Element Software

DATE	CVE	VULNERABILITY TITLE	RISK
2018-06-22	CVE-2018-12538	Session Fixation vulnerability in multiple products In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access/hijack other HttpSessions and even delete unmatched HttpSessions present in the FileSystem's storage for the FileSessionDataStore. network low complexity eclipse netapp CWE-384	8.8
2018-03-08	CVE-2018-7183	Out-of-bounds Write vulnerability in multiple products Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an ntpq query and sending a response with a crafted array. network low complexity ntp freebsd canonical netapp CWE-787 critical	9.8
2018-03-06	CVE-2018-7182	Out-of-bounds Read vulnerability in multiple products The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mode 6 packet with a ntpd instance from 4.2.8p6 through 4.2.8p10. network low complexity ntp canonical netapp CWE-125	7.5
2018-02-01	CVE-2018-6485	Integer Overflow or Wraparound vulnerability in multiple products An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption. network low complexity gnu redhat oracle netapp CWE-190 critical	9.8
2017-10-19	CVE-2017-10388	Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). network high complexity oracle redhat netapp debian	7.5
2017-10-19	CVE-2017-10357	Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Serialization). network low complexity oracle redhat netapp debian	5.3
2017-10-19	CVE-2017-10356	Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). local low complexity oracle redhat netapp debian	6.2
2017-10-19	CVE-2017-10355	Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). network low complexity oracle redhat netapp debian	5.3
2017-10-19	CVE-2017-10350	Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAX-WS). network low complexity oracle redhat netapp debian	5.3
2017-10-19	CVE-2017-10349	Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). network low complexity oracle redhat netapp debian	5.3