CVE |
Vendors |
Products |
Updated |
CVSS |
CVE-2019-5507 |
1 Netapp |
1 Snapmanager |
2019-10-15 |
2.1 |
SnapManager for Oracle prior to version 3.4.2P1 are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information. |
CVE-2019-15902 |
4 Linux, Netapp, Debian and 1 more |
6 Linux Kernel, Active Iq Performance Analytics Services, Service Processor and 3 more |
2019-10-10 |
4.7 |
A backporting error was discovered in the Linux stable/longterm kernel 4.4.x through 4.4.190, 4.9.x through 4.9.190, 4.14.x through 4.14.141, 4.19.x through 4.19.69, and 5.2.x through 5.2.11. Misuse of the upstream "x86/ptrace: Fix possible... |
CVE-2019-7612 |
2 Netapp, Elastic |
2 Active Iq Performance Analytics Services, Logstash |
2019-10-09 |
5.0 |
A sensitive data disclosure flaw was found in the way Logstash versions before 5.6.15 and 6.6.1 logs malformed URLs. If a malformed URL is specified as part of the Logstash configuration, the credentials for the URL could be inadvertently logged... |
CVE-2018-5737 |
2 Isc, Netapp |
3 Bind, Cloud Backup, Data Ontap Edge |
2019-10-09 |
5.0 |
A problem with the implementation of the new serve-stale feature in BIND 9.12 can lead to an assertion failure in rbtdb.c, even when stale-answer-enable is off. Additionally, problematic interaction between the serve-stale feature and NSEC... |
CVE-2018-5734 |
2 Isc, Netapp |
3 Bind, Data Ontap Edge, Solidfire Element Os Management Node |
2019-10-09 |
5.0 |
While handling a particular type of malformed packet BIND erroneously selects a SERVFAIL rcode instead of a FORMERR rcode. If the receiving view has the SERVFAIL cache feature enabled, this can trigger an assertion failure in badcache.c when the... |
CVE-2018-1842 |
2 Ibm, Netapp |
2 Cognos Analytics, Oncommand Insight |
2019-10-09 |
3.3 |
IBM Cognos Analytics 11 Configuration tool, under certain circumstances, will bypass OIDC namespace signature verification on its id_token. IBM X-Force ID: 150902. |
CVE-2018-12538 |
2 Eclipse, Netapp |
10 Jetty, E-series Santricity Management Plug-ins, E-series Santricity Web Services Proxy and 7 more |
2019-10-09 |
6.5 |
In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access/hijack other HttpSessions and even delete... |
CVE-2018-10933 |
6 Libssh, Canonical, Debian and 3 more |
8 Libssh, Ubuntu Linux, Debian Linux and 5 more |
2019-10-09 |
6.4 |
A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access. |
CVE-2017-3145 |
4 Isc, Netapp, Debian and 1 more |
9 Bind, Data Ontap Edge, Debian Linux and 6 more |
2019-10-09 |
5.0 |
BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named. Affects BIND 9.0.0 to 9.8.x, 9.9.0 to 9.9.11, 9.10.0... |
CVE-2017-3140 |
2 Isc, Netapp |
4 Bind, Data Ontap Edge, Element Software and 1 more |
2019-10-09 |
4.3 |
If named is configured to use Response Policy Zones (RPZ) an error processing some rule types can lead to a condition where BIND will endlessly loop while handling a query. Affects BIND 9.9.10, 9.10.5, 9.11.0->9.11.1, 9.9.10-S1, 9.10.5-S1. |
CVE-2017-3138 |
3 Isc, Netapp, Debian |
5 Bind, Data Ontap Edge, Element Software and 2 more |
2019-10-09 |
3.5 |
named contains a feature which allows operators to issue commands to a running server by communicating with the server process over a control channel, using a utility program such as rndc. A regression introduced in a recent feature change has... |
CVE-2017-3137 |
4 Isc, Netapp, Debian and 1 more |
11 Bind, Data Ontap Edge, Element Software and 8 more |
2019-10-09 |
5.0 |
Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could lead to a situation in which named would exit with an assertion failure when processing a response in which... |
CVE-2017-3136 |
4 Isc, Netapp, Debian and 1 more |
11 Bind, Data Ontap Edge, Element Software and 8 more |
2019-10-09 |
4.3 |
A query with a specific set of characteristics could cause a server using DNS64 to encounter an assertion failure and terminate. An attacker could deliberately construct a query, enabling denial-of-service against a server if it was configured to... |
CVE-2017-3135 |
4 Isc, Netapp, Debian and 1 more |
10 Bind, Data Ontap Edge, Element Software Management Node and 7 more |
2019-10-09 |
4.3 |
Under some conditions when using both DNS64 and RPZ to rewrite query responses, query processing can resume in an inconsistent state leading to either an INSIST assertion failure or an attempt to read through a NULL pointer. Affects BIND 9.8.8,... |
CVE-2016-9778 |
2 Isc, Netapp |
3 Bind, Data Ontap Edge, Solidfire Element Os Management Node |
2019-10-09 |
4.3 |
An error in handling certain queries can cause an assertion failure when a server is using the nxdomain-redirect feature to cover a zone for which it is also providing authoritative service. A vulnerable server could be intentionally stopped by... |
CVE-2016-8612 |
3 Apache, Redhat, Netapp |
3 Http Server, Enterprise Linux, Storage Automation Store |
2019-10-09 |
3.3 |
Apache HTTP Server mod_cluster before version httpd 2.4.23 is vulnerable to an Improper Input Validation in the protocol parsing logic in the load balancer resulting in a Segmentation Fault in the serving httpd process. |
CVE-2019-14379 |
3 Fasterxml, Netapp, Debian |
4 Jackson-databind, Oncommand Workflow Automation, Snapcenter and 1 more |
2019-10-06 |
7.5 |
SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution. |
CVE-2018-3082 |
2 Oracle, Netapp |
5 Mysql, Oncommand Insight, Oncommand Workflow Automation and 2 more |
2019-10-03 |
4.0 |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple... |
CVE-2018-3079 |
2 Oracle, Netapp |
5 Mysql, Oncommand Insight, Oncommand Workflow Automation and 2 more |
2019-10-03 |
4.0 |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple... |
CVE-2017-12422 |
1 Netapp |
1 Storagegrid Webscale |
2019-10-03 |
4.0 |
NetApp StorageGRID Webscale 10.2.x before 10.2.2.3, 10.3.x before 10.3.0.4, and 10.4.x before 10.4.0.2 allow remote authenticated users to delete arbitrary objects via unspecified vectors. |