Vulnerabilities > Netapp > Storage Automation Store

DATE CVE VULNERABILITY TITLE RISK
2019-04-18 CVE-2019-11035 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_iif_add_value function.
network
low complexity
php canonical netapp CWE-119
6.4
2019-04-18 CVE-2019-11034 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_process_IFD_TAG function.
network
low complexity
php canonical netapp CWE-119
6.4
2019-03-09 CVE-2019-9641 Use of Uninitialized Resource vulnerability in multiple products
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3.
network
low complexity
php debian canonical opensuse netapp CWE-908
7.5
2019-03-09 CVE-2019-9640 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3.
network
low complexity
php canonical debian opensuse netapp redhat CWE-125
5.0
2019-03-09 CVE-2019-9639 Missing Initialization of Resource vulnerability in multiple products
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3.
network
low complexity
php debian canonical opensuse netapp redhat CWE-909
5.0
2019-03-09 CVE-2019-9638 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3.
network
low complexity
php debian canonical opensuse netapp redhat CWE-125
5.0
2019-03-09 CVE-2019-9637 Permissions, Privileges, and Access Controls vulnerability in PHP
An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3.
network
low complexity
php debian canonical opensuse netapp CWE-264
5.0
2019-03-07 CVE-2019-0192 Deserialization of Untrusted Data vulnerability in multiple products
In Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5, the Config API allows to configure the JMX server via an HTTP POST request.
network
low complexity
apache netapp CWE-502
critical
9.8
2019-02-27 CVE-2019-1559 Information Exposure Through Discrepancy vulnerability in multiple products
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC.
5.9
2019-02-22 CVE-2019-9025 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
An issue was discovered in PHP 7.3.x before 7.3.1.
network
low complexity
php netapp CWE-119
7.5