Vulnerabilities > Netapp > Critical

DATE CVE VULNERABILITY TITLE RISK
2019-04-10 CVE-2019-11068 libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code.
network
low complexity
xmlsoft canonical debian fedoraproject oracle netapp opensuse
critical
9.8
2019-03-27 CVE-2019-10125 Use After Free vulnerability in multiple products
An issue was discovered in aio_poll() in fs/aio.c in the Linux kernel through 5.0.4.
network
low complexity
linux netapp CWE-416
critical
10.0
2019-03-25 CVE-2019-3861 Out-of-bounds Read vulnerability in multiple products
An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH packets with a padding length value greater than the packet length are parsed.
network
low complexity
libssh2 debian netapp opensuse CWE-125
critical
9.1
2019-03-25 CVE-2019-3860 Out-of-bounds Read vulnerability in multiple products
An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with empty payloads are parsed.
network
low complexity
libssh2 debian netapp opensuse CWE-125
critical
9.1
2019-03-21 CVE-2019-3858 Out-of-bounds Read vulnerability in multiple products
An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server.
network
low complexity
libssh2 fedoraproject debian netapp opensuse CWE-125
critical
9.1
2019-03-21 CVE-2019-5490 Insecure Default Initialization of Resource vulnerability in Netapp Service Processor
Certain versions between 2.x to 5.x (refer to advisory) of the NetApp Service Processor firmware were shipped with a default account enabled that could allow unauthorized arbitrary command execution.
network
low complexity
netapp CWE-1188
critical
10.0
2019-03-21 CVE-2019-9898 Use of Insufficiently Random Values vulnerability in multiple products
Potential recycling of random numbers used in cryptography exists within PuTTY before 0.71.
network
low complexity
putty fedoraproject debian opensuse netapp CWE-330
critical
9.8
2019-03-21 CVE-2019-3862 Out-of-bounds Read vulnerability in multiple products
An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed.
network
low complexity
libssh2 fedoraproject debian netapp opensuse CWE-125
critical
9.1
2019-03-21 CVE-2019-3859 Out-of-bounds Read vulnerability in multiple products
An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the _libssh2_packet_require and _libssh2_packet_requirev functions.
network
low complexity
libssh2 fedoraproject debian netapp opensuse CWE-125
critical
9.1
2019-03-07 CVE-2019-0192 Deserialization of Untrusted Data vulnerability in multiple products
In Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5, the Config API allows to configure the JMX server via an HTTP POST request.
network
low complexity
apache netapp CWE-502
critical
9.8