Vulnerabilities (CVE)

Vendor filter

Netapp Subscribe

Filter

302 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-5507 1 Netapp 1 Snapmanager 2019-10-15 2.1
SnapManager for Oracle prior to version 3.4.2P1 are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information.
CVE-2019-15902 4 Linux, Netapp, Debian and 1 more 6 Linux Kernel, Active Iq Performance Analytics Services, Service Processor and 3 more 2019-10-10 4.7
A backporting error was discovered in the Linux stable/longterm kernel 4.4.x through 4.4.190, 4.9.x through 4.9.190, 4.14.x through 4.14.141, 4.19.x through 4.19.69, and 5.2.x through 5.2.11. Misuse of the upstream "x86/ptrace: Fix possible...
CVE-2019-7612 2 Netapp, Elastic 2 Active Iq Performance Analytics Services, Logstash 2019-10-09 5.0
A sensitive data disclosure flaw was found in the way Logstash versions before 5.6.15 and 6.6.1 logs malformed URLs. If a malformed URL is specified as part of the Logstash configuration, the credentials for the URL could be inadvertently logged...
CVE-2018-5737 2 Isc, Netapp 3 Bind, Cloud Backup, Data Ontap Edge 2019-10-09 5.0
A problem with the implementation of the new serve-stale feature in BIND 9.12 can lead to an assertion failure in rbtdb.c, even when stale-answer-enable is off. Additionally, problematic interaction between the serve-stale feature and NSEC...
CVE-2018-5734 2 Isc, Netapp 3 Bind, Data Ontap Edge, Solidfire Element Os Management Node 2019-10-09 5.0
While handling a particular type of malformed packet BIND erroneously selects a SERVFAIL rcode instead of a FORMERR rcode. If the receiving view has the SERVFAIL cache feature enabled, this can trigger an assertion failure in badcache.c when the...
CVE-2018-1842 2 Ibm, Netapp 2 Cognos Analytics, Oncommand Insight 2019-10-09 3.3
IBM Cognos Analytics 11 Configuration tool, under certain circumstances, will bypass OIDC namespace signature verification on its id_token. IBM X-Force ID: 150902.
CVE-2018-12538 2 Eclipse, Netapp 10 Jetty, E-series Santricity Management Plug-ins, E-series Santricity Web Services Proxy and 7 more 2019-10-09 6.5
In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access/hijack other HttpSessions and even delete...
CVE-2018-10933 6 Libssh, Canonical, Debian and 3 more 8 Libssh, Ubuntu Linux, Debian Linux and 5 more 2019-10-09 6.4
A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access.
CVE-2017-3145 4 Isc, Netapp, Debian and 1 more 9 Bind, Data Ontap Edge, Debian Linux and 6 more 2019-10-09 5.0
BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named. Affects BIND 9.0.0 to 9.8.x, 9.9.0 to 9.9.11, 9.10.0...
CVE-2017-3140 2 Isc, Netapp 4 Bind, Data Ontap Edge, Element Software and 1 more 2019-10-09 4.3
If named is configured to use Response Policy Zones (RPZ) an error processing some rule types can lead to a condition where BIND will endlessly loop while handling a query. Affects BIND 9.9.10, 9.10.5, 9.11.0->9.11.1, 9.9.10-S1, 9.10.5-S1.
CVE-2017-3138 3 Isc, Netapp, Debian 5 Bind, Data Ontap Edge, Element Software and 2 more 2019-10-09 3.5
named contains a feature which allows operators to issue commands to a running server by communicating with the server process over a control channel, using a utility program such as rndc. A regression introduced in a recent feature change has...
CVE-2017-3137 4 Isc, Netapp, Debian and 1 more 11 Bind, Data Ontap Edge, Element Software and 8 more 2019-10-09 5.0
Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could lead to a situation in which named would exit with an assertion failure when processing a response in which...
CVE-2017-3136 4 Isc, Netapp, Debian and 1 more 11 Bind, Data Ontap Edge, Element Software and 8 more 2019-10-09 4.3
A query with a specific set of characteristics could cause a server using DNS64 to encounter an assertion failure and terminate. An attacker could deliberately construct a query, enabling denial-of-service against a server if it was configured to...
CVE-2017-3135 4 Isc, Netapp, Debian and 1 more 10 Bind, Data Ontap Edge, Element Software Management Node and 7 more 2019-10-09 4.3
Under some conditions when using both DNS64 and RPZ to rewrite query responses, query processing can resume in an inconsistent state leading to either an INSIST assertion failure or an attempt to read through a NULL pointer. Affects BIND 9.8.8,...
CVE-2016-9778 2 Isc, Netapp 3 Bind, Data Ontap Edge, Solidfire Element Os Management Node 2019-10-09 4.3
An error in handling certain queries can cause an assertion failure when a server is using the nxdomain-redirect feature to cover a zone for which it is also providing authoritative service. A vulnerable server could be intentionally stopped by...
CVE-2016-8612 3 Apache, Redhat, Netapp 3 Http Server, Enterprise Linux, Storage Automation Store 2019-10-09 3.3
Apache HTTP Server mod_cluster before version httpd 2.4.23 is vulnerable to an Improper Input Validation in the protocol parsing logic in the load balancer resulting in a Segmentation Fault in the serving httpd process.
CVE-2019-14379 3 Fasterxml, Netapp, Debian 4 Jackson-databind, Oncommand Workflow Automation, Snapcenter and 1 more 2019-10-06 7.5
SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution.
CVE-2018-3082 2 Oracle, Netapp 5 Mysql, Oncommand Insight, Oncommand Workflow Automation and 2 more 2019-10-03 4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple...
CVE-2018-3079 2 Oracle, Netapp 5 Mysql, Oncommand Insight, Oncommand Workflow Automation and 2 more 2019-10-03 4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple...
CVE-2017-12422 1 Netapp 1 Storagegrid Webscale 2019-10-03 4.0
NetApp StorageGRID Webscale 10.2.x before 10.2.2.3, 10.3.x before 10.3.0.4, and 10.4.x before 10.4.0.2 allow remote authenticated users to delete arbitrary objects via unspecified vectors.