Filtered by vendor Netapp
Subscriptions
Total
2431 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-17189 | 7 Apache, Canonical, Debian and 4 more | 14 Http Server, Ubuntu Linux, Debian Linux and 11 more | 2024-11-21 | 5.3 Medium |
| In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_http2) connections. | ||||
| CVE-2018-17182 | 5 Canonical, Debian, Linux and 2 more | 6 Ubuntu Linux, Debian Linux, Linux Kernel and 3 more | 2024-11-21 | 7.8 High |
| An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations. | ||||
| CVE-2018-17082 | 4 Debian, Netapp, Php and 1 more | 4 Debian Linux, Storage Automation Store, Php and 1 more | 2024-11-21 | N/A |
| The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a "Transfer-Encoding: chunked" request, because the bucket brigade is mishandled in the php_handler function in sapi/apache2handler/sapi_apache2.c. | ||||
| CVE-2018-16890 | 8 Canonical, Debian, F5 and 5 more | 11 Ubuntu Linux, Debian Linux, Big-ip Access Policy Manager and 8 more | 2024-11-21 | 7.5 High |
| libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds. | ||||
| CVE-2018-16888 | 4 Canonical, Netapp, Redhat and 1 more | 6 Ubuntu Linux, Active Iq Performance Analytics Services, Element Software and 3 more | 2024-11-21 | 4.7 Medium |
| It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable. | ||||
| CVE-2018-16871 | 3 Linux, Netapp, Redhat | 31 Linux Kernel, Cloud Backup, H300e and 28 more | 2024-11-21 | 7.5 High |
| A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS server. Any outstanding disk writes to the NFS server will be lost. | ||||
| CVE-2018-16597 | 4 Linux, Netapp, Opensuse and 1 more | 5 Linux Kernel, Active Iq Performance Analytics Services, Element Software and 2 more | 2024-11-21 | N/A |
| An issue was discovered in the Linux kernel before 4.8. Incorrect access checking in overlayfs mounts could be used by local attackers to modify or truncate files in the underlying filesystem. | ||||
| CVE-2018-15919 | 2 Netapp, Openbsd | 7 Cloud Backup, Cn1610, Cn1610 Firmware and 4 more | 2024-11-21 | N/A |
| Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states 'We understand that the OpenSSH developers do not want to treat such a username enumeration (or "oracle") as a vulnerability.' | ||||
| CVE-2018-15473 | 7 Canonical, Debian, Netapp and 4 more | 25 Ubuntu Linux, Debian Linux, Aff Baseboard Management Controller and 22 more | 2024-11-21 | 5.3 Medium |
| OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. | ||||
| CVE-2018-15132 | 2 Netapp, Php | 2 Storage Automation Store, Php | 2024-11-21 | N/A |
| An issue was discovered in ext/standard/link_win32.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. The linkinfo function on Windows doesn't implement the open_basedir check. This could be abused to find files on paths outside of the allowed directories. | ||||
| CVE-2018-14884 | 3 Netapp, Php, Redhat | 3 Storage Automation Store, Php, Rhel Software Collections | 2024-11-21 | N/A |
| An issue was discovered in PHP 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. Inappropriately parsing an HTTP response leads to a segmentation fault because http_header_value in ext/standard/http_fopen_wrapper.c can be a NULL value that is mishandled in an atoi call. | ||||
| CVE-2018-14883 | 4 Canonical, Debian, Netapp and 1 more | 4 Ubuntu Linux, Debian Linux, Storage Automation Store and 1 more | 2024-11-21 | N/A |
| An issue was discovered in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. An Integer Overflow leads to a heap-based buffer over-read in exif_thumbnail_extract of exif.c. | ||||
| CVE-2018-14851 | 5 Canonical, Debian, Netapp and 2 more | 5 Ubuntu Linux, Debian Linux, Storage Automation Store and 2 more | 2024-11-21 | N/A |
| exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG file. | ||||
| CVE-2018-14719 | 5 Debian, Fasterxml, Netapp and 2 more | 31 Debian Linux, Jackson-databind, Oncommand Workflow Automation and 28 more | 2024-11-21 | 9.8 Critical |
| FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization. | ||||
| CVE-2018-14718 | 5 Debian, Fasterxml, Netapp and 2 more | 36 Debian Linux, Jackson-databind, Oncommand Workflow Automation and 33 more | 2024-11-21 | 9.8 Critical |
| FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization. | ||||
| CVE-2018-14634 | 4 Canonical, Linux, Netapp and 1 more | 16 Ubuntu Linux, Linux Kernel, Active Iq Performance Analytics Services and 13 more | 2024-11-21 | N/A |
| An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are believed to be vulnerable. | ||||
| CVE-2018-14550 | 3 Libpng, Netapp, Oracle | 5 Libpng, Active Iq Unified Manager, Oncommand Api Services and 2 more | 2024-11-21 | 8.8 High |
| An issue has been found in third-party PNM decoding associated with libpng 1.6.35. It is a stack-based buffer overflow in the function get_token in pnm2png.c in pnm2png. | ||||
| CVE-2018-12882 | 3 Canonical, Netapp, Php | 3 Ubuntu Linux, Storage Automation Store, Php | 2024-11-21 | N/A |
| exif_read_from_impl in ext/exif/exif.c in PHP 7.2.x through 7.2.7 allows attackers to trigger a use-after-free (in exif_read_from_file) because it closes a stream that it is not responsible for closing. The vulnerable code is reachable through the PHP exif_read_data function. | ||||
| CVE-2018-12538 | 2 Eclipse, Netapp | 12 Jetty, E-series Santricity Management Plug-ins, E-series Santricity Os Controller and 9 more | 2024-11-21 | N/A |
| In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access/hijack other HttpSessions and even delete unmatched HttpSessions present in the FileSystem's storage for the FileSessionDataStore. | ||||
| CVE-2018-12099 | 3 Grafana, Netapp, Redhat | 4 Grafana, Active Iq Performance Analytics Services, Storagegrid Webscale Nas Bridge and 1 more | 2024-11-21 | N/A |
| Grafana before 5.2.0-beta1 has XSS vulnerabilities in dashboard links. | ||||