Vulnerabilities > Netapp > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-05-18 CVE-2018-11237 Out-of-bounds Write vulnerability in multiple products
An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper.
local
low complexity
gnu redhat oracle netapp canonical CWE-787
4.6
2018-05-16 CVE-2018-11212 Divide By Zero vulnerability in multiple products
An issue was discovered in libjpeg 9a and 9d.
4.3
2018-05-11 CVE-2018-1258 Incorrect Authorization vulnerability in multiple products
Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security.
6.5
2018-04-29 CVE-2018-10549 Out-of-bounds Read vulnerability in PHP
An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5.
6.8
2018-04-29 CVE-2018-10548 NULL Pointer Dereference vulnerability in PHP
An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5.
network
low complexity
php canonical debian netapp CWE-476
5.0
2018-04-29 CVE-2018-10547 Cross-site Scripting vulnerability in PHP
An issue was discovered in ext/phar/phar_object.c in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5.
4.3
2018-04-29 CVE-2018-10546 Infinite Loop vulnerability in PHP
An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5.
network
low complexity
php canonical debian netapp CWE-835
5.0
2018-04-25 CVE-2018-5486 Missing Authentication for Critical Function vulnerability in Netapp Oncommand Unified Manager
NetApp OnCommand Unified Manager for Linux versions 7.2 though 7.3 ship with the Java Debug Wire Protocol (JDWP) enabled which allows unauthorized local attackers to execute arbitrary code.
local
low complexity
netapp linux CWE-306
4.6
2018-04-19 CVE-2018-2846 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema).
network
low complexity
oracle canonical netapp
4.0
2018-04-19 CVE-2018-2839 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML).
network
low complexity
oracle canonical netapp
4.0