Vulnerabilities > Netapp

DATE CVE VULNERABILITY TITLE RISK
2019-04-25 CVE-2019-3900 An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). 7.7
2019-04-24 CVE-2019-3882 A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. 5.5
2019-04-23 CVE-2019-11486 Race Condition vulnerability in multiple products
The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel before 5.0.8 has multiple race conditions.
local
high complexity
linux debian opensuse netapp CWE-362
7.0
2019-04-22 CVE-2019-10247 Information Exposure vulnerability in multiple products
In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 404 error for not finding a Context that matches the requested path.
network
low complexity
eclipse netapp oracle debian CWE-200
5.3
2019-04-22 CVE-2019-10246 Information Exposure vulnerability in multiple products
In Eclipse Jetty version 9.2.27, 9.3.26, and 9.4.16, the server running on Windows is vulnerable to exposure of the fully qualified Base Resource directory name on Windows to a remote client when it is configured for showing a Listing of directory contents.
network
low complexity
eclipse netapp oracle CWE-200
5.3
2019-04-22 CVE-2019-3901 A race condition in perf_event_open() allows local attackers to leak sensitive data from setuid programs.
local
high complexity
linux debian netapp
4.7
2019-04-22 CVE-2019-11244 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
In Kubernetes v1.8.x-v1.14.x, schema info is cached by kubectl in the location specified by --cache-dir (defaulting to $HOME/.kube/http-cache), written with world-writeable permissions (rw-rw-rw-).
local
low complexity
kubernetes netapp redhat CWE-732
5.0
2019-04-22 CVE-2019-11243 Improper Cross-boundary Removal of Sensitive Data vulnerability in multiple products
In Kubernetes v1.12.0-v1.12.4 and v1.13.0, the rest.AnonymousClientConfig() method returns a copy of the provided config, with credentials removed (bearer token, username/password, and client certificate/key data).
network
high complexity
kubernetes netapp CWE-212
8.1
2019-04-20 CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. 6.1
2019-04-18 CVE-2019-11035 Out-of-bounds Read vulnerability in multiple products
When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_iif_add_value function.
network
low complexity
php canonical netapp redhat opensuse debian CWE-125
critical
9.1