Vulnerabilities (CVE)

Vendor filter

Netapp Subscribe

Filter

290 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-5503 1 Netapp 1 Oncommand Workflow Automation 2019-09-11 5.0
OnCommand Workflow Automation versions prior to 5.0 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors.
CVE-2018-18314 5 Perl, Canonical, Debian and 2 more 7 Perl, Ubuntu Linux, Debian Linux and 4 more 2019-09-06 7.5
Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
CVE-2018-18313 6 Perl, Canonical, Debian and 3 more 8 Perl, Ubuntu Linux, Debian Linux and 5 more 2019-09-06 6.4
Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory.
CVE-2018-18312 5 Perl, Canonical, Debian and 2 more 7 Perl, Ubuntu Linux, Debian Linux and 4 more 2019-09-06 7.5
Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
CVE-2018-19985 3 Debian, Linux, Netapp 4 Debian Linux, Linux Kernel, Active Iq Performance Analytics Services and 1 more 2019-09-03 2.1
The function hso_get_config_data in drivers/net/usb/hso.c in the Linux kernel through 4.19.8 reads if_num from the USB device (as a u8) and uses it to index a small array, resulting in an object out-of-bounds (OOB) read that potentially allows...
CVE-2018-1000656 2 Netapp, Palletsprojects 4 Active Iq, Hyper Converged Infrastructure, Ontap Select Deploy Utility and 1 more 2019-08-25 5.0
The Pallets Project flask version Before 0.12.3 contains a CWE-20: Improper Input Validation vulnerability in flask that can result in Large amount of memory usage possibly leading to denial of service. This attack appear to be exploitable via...
CVE-2019-14379 3 Fasterxml, Netapp, Debian 4 Jackson-databind, Oncommand Workflow Automation, Snapcenter and 1 more 2019-08-22 7.5
SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used, leading to remote code execution.
CVE-2017-7657 3 Eclipse, Debian, Netapp 10 Jetty, Debian Linux, E-series Santricity Management and 7 more 2019-08-21 7.5
In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer...
CVE-2018-17082 3 Php, Debian, Netapp 3 Php, Debian Linux, Storage Automation Store 2019-08-19 4.3
The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a "Transfer-Encoding: chunked" request, because the bucket brigade is mishandled in the php_handler function...
CVE-2018-14884 2 Php, Netapp 2 Php, Storage Automation Store 2019-08-19 5.0
An issue was discovered in PHP 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. Inappropriately parsing an HTTP response leads to a segmentation fault because http_header_value in ext/standard/http_fopen_wrapper.c can be a NULL...
CVE-2018-14851 4 Php, Canonical, Debian and 1 more 4 Php, Ubuntu Linux, Debian Linux and 1 more 2019-08-19 4.3
exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted...
CVE-2018-10549 4 Php, Canonical, Netapp and 1 more 4 Php, Ubuntu Linux, Storage Automation Store and 1 more 2019-08-19 6.8
An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. exif_read_data in ext/exif/exif.c has an out-of-bounds read for crafted JPEG data because exif_iif_add_value mishandles the case of a...
CVE-2018-10548 4 Php, Canonical, Debian and 1 more 4 Php, Ubuntu Linux, Debian Linux and 1 more 2019-08-19 5.0
An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. ext/ldap/ldap.c allows remote LDAP servers to cause a denial of service (NULL pointer dereference and application crash) because of...
CVE-2018-10547 4 Php, Canonical, Debian and 1 more 4 Php, Ubuntu Linux, Debian Linux and 1 more 2019-08-19 4.3
An issue was discovered in ext/phar/phar_object.c in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. There is Reflected XSS on the PHAR 403 and 404 error pages via request data of a request for a .phar file....
CVE-2018-10546 4 Php, Canonical, Netapp and 1 more 4 Php, Ubuntu Linux, Storage Automation Store and 1 more 2019-08-19 5.0
An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. An infinite loop exists in ext/iconv/iconv.c because the iconv stream filter does not reject invalid multibyte sequences.
CVE-2018-10545 4 Php, Canonical, Debian and 1 more 4 Php, Ubuntu Linux, Debian Linux and 1 more 2019-08-19 1.9
An issue was discovered in PHP before 5.6.35, 7.0.x before 7.0.29, 7.1.x before 7.1.16, and 7.2.x before 7.2.4. Dumpable FPM child processes allow bypassing opcache access controls because fpm_unix.c makes a PR_SET_DUMPABLE prctl call, allowing...
CVE-2017-9120 2 Php, Netapp 2 Php, Storage Automation Store 2019-08-19 7.5
PHP 7.x through 7.1.5 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a long string because of an Integer overflow in mysqli_real_escape_string.
CVE-2017-9118 2 Php, Netapp 2 Php, Storage Automation Store 2019-08-19 5.0
PHP 7.1.5 has an Out of bounds access in php_pcre_replace_impl via a crafted preg_replace call.
CVE-2017-16642 4 Php, Netapp, Canonical and 1 more 5 Php, Storage Automation Store, Ubuntu Linux and 2 more 2019-08-19 5.0
In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension's timelib_meridian handling of 'front of' and 'back of' directives could be used by attackers able to supply date strings to leak information from...
CVE-2018-8011 2 Apache, Netapp 2 Http Server, Cloud Backup 2019-08-15 5.0
By specially crafting HTTP requests, the mod_md challenge handler would dereference a NULL pointer and cause the child process to segfault. This could be used to DoS the server. Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.33).