Element Software

DATE	CVE	VULNERABILITY TITLE	RISK
2019-08-16	CVE-2019-15098	NULL Pointer Dereference vulnerability in multiple products drivers/net/wireless/ath/ath6kl/usb.c in the Linux kernel through 5.2.9 has a NULL pointer dereference via an incomplete address in an endpoint descriptor. low complexity linux canonical opensuse netapp debian CWE-476	4.6
2019-07-26	CVE-2018-20855	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An issue was discovered in the Linux kernel before 4.18.7. local low complexity linux opensuse netapp CWE-119	3.3
2019-05-23	CVE-2019-0201	Missing Authorization vulnerability in multiple products An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. network high complexity apache debian redhat oracle netapp CWE-862	5.9
2019-04-10	CVE-2019-11068	libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. network low complexity xmlsoft canonical debian fedoraproject oracle netapp opensuse critical	9.8
2019-02-27	CVE-2019-1559	Information Exposure Through Discrepancy vulnerability in multiple products If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. network high complexity openssl canonical debian netapp f5 tenable opensuse fedoraproject mcafee redhat oracle paloaltonetworks nodejs CWE-203	5.9
2019-02-24	CVE-2019-9077	Out-of-bounds Write vulnerability in multiple products An issue was discovered in GNU Binutils 2.32. local low complexity gnu netapp canonical f5 CWE-787	7.8
2019-01-31	CVE-2019-6110	Inappropriate Encoding for Output Context vulnerability in multiple products In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred. network high complexity openbsd winscp netapp siemens CWE-838	6.8
2019-01-31	CVE-2019-6109	Improper Encoding or Escaping of Output vulnerability in multiple products An issue was discovered in OpenSSH 7.9. network high complexity openbsd winscp canonical debian netapp fedoraproject redhat siemens fujitsu CWE-116	6.8
2019-01-28	CVE-2019-3462	Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and earlier can lead to content injection by a MITM attacker, potentially leading to remote code execution on the target machine. network high complexity debian canonical netapp	8.1
2019-01-16	CVE-2017-3140	Resource Exhaustion vulnerability in multiple products If named is configured to use Response Policy Zones (RPZ) an error processing some rule types can lead to a condition where BIND will endlessly loop while handling a query. network high complexity isc netapp CWE-400	5.9