| CVE |
Vendors |
Products |
Updated |
CVSS |
| CVE-2019-5503 |
1 Netapp |
1 Oncommand Workflow Automation |
2019-09-11 |
5.0 |
| OnCommand Workflow Automation versions prior to 5.0 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors. |
| CVE-2018-18314 |
5 Perl, Canonical, Debian and 2 more |
7 Perl, Ubuntu Linux, Debian Linux and 4 more |
2019-09-06 |
7.5 |
| Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations. |
| CVE-2018-18313 |
6 Perl, Canonical, Debian and 3 more |
8 Perl, Ubuntu Linux, Debian Linux and 5 more |
2019-09-06 |
6.4 |
| Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory. |
| CVE-2018-18312 |
5 Perl, Canonical, Debian and 2 more |
7 Perl, Ubuntu Linux, Debian Linux and 4 more |
2019-09-06 |
7.5 |
| Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations. |
| CVE-2018-19985 |
3 Debian, Linux, Netapp |
4 Debian Linux, Linux Kernel, Active Iq Performance Analytics Services and 1 more |
2019-09-03 |
2.1 |
| The function hso_get_config_data in drivers/net/usb/hso.c in the Linux kernel through 4.19.8 reads if_num from the USB device (as a u8) and uses it to index a small array, resulting in an object out-of-bounds (OOB) read that potentially allows... |
| CVE-2018-1000656 |
2 Netapp, Palletsprojects |
4 Active Iq, Hyper Converged Infrastructure, Ontap Select Deploy Utility and 1 more |
2019-08-25 |
5.0 |
| The Pallets Project flask version Before 0.12.3 contains a CWE-20: Improper Input Validation vulnerability in flask that can result in Large amount of memory usage possibly leading to denial of service. This attack appear to be exploitable via... |
| CVE-2019-14379 |
3 Fasterxml, Netapp, Debian |
4 Jackson-databind, Oncommand Workflow Automation, Snapcenter and 1 more |
2019-08-22 |
7.5 |
| SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used, leading to remote code execution. |
| CVE-2017-7657 |
3 Eclipse, Debian, Netapp |
10 Jetty, Debian Linux, E-series Santricity Management and 7 more |
2019-08-21 |
7.5 |
| In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer... |
| CVE-2018-17082 |
3 Php, Debian, Netapp |
3 Php, Debian Linux, Storage Automation Store |
2019-08-19 |
4.3 |
| The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a "Transfer-Encoding: chunked" request, because the bucket brigade is mishandled in the php_handler function... |
| CVE-2018-14884 |
2 Php, Netapp |
2 Php, Storage Automation Store |
2019-08-19 |
5.0 |
| An issue was discovered in PHP 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. Inappropriately parsing an HTTP response leads to a segmentation fault because http_header_value in ext/standard/http_fopen_wrapper.c can be a NULL... |
| CVE-2018-14851 |
4 Php, Canonical, Debian and 1 more |
4 Php, Ubuntu Linux, Debian Linux and 1 more |
2019-08-19 |
4.3 |
| exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted... |
| CVE-2018-10549 |
4 Php, Canonical, Netapp and 1 more |
4 Php, Ubuntu Linux, Storage Automation Store and 1 more |
2019-08-19 |
6.8 |
| An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. exif_read_data in ext/exif/exif.c has an out-of-bounds read for crafted JPEG data because exif_iif_add_value mishandles the case of a... |
| CVE-2018-10548 |
4 Php, Canonical, Debian and 1 more |
4 Php, Ubuntu Linux, Debian Linux and 1 more |
2019-08-19 |
5.0 |
| An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. ext/ldap/ldap.c allows remote LDAP servers to cause a denial of service (NULL pointer dereference and application crash) because of... |
| CVE-2018-10547 |
4 Php, Canonical, Debian and 1 more |
4 Php, Ubuntu Linux, Debian Linux and 1 more |
2019-08-19 |
4.3 |
| An issue was discovered in ext/phar/phar_object.c in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. There is Reflected XSS on the PHAR 403 and 404 error pages via request data of a request for a .phar file.... |
| CVE-2018-10546 |
4 Php, Canonical, Netapp and 1 more |
4 Php, Ubuntu Linux, Storage Automation Store and 1 more |
2019-08-19 |
5.0 |
| An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. An infinite loop exists in ext/iconv/iconv.c because the iconv stream filter does not reject invalid multibyte sequences. |
| CVE-2018-10545 |
4 Php, Canonical, Debian and 1 more |
4 Php, Ubuntu Linux, Debian Linux and 1 more |
2019-08-19 |
1.9 |
| An issue was discovered in PHP before 5.6.35, 7.0.x before 7.0.29, 7.1.x before 7.1.16, and 7.2.x before 7.2.4. Dumpable FPM child processes allow bypassing opcache access controls because fpm_unix.c makes a PR_SET_DUMPABLE prctl call, allowing... |
| CVE-2017-9120 |
2 Php, Netapp |
2 Php, Storage Automation Store |
2019-08-19 |
7.5 |
| PHP 7.x through 7.1.5 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a long string because of an Integer overflow in mysqli_real_escape_string. |
| CVE-2017-9118 |
2 Php, Netapp |
2 Php, Storage Automation Store |
2019-08-19 |
5.0 |
| PHP 7.1.5 has an Out of bounds access in php_pcre_replace_impl via a crafted preg_replace call. |
| CVE-2017-16642 |
4 Php, Netapp, Canonical and 1 more |
5 Php, Storage Automation Store, Ubuntu Linux and 2 more |
2019-08-19 |
5.0 |
| In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension's timelib_meridian handling of 'front of' and 'back of' directives could be used by attackers able to supply date strings to leak information from... |
| CVE-2018-8011 |
2 Apache, Netapp |
2 Http Server, Cloud Backup |
2019-08-15 |
5.0 |
| By specially crafting HTTP requests, the mod_md challenge handler would dereference a NULL pointer and cause the child process to segfault. This could be used to DoS the server. Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.33). |
