Vulnerabilities > Netapp > E Series Santricity OS Controller > High

DATE	CVE	VULNERABILITY TITLE	RISK
2019-08-09	CVE-2019-12258	Session Fixation vulnerability in multiple products Wind River VxWorks 6.6 through vx7 has Session Fixation in the TCP component. network low complexity windriver sonicwall siemens netapp belden CWE-384	7.5
2019-08-09	CVE-2019-12263	Out-of-bounds Write vulnerability in multiple products Wind River VxWorks 6.9.4 and vx7 has a Buffer Overflow in the TCP component (issue 4 of 4). network high complexity windriver sonicwall siemens netapp belden CWE-787	8.1
2019-08-09	CVE-2019-12257	Classic Buffer Overflow vulnerability in multiple products Wind River VxWorks 6.6 through 6.9 has a Buffer Overflow in the DHCP client component. low complexity windriver sonicwall siemens netapp belden CWE-120	8.8
2019-07-17	CVE-2019-13272	In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). local low complexity linux debian fedoraproject canonical redhat netapp	7.8
2019-07-16	CVE-2019-13115	Integer Overflow or Wraparound vulnerability in multiple products In libssh2 before 1.9.0, kex_method_diffie_hellman_group_exchange_sha256_key_exchange in kex.c has an integer overflow that could lead to an out-of-bounds read in the way packets are read from the server. network low complexity libssh2 debian fedoraproject netapp f5 CWE-190	8.1
2018-10-08	CVE-2018-18066	NULL Pointer Dereference vulnerability in multiple products snmp_oid_compare in snmplib/snmp_api.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an unauthenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. network low complexity net-snmp netapp CWE-476	7.5
2018-07-18	CVE-2018-2964	Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). network high complexity oracle netapp	8.3
2018-07-18	CVE-2018-2942	Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Windows DLL). network high complexity oracle netapp	8.3
2018-07-18	CVE-2018-2941	Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). network high complexity oracle netapp	8.3
2018-06-22	CVE-2018-12538	Session Fixation vulnerability in multiple products In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access/hijack other HttpSessions and even delete unmatched HttpSessions present in the FileSystem's storage for the FileSessionDataStore. network low complexity eclipse netapp CWE-384	8.8

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.