High

DATE	CVE	VULNERABILITY TITLE	RISK
2018-07-18	CVE-2018-2941	Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). network high complexity oracle netapp	8.3
2018-07-10	CVE-2018-3627	Logic bug in Intel Converged Security Management Engine 11.x may allow an attacker to execute arbitrary code via local privileged access. local low complexity intel netapp	8.2
2018-06-22	CVE-2018-12538	Session Fixation vulnerability in multiple products In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access/hijack other HttpSessions and even delete unmatched HttpSessions present in the FileSystem's storage for the FileSessionDataStore. network low complexity eclipse netapp CWE-384	8.8
2018-06-18	CVE-2018-1333	Resource Exhaustion vulnerability in multiple products By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a denial of service. network low complexity apache redhat canonical netapp CWE-400	7.5
2018-06-07	CVE-2018-12015	Link Following vulnerability in multiple products In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name. network low complexity canonical debian perl archive apple netapp CWE-59	7.5
2018-06-05	CVE-2018-1000180	Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected. network low complexity bouncycastle debian oracle netapp redhat CWE-327	7.5
2018-06-01	CVE-2016-1000338	Improper Verification of Cryptographic Signature vulnerability in multiple products In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on verification. network low complexity bouncycastle redhat canonical netapp CWE-347	7.5
2018-05-24	CVE-2018-5485	Unspecified vulnerability in Netapp Oncommand Unified Manager 7.2/7.3 NetApp OnCommand Unified Manager for Windows versions 7.2 through 7.3 are susceptible to a vulnerability which could lead to a privilege escalation attack. local low complexity netapp	7.8
2018-05-18	CVE-2018-11237	Out-of-bounds Write vulnerability in multiple products An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper. local low complexity gnu redhat oracle netapp canonical CWE-787	7.8
2018-05-11	CVE-2018-1258	Incorrect Authorization vulnerability in multiple products Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. network low complexity pivotal-software vmware oracle netapp redhat CWE-863	8.8