Vulnerabilities > Netapp > Critical

DATE CVE VULNERABILITY TITLE RISK
2019-07-10 CVE-2017-12652 Improper Input Validation vulnerability in multiple products
libpng before 1.6.32 does not properly check the length of chunks against the user limit.
network
low complexity
libpng netapp CWE-20
critical
 9.8
9.8
2019-07-01 CVE-2019-5497 Insecure Default Initialization of Resource vulnerability in Netapp AFF A700S Firmware and Clustered Data Ontap
NetApp AFF A700s Baseboard Management Controller (BMC) firmware versions 1.22 and higher were shipped with a default account enabled that could allow unauthorized arbitrary command execution.
network
low complexity
netapp CWE-1188
critical
 9.8
9.8
2019-06-14 CVE-2019-10126 A flaw was found in the Linux kernel.
network
low complexity
linux redhat canonical debian opensuse netapp
critical
 9.8
9.8
2019-06-12 CVE-2019-3888 Information Exposure Through Log Files vulnerability in multiple products
A vulnerability was found in Undertow web server before 2.0.21.
network
low complexity
redhat netapp CWE-532
critical
 9.8
9.8
2019-06-07 CVE-2019-10160 A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL.
network
low complexity
python redhat debian opensuse fedoraproject canonical netapp
critical
 9.8
9.8
2019-04-18 CVE-2019-11035 Out-of-bounds Read vulnerability in multiple products
When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_iif_add_value function.
network
low complexity
php canonical netapp redhat opensuse debian CWE-125
critical
 9.1
9.1
2019-04-18 CVE-2019-11034 Out-of-bounds Read vulnerability in multiple products
When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_process_IFD_TAG function.
network
low complexity
php canonical netapp redhat debian opensuse CWE-125
critical
 9.1
9.1
2019-04-10 CVE-2019-11068 libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code.
network
low complexity
xmlsoft canonical debian fedoraproject oracle netapp opensuse
critical
 9.8
9.8
2019-03-27 CVE-2019-10125 Use After Free vulnerability in multiple products
An issue was discovered in aio_poll() in fs/aio.c in the Linux kernel through 5.0.4.
network
low complexity
linux netapp CWE-416
critical
 9.8
9.8
2019-03-25 CVE-2019-7612 Information Exposure Through Log Files vulnerability in multiple products
A sensitive data disclosure flaw was found in the way Logstash versions before 5.6.15 and 6.6.1 logs malformed URLs.
network
low complexity
elastic netapp CWE-532
critical
 9.8
9.8