Vulnerabilities > Netapp > Ontap Select Deploy > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-02-27 CVE-2019-1559 Information Exposure Through Discrepancy vulnerability in multiple products
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC.
5.9
2019-01-31 CVE-2019-6110 Inappropriate Encoding for Output Context vulnerability in multiple products
In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred.
network
high complexity
openbsd winscp netapp siemens CWE-838
6.8
2019-01-31 CVE-2019-6109 Improper Encoding or Escaping of Output vulnerability in multiple products
An issue was discovered in OpenSSH 7.9.
6.8
2019-01-10 CVE-2018-20685 Incorrect Authorization vulnerability in multiple products
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of .
5.3
2018-08-28 CVE-2018-15919 Information Exposure vulnerability in multiple products
Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use.
network
low complexity
openbsd netapp CWE-200
5.3
2018-08-17 CVE-2018-15473 Race Condition vulnerability in multiple products
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.
5.3