Vulnerabilities > Netapp > Vasa Provider > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-12-10 CVE-2018-20002 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
The _bfd_generic_read_minisymbols function in syms.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, has a memory leak via a crafted ELF file, leading to a denial of service (memory consumption), as demonstrated by nm.
local
low complexity
gnu netapp f5 CWE-772
5.5
2018-12-07 CVE-2018-19932 Integer Overflow or Wraparound vulnerability in multiple products
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31.
local
low complexity
gnu netapp CWE-190
5.5
2018-08-17 CVE-2018-15473 Race Condition vulnerability in multiple products
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.
5.3
2017-12-11 CVE-2016-6904 Credentials Management vulnerability in Netapp Vasa Provider
Versions of VASA Provider for Clustered Data ONTAP prior to 7.0P1 contain a web server that accepts plain text authentication.
network
netapp CWE-255
4.3
2017-08-08 CVE-2017-10053 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: 2D).
network
low complexity
oracle debian redhat netapp phoenixcontact
5.0