Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2019-04-22	CVE-2019-3901	A race condition in perf_event_open() allows local attackers to leak sensitive data from setuid programs. local high complexity linux debian netapp	4.7
2019-04-22	CVE-2019-11244	Incorrect Permission Assignment for Critical Resource vulnerability in multiple products In Kubernetes v1.8.x-v1.14.x, schema info is cached by kubectl in the location specified by --cache-dir (defaulting to $HOME/.kube/http-cache), written with world-writeable permissions (rw-rw-rw-). local low complexity kubernetes netapp redhat CWE-732	5.0
2019-04-20	CVE-2019-11358	jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. network low complexity jquery debian drupal backdropcms fedoraproject opensuse netapp redhat oracle joomla juniper	6.1
2019-04-04	CVE-2018-20449	Information Exposure vulnerability in multiple products The hidma_chan_stats function in drivers/dma/qcom/hidma_dbg.c in the Linux kernel 4.14.90 allows local users to obtain sensitive address information by reading "callback=" lines in a debugfs file. local low complexity linux netapp CWE-200	5.5
2019-03-25	CVE-2019-3874	The SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem. low complexity linux debian redhat canonical netapp	6.5
2019-03-21	CVE-2019-7222	The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak. local low complexity linux fedoraproject opensuse debian canonical netapp redhat	5.5
2019-03-21	CVE-2019-6454	Out-of-bounds Write vulnerability in multiple products An issue was discovered in sd-bus in systemd 239. local low complexity systemd-project opensuse netapp debian fedoraproject canonical redhat mcafee CWE-787	5.5
2019-03-21	CVE-2018-19985	Out-of-bounds Read vulnerability in multiple products The function hso_get_config_data in drivers/net/usb/hso.c in the Linux kernel through 4.19.8 reads if_num from the USB device (as a u8) and uses it to index a small array, resulting in an object out-of-bounds (OOB) read that potentially allows arbitrary read in the kernel address space. low complexity linux debian netapp CWE-125	4.6
2019-03-04	CVE-2018-5482	Missing Encryption of Sensitive Data vulnerability in Netapp Snapcenter Server NetApp SnapCenter Server prior to 4.1 does not set the secure flag for a sensitive cookie in an HTTPS session which can allow the transmission of the cookie in plain text over an unencrypted channel. network low complexity netapp CWE-311	5.3
2019-03-04	CVE-2017-15515	Cross-site Scripting vulnerability in Netapp Snapcenter Server NetApp SnapCenter Server prior to 4.0 is susceptible to cross site scripting vulnerability that could allow a privileged user to inject arbitrary scripts into the custom secondary policy label field. network low complexity netapp CWE-79	4.8