High

DATE	CVE	VULNERABILITY TITLE	RISK
2019-07-16	CVE-2019-13115	Integer Overflow or Wraparound vulnerability in multiple products In libssh2 before 1.9.0, kex_method_diffie_hellman_group_exchange_sha256_key_exchange in kex.c has an integer overflow that could lead to an out-of-bounds read in the way packets are read from the server. network low complexity libssh2 debian fedoraproject netapp f5 CWE-190	8.1
2019-07-10	CVE-2018-14550	Out-of-bounds Write vulnerability in multiple products An issue has been found in third-party PNM decoding associated with libpng 1.6.35. network low complexity libpng oracle netapp CWE-787	8.8
2019-07-02	CVE-2019-5443	Uncontrolled Search Path Element vulnerability in multiple products A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl <= 7.65.1 automatically run the code (as an openssl "engine") on invocation. local low complexity haxx oracle netapp CWE-427	7.8
2019-06-03	CVE-2019-12615	NULL Pointer Dereference vulnerability in multiple products An issue was discovered in get_vdev_port_node_info in arch/sparc/kernel/mdesc.c in the Linux kernel through 5.1.6. network low complexity linux netapp CWE-476	7.5
2019-06-03	CVE-2019-3846	Heap-based Buffer Overflow vulnerability in multiple products A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. low complexity linux redhat canonical netapp fedoraproject debian opensuse CWE-122	8.8
2019-05-28	CVE-2019-5436	Out-of-bounds Write vulnerability in multiple products A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1. local low complexity haxx opensuse fedoraproject debian f5 netapp oracle CWE-787	7.8
2019-05-15	CVE-2019-8936	NULL Pointer Dereference vulnerability in multiple products NTP through 4.2.8p12 has a NULL Pointer Dereference. network low complexity netapp fedoraproject opensuse hpe ntp CWE-476	7.5
2019-05-10	CVE-2019-5496	Cleartext Transmission of Sensitive Information vulnerability in Netapp Oncommand Insight Oncommand Insight versions prior to 7.3.5 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors. network low complexity netapp CWE-319	7.5
2019-05-10	CVE-2019-5495	7PK - Security Features vulnerability in Netapp Oncommand Unified Manager OnCommand Unified Manager for VMware vSphere, Linux and Windows prior to 9.5 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors. network low complexity netapp CWE-254	7.5
2019-05-10	CVE-2019-5494	Cleartext Transmission of Sensitive Information vulnerability in Netapp Oncommand Unified Manager OnCommand Unified Manager 7-Mode prior to version 5.2.4 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors. network low complexity netapp CWE-319	7.5