Filtered by vendor Netapp
Subscribe
Total
2384 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-17498 | 5 Debian, Fedoraproject, Libssh2 and 2 more | 11 Debian Linux, Fedora, Libssh2 and 8 more | 2024-11-21 | 5.8 MEDIUM | 8.1 HIGH |
| In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server. | |||||
| CVE-2019-17359 | 4 Apache, Bouncycastle, Netapp and 1 more | 21 Tomee, Legion-of-the-bouncy-castle-java-crytography-api, Active Iq Unified Manager and 18 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigger a large attempted memory allocation, and resultant OutOfMemoryError error, via crafted ASN.1 data. This is fixed in 1.64. | |||||
| CVE-2019-17276 | 1 Netapp | 1 Oncommand System Manager | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| OnCommand System Manager versions 9.3 prior to 9.3P18 and 9.4 prior to 9.4P2 are susceptible to a cross site scripting vulnerability that could allow an authenticated attacker to inject arbitrary scripts into the SNMP Community Names label field. | |||||
| CVE-2019-17275 | 1 Netapp | 1 Oncommand Cloud Manager | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| OnCommand Cloud Manager versions prior to 3.8.0 are susceptible to arbitrary code execution by remote attackers. | |||||
| CVE-2019-17274 | 1 Netapp | 6 All Flash Fabric-attached Storage A400, All Flash Fabric-attached Storage A400 Firmware, Fabric-attached Storage 8300 and 3 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| NetApp FAS 8300/8700 and AFF A400 Baseboard Management Controller (BMC) firmware versions 13.x prior to 13.1P1 were shipped with a default account enabled that could allow unauthorized arbitrary command execution via local access. | |||||
| CVE-2019-17273 | 1 Netapp | 1 E-series Santricity Os Controller | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
| E-Series SANtricity OS Controller Software version 11.60.0 is susceptible to a vulnerability which allows an attacker to cause a Denial of Service (DoS) in IPv6 environments. | |||||
| CVE-2019-17272 | 1 Netapp | 1 Ontap Select Deploy Administration Utility | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| All versions of ONTAP Select Deploy administration utility are susceptible to a vulnerability which when successfully exploited could allow an administrative user to escalate their privileges. | |||||
| CVE-2019-17267 | 5 Debian, Fasterxml, Netapp and 2 more | 13 Debian Linux, Jackson-databind, Active Iq Unified Manager and 10 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup. | |||||
| CVE-2019-17069 | 3 Netapp, Opensuse, Putty | 3 Oncommand Unified Manager Core Package, Leap, Putty | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| PuTTY before 0.73 might allow remote SSH-1 servers to cause a denial of service by accessing freed memory locations via an SSH1_MSG_DISCONNECT message. | |||||
| CVE-2019-17006 | 3 Mozilla, Netapp, Siemens | 21 Network Security Services, Hci Compute Node, Hci Management Node and 18 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow. | |||||
| CVE-2019-16995 | 3 Linux, Netapp, Opensuse | 27 Linux Kernel, Aff A700s, Aff A700s Firmware and 24 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| In the Linux kernel before 5.0.3, a memory leak exits in hsr_dev_finalize() in net/hsr/hsr_device.c if hsr_add_port fails to add a port, which may cause denial of service, aka CID-6caabe7f197d. | |||||
| CVE-2019-16943 | 6 Debian, Fasterxml, Fedoraproject and 3 more | 27 Debian Linux, Jackson-databind, Fedora and 24 more | 2024-11-21 | 6.8 MEDIUM | 9.8 CRITICAL |
| A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling. | |||||
| CVE-2019-16942 | 6 Debian, Fasterxml, Fedoraproject and 3 more | 29 Debian Linux, Jackson-databind, Fedora and 26 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling. | |||||
| CVE-2019-16335 | 6 Debian, Fasterxml, Fedoraproject and 3 more | 18 Debian Linux, Jackson-databind, Fedora and 15 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540. | |||||
| CVE-2019-16276 | 6 Debian, Fedoraproject, Golang and 3 more | 9 Debian Linux, Fedora, Go and 6 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling. | |||||
| CVE-2019-16168 | 8 Canonical, Debian, Fedoraproject and 5 more | 20 Ubuntu Linux, Debian Linux, Fedora and 17 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner." | |||||
| CVE-2019-15902 | 4 Debian, Linux, Netapp and 1 more | 7 Debian Linux, Linux Kernel, Active Iq Performance Analytics Services and 4 more | 2024-11-21 | 4.7 MEDIUM | 5.6 MEDIUM |
| A backporting error was discovered in the Linux stable/longterm kernel 4.4.x through 4.4.190, 4.9.x through 4.9.190, 4.14.x through 4.14.141, 4.19.x through 4.19.69, and 5.2.x through 5.2.11. Misuse of the upstream "x86/ptrace: Fix possible spectre-v1 in ptrace_get_debugreg()" commit reintroduced the Spectre vulnerability that it aimed to eliminate. This occurred because the backport process depends on cherry picking specific commits, and because two (correctly ordered) code lines were swapped. | |||||
| CVE-2019-15874 | 2 Freebsd, Netapp | 2 Freebsd, Clustered Data Ontap | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In FreeBSD 12.1-STABLE before r356035, 12.1-RELEASE before 12.1-RELEASE-p4, 11.3-STABLE before r356036, and 11.3-RELEASE before 11.3-RELEASE-p8, incomplete packet data validation may result in memory access after it has been freed leading to a kernel panic or other unpredictable results. | |||||
| CVE-2019-15538 | 6 Canonical, Debian, Fedoraproject and 3 more | 28 Ubuntu Linux, Debian Linux, Fedora and 25 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| An issue was discovered in xfs_setattr_nonsize in fs/xfs/xfs_iops.c in the Linux kernel through 5.2.9. XFS partially wedges when a chgrp fails on account of being out of disk quota. xfs_setattr_nonsize is failing to unlock the ILOCK after the xfs_qm_vop_chown_reserve call fails. This is primarily a local DoS attack vector, but it might result as well in remote DoS if the XFS filesystem is exported for instance via NFS. | |||||
| CVE-2019-15223 | 3 Canonical, Linux, Netapp | 8 Ubuntu Linux, Linux Kernel, Active Iq Unified Manager and 5 more | 2024-11-21 | 4.9 MEDIUM | 4.6 MEDIUM |
| An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused by a malicious USB device in the sound/usb/line6/driver.c driver. | |||||