Vulnerabilities > Netapp > Hyper Converged Infrastructure > High

DATE CVE VULNERABILITY TITLE RISK
2018-10-08 CVE-2018-18066 NULL Pointer Dereference vulnerability in multiple products
snmp_oid_compare in snmplib/snmp_api.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an unauthenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.
network
low complexity
net-snmp netapp CWE-476
7.5
2018-08-20 CVE-2018-1000656 Improper Input Validation vulnerability in multiple products
The Pallets Project flask version Before 0.12.3 contains a CWE-20: Improper Input Validation vulnerability in flask that can result in Large amount of memory usage possibly leading to denial of service.
network
low complexity
palletsprojects netapp CWE-20
7.5
2018-06-22 CVE-2018-12538 Session Fixation vulnerability in multiple products
In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access/hijack other HttpSessions and even delete unmatched HttpSessions present in the FileSystem's storage for the FileSessionDataStore.
network
low complexity
eclipse netapp CWE-384
8.8