CVE |
Vendors |
Products |
Updated |
CVSS |
CVE-2018-5737 |
2 Isc, Netapp |
3 Bind, Cloud Backup, Data Ontap Edge |
2019-10-09 |
5.0 |
A problem with the implementation of the new serve-stale feature in BIND 9.12 can lead to an assertion failure in rbtdb.c, even when stale-answer-enable is off. Additionally, problematic interaction between the serve-stale feature and NSEC... |
CVE-2018-20685 |
7 Openbsd, Netapp, Winscp and 4 more |
11 Openssh, Cloud Backup, Element Software and 8 more |
2019-10-03 |
2.6 |
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. |
CVE-2018-5736 |
2 Isc, Netapp |
3 Bind, Cloud Backup, Data Ontap Edge |
2019-10-03 |
3.5 |
An error in zone database reference counting can lead to an assertion failure if a server which is running an affected version of BIND attempts several transfers of a slave zone in quick succession. This defect could be deliberately exercised by... |
CVE-2018-1333 |
4 Apache, Netapp, Redhat and 1 more |
5 Http Server, Cloud Backup, Storage Automation Store and 2 more |
2019-10-03 |
5.0 |
By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a denial of service. Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.18-2.4.30,2.4.33). |
CVE-2018-2826 |
3 Oracle, Netapp, Canonical |
13 Jdk, Jre, Cloud Backup and 10 more |
2019-10-03 |
5.1 |
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). The supported version that is affected is Java SE: 10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple... |
CVE-2018-20796 |
2 Gnu, Netapp |
4 Glibc, Cloud Backup, Ontap Select Deploy Administration Utility and 1 more |
2019-10-03 |
5.0 |
In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\227|)(\\1\\1|t1|\\\2537)+' in grep. |
CVE-2018-8011 |
2 Apache, Netapp |
2 Http Server, Cloud Backup |
2019-08-15 |
5.0 |
By specially crafting HTTP requests, the mod_md challenge handler would dereference a NULL pointer and cause the child process to segfault. This could be used to DoS the server. Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.33). |
CVE-2018-15473 |
5 Openbsd, Debian, Netapp and 2 more |
16 Openssh, Debian Linux, Aff Baseboard Management Controller and 13 more |
2019-08-06 |
5.0 |
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and... |
CVE-2018-0735 |
6 Netapp, Openssl, Canonical and 3 more |
22 Cloud Backup, Oncommand Unified Manager, Santricity Smi-s Provider and 19 more |
2019-07-23 |
4.3 |
The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in... |
CVE-2016-10708 |
4 Openbsd, Debian, Netapp and 1 more |
11 Openssh, Debian Linux, Cloud Backup and 8 more |
2019-06-26 |
5.0 |
sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c. |
CVE-2018-0734 |
6 Netapp, Openssl, Canonical and 3 more |
19 Cloud Backup, Oncommand Unified Manager, Santricity Smi-s Provider and 16 more |
2019-06-11 |
4.3 |
The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL... |
CVE-2018-6485 |
4 Gnu, Redhat, Netapp and 1 more |
14 Glibc, Virtualization Host, Enterprise Linux Desktop and 11 more |
2019-04-26 |
7.5 |
An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading... |
CVE-2019-9169 |
2 Gnu, Netapp |
4 Glibc, Cloud Backup, Ontap Select Deploy Administration Utility and 1 more |
2019-04-16 |
7.5 |
In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match. |
CVE-2009-5155 |
2 Gnu, Netapp |
4 Glibc, Cloud Backup, Ontap Select Deploy Administration Utility and 1 more |
2019-03-25 |
5.0 |
In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by... |
CVE-2018-18065 |
4 Net-snmp, Netapp, Canonical and 1 more |
8 Net-snmp, Cloud Backup, Hyper Converged Infrastructure and 5 more |
2019-03-21 |
4.0 |
_set_key in agent/helpers/table_container.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. |
CVE-2018-15919 |
2 Openbsd, Netapp |
6 Openssh, Cloud Backup, Data Ontap Edge and 3 more |
2019-03-07 |
5.0 |
Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states 'We understand that the OpenSSH developers do... |
CVE-2018-7184 |
5 Ntp, Synology, Slackware and 2 more |
10 Ntp, Diskstation Manager, Router Manager and 7 more |
2019-02-28 |
5.0 |
ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to... |
CVE-2018-18066 |
2 Net-snmp, Netapp |
6 Net-snmp, Cloud Backup, Hyper Converged Infrastructure and 3 more |
2018-11-26 |
5.0 |
snmp_oid_compare in snmplib/snmp_api.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an unauthenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. |