| CVE |
Vendors |
Products |
Updated |
CVSS |
| CVE-2019-2422 |
4 Oracle, Netapp, Canonical and 1 more |
12 Jdk, Jre, Oncommand Unified Manager and 9 more |
2019-03-25 |
4.3 |
| Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to exploit vulnerability allows unauthenticated... |
| CVE-2018-11212 |
6 Ijg, Netapp, Oracle and 3 more |
11 Libjpeg, Oncommand Unified Manager, Oncommand Workflow Automation and 8 more |
2019-03-25 |
4.3 |
| An issue was discovered in libjpeg 9a. The alloc_sarray function in jmemmgr.c allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted file. |
| CVE-2018-16890 |
4 Haxx, Canonical, Debian and 1 more |
4 Libcurl, Ubuntu Linux, Debian Linux and 1 more |
2019-03-25 |
5.0 |
| libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is... |
| CVE-2018-16597 |
2 Linux, Netapp |
3 Linux Kernel, Active Iq Performance Analytics Services, Element Software |
2019-03-25 |
4.9 |
| An issue was discovered in the Linux kernel before 4.8. Incorrect access checking in overlayfs mounts could be used by local attackers to modify or truncate files in the underlying filesystem. |
| CVE-2018-3060 |
3 Oracle, Netapp, Canonical |
6 Mysql, Oncommand Insight, Oncommand Workflow Automation and 3 more |
2019-03-25 |
5.5 |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network... |
| CVE-2018-3061 |
3 Oracle, Netapp, Canonical |
6 Mysql, Oncommand Insight, Oncommand Workflow Automation and 3 more |
2019-03-25 |
4.0 |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple... |
| CVE-2018-3056 |
3 Oracle, Netapp, Canonical |
6 Mysql, Oncommand Insight, Oncommand Workflow Automation and 3 more |
2019-03-25 |
4.0 |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows low privileged... |
| CVE-2009-5155 |
2 Gnu, Netapp |
4 Glibc, Cloud Backup, Ontap Select Deploy Administration Utility and 1 more |
2019-03-25 |
5.0 |
| In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by... |
| CVE-2019-6109 |
5 Openbsd, Winscp, Netapp and 2 more |
7 Openssh, Winscp, Element Software and 4 more |
2019-03-25 |
4.0 |
| An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control... |
| CVE-2018-20685 |
5 Openbsd, Netapp, Winscp and 2 more |
9 Openssh, Cloud Backup, Element Software and 6 more |
2019-03-25 |
2.6 |
| In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. |
| CVE-2018-8014 |
4 Apache, Canonical, Netapp and 1 more |
7 Tomcat, Ubuntu Linux, Oncommand Insight and 4 more |
2019-03-25 |
7.5 |
| The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable 'supportsCredentials' for all origins. It is expected that users of the CORS... |
| CVE-2018-11784 |
5 Apache, Netapp, Canonical and 2 more |
10 Tomcat, Snap Creator Framework, Ubuntu Linux and 7 more |
2019-03-25 |
4.3 |
| When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to... |
| CVE-2018-17189 |
2 Apache, Netapp |
2 Http Server, Santricity Cloud Connector |
2019-03-23 |
5.0 |
| In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2... |
| CVE-2018-3077 |
3 Oracle, Netapp, Canonical |
6 Mysql, Oncommand Insight, Oncommand Workflow Automation and 3 more |
2019-03-21 |
4.0 |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network... |
| CVE-2018-3081 |
4 Oracle, Netapp, Canonical and 1 more |
7 Mysql, Oncommand Insight, Oncommand Workflow Automation and 4 more |
2019-03-21 |
4.9 |
| Vulnerability in the MySQL Client component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior, 5.7.22 and prior and 8.0.11 and prior. Difficult to exploit vulnerability... |
| CVE-2018-18607 |
3 Gnu, Debian, Netapp |
3 Binutils, Debian Linux, Data Ontap |
2019-03-21 |
4.3 |
| An issue was discovered in elf_link_input_bfd in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in elf_link_input_bfd when used for finding STT_TLS... |
| CVE-2018-18605 |
3 Gnu, Debian, Netapp |
3 Binutils, Debian Linux, Data Ontap |
2019-03-21 |
4.3 |
| A heap-based buffer over-read issue was discovered in the function sec_merge_hash_lookup in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, because _bfd_add_merge_section mishandles section... |
| CVE-2018-18606 |
3 Gnu, Debian, Netapp |
3 Binutils, Debian Linux, Data Ontap |
2019-03-21 |
4.3 |
| An issue was discovered in the merge_strings function in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in _bfd_add_merge_section when attempting to merge... |
| CVE-2019-5489 |
2 Linux, Netapp |
3 Linux Kernel, Active Iq Performance Analytics Services, Element Software Management Node |
2019-03-21 |
2.1 |
| The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing... |
| CVE-2018-3133 |
4 Oracle, Netapp, Canonical and 1 more |
7 Mysql, Oncommand Insight, Oncommand Workflow Automation and 4 more |
2019-03-21 |
4.0 |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability... |
