Vulnerabilities (CVE)

Vendor filter

Netapp Subscribe

Product filter

Data Ontap Subscribe

Filter

280 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-16597 3 Linux, Netapp, Opensuse 4 Linux Kernel, Active Iq Performance Analytics Services, Element Software and 1 more 2019-07-22 4.9
An issue was discovered in the Linux kernel before 4.8. Incorrect access checking in overlayfs mounts could be used by local attackers to modify or truncate files in the underlying filesystem.
CVE-2019-3822 6 Haxx, Canonical, Debian and 3 more 8 Libcurl, Ubuntu Linux, Debian Linux and 5 more 2019-07-19 7.5
libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (`lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()`), generates the request HTTP header...
CVE-2018-18311 7 Perl, Canonical, Debian and 4 more 17 Perl, Ubuntu Linux, Debian Linux and 14 more 2019-07-16 7.5
Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
CVE-2019-5497 1 Netapp 1 Clustered Data Ontap 2019-07-03 7.5
NetApp AFF A700s Baseboard Management Controller (BMC) firmware versions 1.22 and higher were shipped with a default account enabled that could allow unauthorized arbitrary command execution.
CVE-2018-1002105 3 Kubernetes, Redhat, Netapp 3 Kubernetes, Openshift Container Platform, Trident 2019-06-28 7.5
In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API...
CVE-2016-10708 4 Openbsd, Debian, Netapp and 1 more 11 Openssh, Debian Linux, Cloud Backup and 8 more 2019-06-26 5.0
sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c.
CVE-2018-6445 2 Brocade, Netapp 2 Network Advisor, Brocade Network Advisor 2019-06-19 5.0
A Vulnerability in Brocade Network Advisor versions before 14.0.3 could allow a remote unauthenticated attacker to export the current user database which includes the encrypted (not hashed) password of the systems. The attacker could gain access...
CVE-2018-6444 2 Brocade, Netapp 2 Network Advisor, Brocade Network Advisor 2019-06-19 10.0
A Vulnerability in Brocade Network Advisor versions before 14.1.0 could allow a remote unauthenticated attacker to execute arbitray code. The vulnerability could also be exploited to execute arbitrary OS Commands.
CVE-2019-9948 3 Python, Netapp, Opensuse 3 Python, Active Iq Performance Analytics Services, Leap 2019-06-19 6.4
urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.
CVE-2017-5645 4 Apache, Netapp, Oracle and 1 more 59 Log4j, Oncommand Api Services, Oncommand Insight and 56 more 2019-06-19 7.5
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.
CVE-2019-9641 5 Php, Debian, Canonical and 2 more 5 Php, Debian Linux, Ubuntu Linux and 2 more 2019-06-18 7.5
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_TIFF.
CVE-2019-9024 5 Php, Debian, Canonical and 2 more 5 Php, Debian Linux, Ubuntu Linux and 2 more 2019-06-18 5.0
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. xmlrpc_decode() can allow a hostile XMLRPC server to cause PHP to read memory outside of allocated areas in base64_decode_xmlrpc in...
CVE-2019-9023 5 Php, Debian, Canonical and 2 more 5 Php, Debian Linux, Ubuntu Linux and 2 more 2019-06-18 7.5
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid...
CVE-2019-9022 4 Php, Debian, Canonical and 1 more 4 Php, Debian Linux, Ubuntu Linux and 1 more 2019-06-18 5.0
An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.2. dns_get_record misparses a DNS response, which can allow a hostile DNS server to cause PHP to misuse memcpy, leading to read operations going past the...
CVE-2019-9021 5 Php, Debian, Canonical and 2 more 5 Php, Debian Linux, Ubuntu Linux and 2 more 2019-06-18 7.5
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A heap-based buffer over-read in PHAR reading functions in the PHAR extension may allow an attacker to read allocated or unallocated...
CVE-2019-9020 5 Php, Debian, Canonical and 2 more 5 Php, Debian Linux, Ubuntu Linux and 2 more 2019-06-18 7.5
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Invalid input to the function xmlrpc_decode() can lead to an invalid memory access (heap out of bounds read or read after free). This is...
CVE-2019-9946 2 Kubernetes, Netapp 2 Kubernetes, Cloud Insights 2019-06-15 5.0
Cloud Native Computing Foundation (CNCF) CNI (Container Networking Interface) 0.7.4 has a network firewall misconfiguration which affects Kubernetes. The CNI 'portmap' plugin, used to setup HostPorts for CNI, inserts rules at the front of the...
CVE-2019-9162 2 Linux, Netapp 2 Linux Kernel, Element Software Management 2019-06-15 4.6
In the Linux kernel before 4.20.12, net/ipv4/netfilter/nf_nat_snmp_basic_main.c in the SNMP NAT module has insufficient ASN.1 length checks (aka an array index error), making out-of-bounds read and write operations possible, leading to an OOPS or...
CVE-2019-7221 7 Fedoraproject, Linux, Opensuse and 4 more 16 Fedora, Linux Kernel, Leap and 13 more 2019-06-15 4.6
The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free.
CVE-2018-11784 6 Apache, Netapp, Canonical and 3 more 15 Tomcat, Snap Creator Framework, Ubuntu Linux and 12 more 2019-06-11 4.3
When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to...