Vulnerabilities > Netapp > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-04-20 CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. 6.1
2019-04-04 CVE-2018-20449 Information Exposure vulnerability in multiple products
The hidma_chan_stats function in drivers/dma/qcom/hidma_dbg.c in the Linux kernel 4.14.90 allows local users to obtain sensitive address information by reading "callback=" lines in a debugfs file.
local
low complexity
linux netapp CWE-200
5.5
2019-03-25 CVE-2019-3874 Resource Exhaustion vulnerability in multiple products
The SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem.
6.5
2019-03-21 CVE-2019-7222 The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak. 5.5
2019-03-21 CVE-2019-6454 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in sd-bus in systemd 239.
5.5
2019-03-21 CVE-2018-19985 Out-of-bounds Read vulnerability in multiple products
The function hso_get_config_data in drivers/net/usb/hso.c in the Linux kernel through 4.19.8 reads if_num from the USB device (as a u8) and uses it to index a small array, resulting in an object out-of-bounds (OOB) read that potentially allows arbitrary read in the kernel address space.
low complexity
linux debian netapp CWE-125
4.6
2019-03-04 CVE-2018-5482 Missing Encryption of Sensitive Data vulnerability in Netapp Snapcenter Server
NetApp SnapCenter Server prior to 4.1 does not set the secure flag for a sensitive cookie in an HTTPS session which can allow the transmission of the cookie in plain text over an unencrypted channel.
network
low complexity
netapp CWE-311
5.3
2019-03-04 CVE-2017-15515 Cross-site Scripting vulnerability in Netapp Snapcenter Server
NetApp SnapCenter Server prior to 4.0 is susceptible to cross site scripting vulnerability that could allow a privileged user to inject arbitrary scripts into the custom secondary policy label field.
network
low complexity
netapp CWE-79
4.8
2019-02-27 CVE-2019-1559 Information Exposure Through Discrepancy vulnerability in multiple products
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC.
5.9
2019-02-24 CVE-2019-9076 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32.
local
low complexity
gnu netapp CWE-770
5.5