Vulnerabilities > Netapp > Storage Automation Store > Critical

DATE CVE VULNERABILITY TITLE RISK
2019-04-18 CVE-2019-11034 Out-of-bounds Read vulnerability in multiple products
When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_process_IFD_TAG function.
network
low complexity
php canonical netapp redhat debian opensuse CWE-125
critical
 9.1
9.1
2019-04-18 CVE-2019-11035 Out-of-bounds Read vulnerability in multiple products
When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_iif_add_value function.
network
low complexity
php canonical netapp redhat opensuse debian CWE-125
critical
 9.1
9.1
2019-03-09 CVE-2019-9641 Use of Uninitialized Resource vulnerability in multiple products
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3.
network
low complexity
php debian canonical opensuse netapp CWE-908
critical
 9.8
9.8
2019-03-07 CVE-2019-0192 Deserialization of Untrusted Data vulnerability in multiple products
In Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5, the Config API allows to configure the JMX server via an HTTP POST request.
network
low complexity
apache netapp CWE-502
critical
 9.8
9.8
2019-02-22 CVE-2019-9020 Use After Free vulnerability in multiple products
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1.
network
low complexity
php debian canonical netapp opensuse CWE-416
critical
 9.8
9.8
2019-02-22 CVE-2019-9021 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1.
network
low complexity
php debian canonical netapp opensuse CWE-125
critical
 9.8
9.8
2019-02-22 CVE-2019-9023 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1.
network
low complexity
php debian canonical netapp opensuse CWE-125
critical
 9.8
9.8
2019-02-22 CVE-2019-9025 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in PHP 7.3.x before 7.3.1.
network
low complexity
php netapp CWE-787
critical
 9.8
9.8
2018-10-17 CVE-2018-10933 Improper Authentication vulnerability in multiple products
A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4.
network
low complexity
libssh canonical debian redhat netapp oracle CWE-287
critical
 9.1
9.1
2018-08-02 CVE-2017-9120 Integer Overflow or Wraparound vulnerability in multiple products
PHP 7.x through 7.1.5 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a long string because of an Integer overflow in mysqli_real_escape_string.
network
low complexity
php netapp CWE-190
critical
 9.8
9.8