Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.
CVE-2018-12099 2 Grafana, Netapp 3 Grafana, Active Iq Performance Analytics Services, Storagegrid Webscale Nas Bridge 2019-04-29 4.3
Grafana before 5.2.0-beta1 has XSS vulnerabilities in dashboard links.
CVE-2018-1413 2 Ibm, Netapp 2 Cognos Analytics, Oncommand Insight 2019-04-27 3.5
IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a...
CVE-2018-6444 2 Brocade, Netapp 2 Network Advisor, Brocade Network Advisor 2019-04-26 10.0
A Vulnerability in Brocade Network Advisor versions before 14.1.0 could allow a remote unauthenticated attacker to execute arbitray code. The vulnerability could also be exploited to execute arbitrary OS Commands.
CVE-2018-6445 2 Brocade, Netapp 2 Network Advisor, Brocade Network Advisor 2019-04-26 5.0
A Vulnerability in Brocade Network Advisor versions before 14.0.3 could allow a remote unauthenticated attacker to export the current user database which includes the encrypted (not hashed) password of the systems. The attacker could gain access...
CVE-2018-1000180 5 Bouncycastle, Debian, Netapp and 2 more 18 Fips Java Api, Legion-of-the-bouncy-castle-java-crytography-api, Debian Linux and 15 more 2019-04-26 5.0
Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than...
CVE-2019-6260 2 Aspeedtech, Netapp 3 Ast2400 Firmware, Ast2500 Firmware, Fas%2faff Baseboard Management Controller 2019-04-26 7.5
The ASPEED ast2400 and ast2500 Baseband Management Controller (BMC) hardware and firmware implement Advanced High-performance Bus (AHB) bridges, which allow arbitrary read and write access to the BMC's physical address space from the host (or...
CVE-2018-16890 6 Haxx, Canonical, Debian and 3 more 8 Libcurl, Ubuntu Linux, Debian Linux and 5 more 2019-04-26 5.0
libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is...
CVE-2019-3822 6 Haxx, Canonical, Debian and 3 more 8 Libcurl, Ubuntu Linux, Debian Linux and 5 more 2019-04-26 7.5
libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (`lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()`), generates the request HTTP header...
CVE-2019-3823 5 Haxx, Canonical, Debian and 2 more 7 Libcurl, Ubuntu Linux, Debian Linux and 4 more 2019-04-26 5.0
libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to `smtp_endofresp()` isn't NUL terminated and contains no character ending the...
CVE-2019-9022 4 Php, Debian, Canonical and 1 more 4 Php, Debian Linux, Ubuntu Linux and 1 more 2019-04-26 5.0
An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.2. dns_get_record misparses a DNS response, which can allow a hostile DNS server to cause PHP to misuse memcpy, leading to read operations going past the...
CVE-2019-9894 5 Putty, Fedoraproject, Netapp and 2 more 5 Putty, Fedora, Oncommand Unified Manager and 2 more 2019-04-26 6.4
A remotely triggerable memory overwrite in RSA key exchange in PuTTY before 0.71 can occur before host key verification.
CVE-2019-9897 5 Putty, Fedoraproject, Netapp and 2 more 5 Putty, Fedora, Oncommand Unified Manager and 2 more 2019-04-26 5.0
Multiple denial-of-service attacks that can be triggered by writing to the terminal exist in PuTTY versions before 0.71.