Vulnerabilities > Netapp > Element Software

DATE CVE VULNERABILITY TITLE RISK
2019-08-16 CVE-2019-15098 NULL Pointer Dereference vulnerability in multiple products
drivers/net/wireless/ath/ath6kl/usb.c in the Linux kernel through 5.2.9 has a NULL pointer dereference via an incomplete address in an endpoint descriptor.
4.6
2019-07-26 CVE-2018-20855 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
An issue was discovered in the Linux kernel before 4.18.7.
local
low complexity
linux opensuse netapp CWE-119
3.3
2019-05-23 CVE-2019-0201 Missing Authorization vulnerability in multiple products
An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta.
network
high complexity
apache debian redhat oracle netapp CWE-862
5.9
2019-04-10 CVE-2019-11068 libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code.
network
low complexity
xmlsoft canonical debian fedoraproject oracle netapp opensuse
critical
9.8
2019-02-27 CVE-2019-1559 Information Exposure Through Discrepancy vulnerability in multiple products
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC.
5.9
2019-02-24 CVE-2019-9077 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in GNU Binutils 2.32.
local
low complexity
gnu netapp canonical f5 CWE-787
7.8
2019-01-31 CVE-2019-6110 Inappropriate Encoding for Output Context vulnerability in multiple products
In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred.
network
high complexity
openbsd winscp netapp siemens CWE-838
6.8
2019-01-31 CVE-2019-6109 Improper Encoding or Escaping of Output vulnerability in multiple products
An issue was discovered in OpenSSH 7.9.
6.8
2019-01-28 CVE-2019-3462 Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and earlier can lead to content injection by a MITM attacker, potentially leading to remote code execution on the target machine.
network
high complexity
debian canonical netapp
8.1
2019-01-16 CVE-2017-3140 Resource Exhaustion vulnerability in multiple products
If named is configured to use Response Policy Zones (RPZ) an error processing some rule types can lead to a condition where BIND will endlessly loop while handling a query.
network
high complexity
isc netapp CWE-400
5.9