Vulnerabilities > Netapp > High

DATE CVE VULNERABILITY TITLE RISK
2018-09-19 CVE-2018-17182 Use After Free vulnerability in multiple products
An issue was discovered in the Linux kernel through 4.18.8.
local
low complexity
linux canonical debian netapp CWE-416
7.8
7.8
2018-08-22 CVE-2018-11776 Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace and similar to results, same possibility when using url tag which doesn't have value and action set and in same time, its upper package have no or wildcard namespace.
network
high complexity
apache netapp oracle
8.1
8.1
2018-08-20 CVE-2018-1000656 Improper Input Validation vulnerability in multiple products
The Pallets Project flask version Before 0.12.3 contains a CWE-20: Improper Input Validation vulnerability in flask that can result in Large amount of memory usage possibly leading to denial of service.
network
low complexity
palletsprojects netapp CWE-20
7.5
7.5
2018-08-20 CVE-2018-1000632 XML Injection (aka Blind XPath Injection) vulnerability in multiple products
dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element.
network
low complexity
dom4j-project debian oracle redhat netapp CWE-91
7.5
7.5
2018-08-07 CVE-2018-15132 Information Exposure vulnerability in multiple products
An issue was discovered in ext/standard/link_win32.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8.
network
low complexity
php netapp CWE-200
7.5
7.5
2018-08-03 CVE-2018-5490 Incorrect Permission Assignment for Critical Resource vulnerability in Netapp Clustered Data Ontap
Read-Only export policy rules are not correctly enforced in Clustered Data ONTAP 8.3 Release Candidate versions and therefore may allow more than "read-only" access from authenticated SMBv2 and SMBv3 clients.
network
low complexity
netapp CWE-732
8.8
8.8
2018-08-03 CVE-2018-14884 NULL Pointer Dereference vulnerability in multiple products
An issue was discovered in PHP 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1.
network
low complexity
php netapp CWE-476
7.5
7.5
2018-08-03 CVE-2018-14883 Integer Overflow or Wraparound vulnerability in multiple products
An issue was discovered in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8.
network
low complexity
php canonical debian netapp CWE-190
7.5
7.5
2018-08-02 CVE-2017-9118 Out-of-bounds Read vulnerability in multiple products
PHP 7.1.5 has an Out of bounds access in php_pcre_replace_impl via a crafted preg_replace call.
network
low complexity
php netapp CWE-125
7.5
7.5
2018-07-18 CVE-2018-8011 NULL Pointer Dereference vulnerability in multiple products
By specially crafting HTTP requests, the mod_md challenge handler would dereference a NULL pointer and cause the child process to segfault.
network
low complexity
apache netapp CWE-476
7.5
7.5