Vulnerabilities > Netapp > High

DATE CVE VULNERABILITY TITLE RISK
2019-02-06 CVE-2018-16890 Integer Overflow or Wraparound vulnerability in multiple products
libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read.
7.5
2019-01-30 CVE-2018-17199 Session Fixation vulnerability in multiple products
In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session.
network
low complexity
apache debian netapp canonical oracle CWE-384
7.5
2019-01-28 CVE-2019-3462 Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and earlier can lead to content injection by a MITM attacker, potentially leading to remote code execution on the target machine.
network
high complexity
debian canonical netapp
8.1
2019-01-27 CVE-2019-6977 Out-of-bounds Write vulnerability in multiple products
gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow.
network
low complexity
libgd php debian canonical netapp CWE-787
8.8
2019-01-22 CVE-2019-6260 The ASPEED ast2400 and ast2500 Baseband Management Controller (BMC) hardware and firmware implement Advanced High-performance Bus (AHB) bridges, which allow arbitrary read and write access to the BMC's physical address space from the host (or from the network in unusual cases where the BMC console uart is attached to a serial concentrator).
network
low complexity
aspeedtech netapp
7.5
2019-01-16 CVE-2017-3145 Use After Free vulnerability in multiple products
BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named.
network
low complexity
isc redhat debian netapp juniper CWE-416
7.5
2019-01-16 CVE-2019-2534 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication).
network
low complexity
oracle canonical netapp redhat
7.1
2018-12-07 CVE-2018-19931 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31.
local
low complexity
gnu netapp canonical CWE-787
7.8
2018-11-14 CVE-2018-5495 Unspecified vulnerability in Netapp Storagegrid Webscale
All StorageGRID Webscale versions are susceptible to a vulnerability which could permit an unauthenticated attacker to communicate with systems on the same network as the StorageGRID Webscale Admin Node via HTTP or to take over services on the Admin Node.
network
low complexity
netapp
7.5
2018-10-04 CVE-2018-5492 Improper Input Validation vulnerability in Netapp E-Series Santricity OS Controller 11.0.0
NetApp E-Series SANtricity OS Controller Software 11.30 and later version 11.30.5 is susceptible to unauthenticated remote code execution.
network
low complexity
netapp CWE-20
7.5