Vulnerabilities > Netapp > E Series Santricity OS Controller > 11.60

DATE CVE VULNERABILITY TITLE RISK
2019-07-16 CVE-2019-13115 Integer Overflow or Wraparound vulnerability in multiple products
In libssh2 before 1.9.0, kex_method_diffie_hellman_group_exchange_sha256_key_exchange in kex.c has an integer overflow that could lead to an out-of-bounds read in the way packets are read from the server.
network
low complexity
libssh2 debian fedoraproject netapp f5 CWE-190
8.1
8.1
2019-04-10 CVE-2019-11068 libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code.
network
low complexity
xmlsoft canonical debian fedoraproject oracle netapp opensuse
critical
 9.8
9.8
2018-07-18 CVE-2018-2973 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JSSE).
network
high complexity
oracle redhat netapp hp
5.9
5.9
2018-07-18 CVE-2018-2964 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment).
network
high complexity
oracle netapp
8.3
8.3
2018-07-18 CVE-2018-2952 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency).
network
high complexity
oracle debian canonical hp redhat netapp
3.7
3.7
2018-07-18 CVE-2018-2942 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Windows DLL).
network
high complexity
oracle netapp
8.3
8.3
2018-07-18 CVE-2018-2941 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX).
network
high complexity
oracle netapp
8.3
8.3
2018-07-18 CVE-2018-2940 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries).
network
low complexity
oracle hp redhat netapp
4.3
4.3
2018-07-18 CVE-2018-2938 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Java DB).
network
high complexity
oracle netapp
critical
 9.0
9.0
2018-01-22 CVE-2018-5968 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws.
network
high complexity
fasterxml debian redhat netapp CWE-502
8.1
8.1