E Series Santricity OS Controller

DATE	CVE	VULNERABILITY TITLE	RISK
2019-08-09	CVE-2019-12255	Classic Buffer Overflow vulnerability in multiple products Wind River VxWorks has a Buffer Overflow in the TCP component (issue 1 of 4). network low complexity windriver netapp sonicwall siemens belden CWE-120 critical	9.8
2019-08-09	CVE-2019-12265	Memory Leak vulnerability in multiple products Wind River VxWorks 6.5, 6.6, 6.7, 6.8, 6.9.3 and 6.9.4 has a Memory Leak in the IGMPv3 client component. network low complexity windriver sonicwall siemens netapp belden CWE-401	5.3
2019-08-09	CVE-2019-12263	Out-of-bounds Write vulnerability in multiple products Wind River VxWorks 6.9.4 and vx7 has a Buffer Overflow in the TCP component (issue 4 of 4). network high complexity windriver sonicwall siemens netapp belden CWE-787	8.1
2019-08-09	CVE-2019-12257	Classic Buffer Overflow vulnerability in multiple products Wind River VxWorks 6.6 through 6.9 has a Buffer Overflow in the DHCP client component. low complexity windriver sonicwall siemens netapp belden CWE-120	8.8
2019-08-09	CVE-2019-12256	Classic Buffer Overflow vulnerability in multiple products Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the IPv4 component. network low complexity windriver netapp sonicwall siemens belden CWE-120 critical	9.8
2019-07-17	CVE-2019-13272	In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). local low complexity linux debian fedoraproject canonical redhat netapp	7.8
2019-07-16	CVE-2019-13115	Integer Overflow or Wraparound vulnerability in multiple products In libssh2 before 1.9.0, kex_method_diffie_hellman_group_exchange_sha256_key_exchange in kex.c has an integer overflow that could lead to an out-of-bounds read in the way packets are read from the server. network low complexity libssh2 debian fedoraproject netapp f5 CWE-190	8.1
2019-07-01	CVE-2019-13118	Type Confusion vulnerability in multiple products In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data. network low complexity xmlsoft opensuse netapp oracle fedoraproject canonical apple CWE-843	5.3
2019-04-10	CVE-2019-11068	libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. network low complexity xmlsoft canonical debian fedoraproject oracle netapp opensuse critical	9.8
2018-12-07	CVE-2018-18314	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations. network low complexity perl canonical debian netapp redhat CWE-119 critical	9.8