| CVE |
Vendors |
Products |
Updated |
CVSS |
| CVE-2009-5155 |
2 Gnu, Netapp |
4 Glibc, Cloud Backup, Ontap Select Deploy Administration Utility and 1 more |
2019-03-25 |
5.0 |
| In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by... |
| CVE-2018-20685 |
5 Openbsd, Netapp, Winscp and 2 more |
9 Openssh, Cloud Backup, Element Software and 6 more |
2019-03-25 |
2.6 |
| In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. |
| CVE-2018-18065 |
4 Net-snmp, Netapp, Canonical and 1 more |
8 Net-snmp, Cloud Backup, Hyper Converged Infrastructure and 5 more |
2019-03-21 |
4.0 |
| _set_key in agent/helpers/table_container.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. |
| CVE-2018-20796 |
2 Gnu, Netapp |
4 Glibc, Cloud Backup, Ontap Select Deploy Administration Utility and 1 more |
2019-03-15 |
5.0 |
| In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\227|)(\\1\\1|t1|\\\2537)+' in grep. |
| CVE-2019-9169 |
2 Gnu, Netapp |
4 Glibc, Cloud Backup, Ontap Select Deploy Administration Utility and 1 more |
2019-03-15 |
7.5 |
| In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match. |
| CVE-2018-15919 |
2 Openbsd, Netapp |
6 Openssh, Cloud Backup, Data Ontap Edge and 3 more |
2019-03-07 |
5.0 |
| Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states 'We understand that the OpenSSH developers do... |
| CVE-2018-8011 |
2 Apache, Netapp |
2 Http Server, Cloud Backup |
2019-03-04 |
5.0 |
| By specially crafting HTTP requests, the mod_md challenge handler would dereference a NULL pointer and cause the child process to segfault. This could be used to DoS the server. Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.33). |
| CVE-2018-7184 |
5 Ntp, Synology, Slackware and 2 more |
10 Ntp, Diskstation Manager, Router Manager and 7 more |
2019-02-28 |
5.0 |
| ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to... |
| CVE-2018-5737 |
2 Isc, Netapp |
3 Bind, Cloud Backup, Data Ontap Edge |
2019-02-13 |
5.0 |
| A problem with the implementation of the new serve-stale feature in BIND 9.12 can lead to an assertion failure in rbtdb.c, even when stale-answer-enable is off. Additionally, problematic interaction between the serve-stale feature and NSEC... |
| CVE-2018-5736 |
2 Isc, Netapp |
3 Bind, Cloud Backup, Data Ontap Edge |
2019-02-13 |
3.5 |
| An error in zone database reference counting can lead to an assertion failure if a server which is running an affected version of BIND attempts several transfers of a slave zone in quick succession. This defect could be deliberately exercised by... |
| CVE-2018-0734 |
4 Netapp, Openssl, Canonical and 1 more |
8 Cloud Backup, Oncommand Unified Manager, Santricity Smi-s Provider and 5 more |
2019-01-29 |
4.3 |
| The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL... |
| CVE-2018-0735 |
4 Netapp, Openssl, Canonical and 1 more |
8 Cloud Backup, Oncommand Unified Manager, Santricity Smi-s Provider and 5 more |
2019-01-29 |
4.3 |
| The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in... |
| CVE-2018-18066 |
2 Net-snmp, Netapp |
6 Net-snmp, Cloud Backup, Hyper Converged Infrastructure and 3 more |
2018-11-26 |
5.0 |
| snmp_oid_compare in snmplib/snmp_api.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an unauthenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. |
