Vulnerabilities > Netapp

DATE CVE VULNERABILITY TITLE RISK
2019-04-18 CVE-2019-11034 Out-of-bounds Read vulnerability in multiple products
When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_process_IFD_TAG function.
network
low complexity
php canonical netapp redhat debian opensuse CWE-125
critical
9.1
2019-04-10 CVE-2019-11068 libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code.
network
low complexity
xmlsoft canonical debian fedoraproject oracle netapp opensuse
critical
9.8
2019-04-08 CVE-2019-0211 Use After Free vulnerability in multiple products
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard.
7.8
2019-04-08 CVE-2019-0217 Race Condition vulnerability in multiple products
In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.
7.5
2019-04-04 CVE-2018-20449 Information Exposure vulnerability in multiple products
The hidma_chan_stats function in drivers/dma/qcom/hidma_dbg.c in the Linux kernel 4.14.90 allows local users to obtain sensitive address information by reading "callback=" lines in a debugfs file.
local
low complexity
linux netapp CWE-200
5.5
2019-04-02 CVE-2019-9946 Always-Incorrect Control Flow Implementation vulnerability in multiple products
Cloud Native Computing Foundation (CNCF) CNI (Container Networking Interface) 0.7.4 has a network firewall misconfiguration which affects Kubernetes.
network
low complexity
kubernetes cncf netapp CWE-670
7.5
2019-03-28 CVE-2019-0222 In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive.
network
low complexity
apache netapp oracle debian
7.5
2019-03-27 CVE-2019-10125 Use After Free vulnerability in multiple products
An issue was discovered in aio_poll() in fs/aio.c in the Linux kernel through 5.0.4.
network
low complexity
linux netapp CWE-416
critical
9.8
2019-03-25 CVE-2019-7612 Information Exposure Through Log Files vulnerability in multiple products
A sensitive data disclosure flaw was found in the way Logstash versions before 5.6.15 and 6.6.1 logs malformed URLs.
network
low complexity
elastic netapp CWE-532
critical
9.8
2019-03-25 CVE-2019-3874 The SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem. 6.5