Vulnerabilities > Netapp > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-01-07 | CVE-2018-5481 | Missing Encryption of Sensitive Data vulnerability in Netapp Oncommand Unified Manager OnCommand Unified Manager for 7-Mode (core package) prior to 5.2.4 uses cookies that lack the secure attribute in certain circumstances making it vulnerable to impersonation via man-in-the-middle (MITM) attacks. | 7.4 |
| 2018-12-07 | CVE-2018-19931 | Out-of-bounds Write vulnerability in multiple products An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. | 7.8 |
| 2018-10-17 | CVE-2018-3155 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). | 7.7 |
| 2018-10-08 | CVE-2018-18066 | NULL Pointer Dereference vulnerability in multiple products snmp_oid_compare in snmplib/snmp_api.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an unauthenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. | 7.5 |
| 2018-09-25 | CVE-2018-14634 | Integer Overflow or Wraparound vulnerability in multiple products An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. | 7.8 |
| 2018-09-19 | CVE-2018-17182 | Use After Free vulnerability in multiple products An issue was discovered in the Linux kernel through 4.18.8. | 7.8 |
| 2018-08-22 | CVE-2018-11776 | Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace and similar to results, same possibility when using url tag which doesn't have value and action set and in same time, its upper package have no or wildcard namespace. | 8.1 |
| 2018-08-20 | CVE-2018-1000656 | Improper Input Validation vulnerability in multiple products The Pallets Project flask version Before 0.12.3 contains a CWE-20: Improper Input Validation vulnerability in flask that can result in Large amount of memory usage possibly leading to denial of service. | 7.5 |
| 2018-08-20 | CVE-2018-1000632 | XML Injection (aka Blind XPath Injection) vulnerability in multiple products dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. | 7.5 |
| 2018-08-07 | CVE-2018-15132 | Information Exposure vulnerability in multiple products An issue was discovered in ext/standard/link_win32.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. | 7.5 |