| CVE |
Vendors |
Products |
Updated |
CVSS |
| CVE-2019-3823 |
5 Haxx, Canonical, Debian and 2 more |
7 Libcurl, Ubuntu Linux, Debian Linux and 4 more |
2019-07-23 |
5.0 |
| libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to `smtp_endofresp()` isn't NUL terminated and contains no character ending the... |
| CVE-2019-0222 |
2 Apache, Netapp |
2 Activemq, E-series Santricity Web Services |
2019-07-23 |
5.0 |
| In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive. |
| CVE-2019-0192 |
2 Apache, Netapp |
2 Solr, Storage Automation Store |
2019-07-23 |
7.5 |
| In Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5, the Config API allows to configure the JMX server via an HTTP POST request. By pointing it to a malicious RMI server, an attacker could take advantage of Solr's unsafe deserialization to... |
| CVE-2019-0190 |
4 Apache, Netapp, Openssl and 1 more |
4 Http Server, Santricity Cloud Connector, Openssl and 1 more |
2019-07-23 |
5.0 |
| A bug exists in the way mod_ssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause mod_ssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP... |
| CVE-2018-1258 |
3 Pivotal Software, Oracle, Netapp |
35 Spring Framework, Application Testing Suite, Communications Diameter Signaling Router and 32 more |
2019-07-23 |
6.5 |
| Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted. |
| CVE-2018-17199 |
5 Apache, Netapp, Debian and 2 more |
6 Http Server, Santricity Cloud Connector, Debian Linux and 3 more |
2019-07-23 |
5.0 |
| In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the... |
| CVE-2018-17189 |
5 Apache, Netapp, Debian and 2 more |
6 Http Server, Santricity Cloud Connector, Storage Automation Store and 3 more |
2019-07-23 |
5.0 |
| In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2... |
| CVE-2018-16890 |
6 Haxx, Canonical, Debian and 3 more |
8 Libcurl, Ubuntu Linux, Debian Linux and 5 more |
2019-07-23 |
5.0 |
| libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is... |
| CVE-2018-1000180 |
5 Bouncycastle, Debian, Netapp and 2 more |
18 Fips Java Api, Legion-of-the-bouncy-castle-java-crytography-api, Debian Linux and 15 more |
2019-07-23 |
5.0 |
| Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than... |
| CVE-2018-0735 |
6 Netapp, Openssl, Canonical and 3 more |
22 Cloud Backup, Oncommand Unified Manager, Santricity Smi-s Provider and 19 more |
2019-07-23 |
4.3 |
| The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in... |
| CVE-2016-8610 |
4 Openssl, Netapp, Redhat and 1 more |
25 Openssl, Clustered Data Ontap Antivirus Connector, Data Ontap and 22 more |
2019-07-23 |
5.0 |
| A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL... |
| CVE-2018-16597 |
3 Linux, Netapp, Opensuse |
4 Linux Kernel, Active Iq Performance Analytics Services, Element Software and 1 more |
2019-07-22 |
4.9 |
| An issue was discovered in the Linux kernel before 4.8. Incorrect access checking in overlayfs mounts could be used by local attackers to modify or truncate files in the underlying filesystem. |
| CVE-2019-3822 |
6 Haxx, Canonical, Debian and 3 more |
8 Libcurl, Ubuntu Linux, Debian Linux and 5 more |
2019-07-19 |
7.5 |
| libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (`lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()`), generates the request HTTP header... |
| CVE-2018-18311 |
7 Perl, Canonical, Debian and 4 more |
17 Perl, Ubuntu Linux, Debian Linux and 14 more |
2019-07-16 |
7.5 |
| Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations. |
| CVE-2019-5497 |
1 Netapp |
1 Clustered Data Ontap |
2019-07-03 |
7.5 |
| NetApp AFF A700s Baseboard Management Controller (BMC) firmware versions 1.22 and higher were shipped with a default account enabled that could allow unauthorized arbitrary command execution. |
| CVE-2018-1002105 |
3 Kubernetes, Redhat, Netapp |
3 Kubernetes, Openshift Container Platform, Trident |
2019-06-28 |
7.5 |
| In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API... |
| CVE-2016-10708 |
4 Openbsd, Debian, Netapp and 1 more |
11 Openssh, Debian Linux, Cloud Backup and 8 more |
2019-06-26 |
5.0 |
| sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c. |
| CVE-2018-6445 |
2 Brocade, Netapp |
2 Network Advisor, Brocade Network Advisor |
2019-06-19 |
5.0 |
| A Vulnerability in Brocade Network Advisor versions before 14.0.3 could allow a remote unauthenticated attacker to export the current user database which includes the encrypted (not hashed) password of the systems. The attacker could gain access... |
| CVE-2018-6444 |
2 Brocade, Netapp |
2 Network Advisor, Brocade Network Advisor |
2019-06-19 |
10.0 |
| A Vulnerability in Brocade Network Advisor versions before 14.1.0 could allow a remote unauthenticated attacker to execute arbitray code. The vulnerability could also be exploited to execute arbitrary OS Commands. |
| CVE-2019-9948 |
3 Python, Netapp, Opensuse |
3 Python, Active Iq Performance Analytics Services, Leap |
2019-06-19 |
6.4 |
| urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call. |
