Vulnerabilities > Netapp

DATE CVE VULNERABILITY TITLE RISK
2019-01-27 CVE-2019-6977 Out-of-bounds Write vulnerability in multiple products
gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow.
network
low complexity
libgd php debian canonical netapp CWE-787
8.8
2019-01-24 CVE-2018-5497 Information Exposure vulnerability in Netapp Clustered Data Ontap
Clustered Data ONTAP versions prior to 9.1P16, 9.3P10 and 9.4P5 are susceptible to a vulnerability which discloses sensitive information to an unauthorized user.
local
low complexity
netapp CWE-200
4.4
2019-01-22 CVE-2019-6260 The ASPEED ast2400 and ast2500 Baseband Management Controller (BMC) hardware and firmware implement Advanced High-performance Bus (AHB) bridges, which allow arbitrary read and write access to the BMC's physical address space from the host (or from the network in unusual cases where the BMC console uart is attached to a serial concentrator).
network
low complexity
aspeedtech netapp
critical
9.8
2019-01-22 CVE-2018-6445 A Vulnerability in Brocade Network Advisor versions before 14.0.3 could allow a remote unauthenticated attacker to export the current user database which includes the encrypted (not hashed) password of the systems.
network
low complexity
brocade netapp
7.5
2019-01-22 CVE-2018-6444 OS Command Injection vulnerability in multiple products
A Vulnerability in Brocade Network Advisor versions before 14.1.0 could allow a remote unauthenticated attacker to execute arbitray code.
network
low complexity
brocade netapp CWE-78
critical
9.8
2019-01-22 CVE-2018-6443 Credentials Management vulnerability in multiple products
A vulnerability in Brocade Network Advisor Versions before 14.3.1 could allow an unauthenticated, remote attacker to log in to the JBoss Administration interface of an affected system using an undocumented user credentials and install additional JEE applications.
network
high complexity
brocade netapp CWE-255
8.1
2019-01-16 CVE-2018-5740 Reachable Assertion vulnerability in multiple products
"deny-answer-aliases" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers.
network
low complexity
isc redhat debian netapp canonical hp opensuse CWE-617
7.5
2019-01-16 CVE-2018-5737 Reachable Assertion vulnerability in multiple products
A problem with the implementation of the new serve-stale feature in BIND 9.12 can lead to an assertion failure in rbtdb.c, even when stale-answer-enable is off.
network
low complexity
isc netapp CWE-617
7.5
2019-01-16 CVE-2018-5736 Reachable Assertion vulnerability in multiple products
An error in zone database reference counting can lead to an assertion failure if a server which is running an affected version of BIND attempts several transfers of a slave zone in quick succession.
network
high complexity
isc netapp CWE-617
5.3
2019-01-16 CVE-2018-5734 Reachable Assertion vulnerability in multiple products
While handling a particular type of malformed packet BIND erroneously selects a SERVFAIL rcode instead of a FORMERR rcode.
network
low complexity
isc netapp CWE-617
7.5