Vulnerabilities > Netapp > High

DATE CVE VULNERABILITY TITLE RISK
2019-10-25 CVE-2019-5508 Unspecified vulnerability in Netapp Clustered Data Ontap 9.2/9.3/9.4
Clustered Data ONTAP versions 9.2 through 9.4 are susceptible to a vulnerability which allows an attacker to use l2ping to cause a Denial of Service (DoS).
network
low complexity
netapp
7.5
2019-10-21 CVE-2019-17498 Integer Overflow or Wraparound vulnerability in multiple products
In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read.
8.1
2019-10-21 CVE-2019-18218 Out-of-bounds Write vulnerability in multiple products
cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write).
7.8
2019-10-17 CVE-2019-14287 Improper Handling of Exceptional Conditions vulnerability in multiple products
In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID.
8.8
2019-10-11 CVE-2019-2215 Use After Free vulnerability in multiple products
A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel.
local
low complexity
google debian canonical netapp huawei CWE-416
7.8
2019-10-09 CVE-2019-16905 Integer Overflow or Wraparound vulnerability in multiple products
OpenSSH 7.7 through 7.9 and 8.x before 8.1, when compiled with an experimental key type, has a pre-authentication integer overflow if a client or server is configured to use a crafted XMSS key.
local
low complexity
openbsd netapp siemens CWE-190
7.8
2019-10-08 CVE-2019-17359 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigger a large attempted memory allocation, and resultant OutOfMemoryError error, via crafted ASN.1 data.
network
low complexity
bouncycastle apache netapp oracle CWE-770
7.5
2019-10-03 CVE-2019-15166 Classic Buffer Overflow vulnerability in multiple products
lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks.
7.5
2019-10-01 CVE-2019-17069 Use After Free vulnerability in multiple products
PuTTY before 0.73 might allow remote SSH-1 servers to cause a denial of service by accessing freed memory locations via an SSH1_MSG_DISCONNECT message.
network
low complexity
putty opensuse netapp CWE-416
7.5
2019-09-30 CVE-2019-16276 HTTP Request Smuggling vulnerability in multiple products
Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling.
7.5