Vulnerabilities (CVE)

Filtered by vendor Netapp Subscribe
Filtered by product Cloud Backup
Total 342 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-20372 5 Apple, Canonical, F5 and 2 more 5 Xcode, Ubuntu Linux, Nginx and 2 more 2024-11-21 4.3 MEDIUM 5.3 MEDIUM
NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer.
CVE-2019-20095 3 Linux, Netapp, Opensuse 19 Linux Kernel, 8300, 8300 Firmware and 16 more 2024-11-21 4.9 MEDIUM 5.5 MEDIUM
mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c in the Linux kernel before 5.1.6 has some error-handling cases that did not free allocated hostcmd memory, aka CID-003b686ace82. This will cause a memory leak and denial of service.
CVE-2019-20054 2 Linux, Netapp 17 Linux Kernel, 8300, 8300 Firmware and 14 more 2024-11-21 4.9 MEDIUM 5.5 MEDIUM
In the Linux kernel before 5.0.6, there is a NULL pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c, related to put_links, aka CID-23da9588037e.
CVE-2019-1559 13 Canonical, Debian, F5 and 10 more 90 Ubuntu Linux, Debian Linux, Big-ip Access Policy Manager and 87 more 2024-11-21 4.3 MEDIUM 5.9 MEDIUM
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).
CVE-2019-19966 4 Debian, Linux, Netapp and 1 more 13 Debian Linux, Linux Kernel, Active Iq Unified Manager and 10 more 2024-11-21 2.1 LOW 4.6 MEDIUM
In the Linux kernel before 5.1.6, there is a use-after-free in cpia2_exit() in drivers/media/usb/cpia2/cpia2_v4l.c that will cause denial of service, aka CID-dea37a972655.
CVE-2019-19965 5 Canonical, Debian, Linux and 2 more 21 Ubuntu Linux, Debian Linux, Linux Kernel and 18 more 2024-11-21 1.9 LOW 4.7 MEDIUM
In the Linux kernel through 5.4.6, there is a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race condition, aka CID-f70267f379b5.
CVE-2019-19947 4 Canonical, Debian, Linux and 1 more 13 Ubuntu Linux, Debian Linux, Linux Kernel and 10 more 2024-11-21 2.1 LOW 4.6 MEDIUM
In the Linux kernel through 5.4.6, there are information leaks of uninitialized memory to a USB device in the drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c driver, aka CID-da2311a6385c.
CVE-2019-19926 8 Debian, Netapp, Opensuse and 5 more 12 Debian Linux, Cloud Backup, Backports Sle and 9 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880.
CVE-2019-19925 8 Debian, Netapp, Opensuse and 5 more 12 Debian Linux, Cloud Backup, Backports Sle and 9 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive.
CVE-2019-19924 5 Apache, Netapp, Oracle and 2 more 5 Bookkeeper, Cloud Backup, Mysql Workbench and 2 more 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite() error handling.
CVE-2019-19923 8 Debian, Netapp, Opensuse and 5 more 12 Debian Linux, Cloud Backup, Backports Sle and 9 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results).
CVE-2019-19922 5 Canonical, Debian, Linux and 2 more 14 Ubuntu Linux, Debian Linux, Linux Kernel and 11 more 2024-11-21 2.1 LOW 5.5 MEDIUM
kernel/sched/fair.c in the Linux kernel before 5.3.9, when cpu.cfs_quota_us is used (e.g., with Kubernetes), allows attackers to cause a denial of service against non-cpu-bound applications by generating a workload that triggers unwanted slice expiration, aka CID-de53fd7aedb1. (In other words, although this slice expiration would typically be seen with benign workloads, it is possible that an attacker could calculate how many stray requests are required to force an entire Kubernetes cluster into a low-performance state caused by slice expiration, and ensure that a DDoS attack sent that number of stray requests. An attack does not affect the stability of the kernel; it only causes mismanagement of application execution.)
CVE-2019-19880 8 Debian, Netapp, Opensuse and 5 more 12 Debian Linux, Cloud Backup, Backports Sle and 9 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled.
CVE-2019-19646 5 Netapp, Oracle, Siemens and 2 more 6 Cloud Backup, Ontap Select Deploy Administration Utility, Mysql Workbench and 3 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns.
CVE-2019-19645 5 Netapp, Oracle, Siemens and 2 more 6 Cloud Backup, Ontap Select Deploy Administration Utility, Mysql Workbench and 3 more 2024-11-21 2.1 LOW 5.5 MEDIUM
alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements.
CVE-2019-19603 5 Apache, Netapp, Oracle and 2 more 6 Guacamole, Cloud Backup, Ontap Select Deploy Administration Utility and 3 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash.
CVE-2019-19448 4 Canonical, Debian, Linux and 1 more 27 Ubuntu Linux, Debian Linux, Linux Kernel and 24 more 2024-11-21 6.8 MEDIUM 7.8 HIGH
In the Linux kernel 5.0.21 and 5.3.11, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in try_merge_free_space in fs/btrfs/free-space-cache.c because the pointer to a left data structure can be the same as the pointer to a right data structure.
CVE-2019-19447 2 Linux, Netapp 7 Linux Kernel, Active Iq Unified Manager, Cloud Backup and 4 more 2024-11-21 6.8 MEDIUM 7.8 HIGH
In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c, related to dump_orphan_list in fs/ext4/super.c.
CVE-2019-19377 2 Linux, Netapp 5 Linux Kernel, Active Iq Unified Manager, Cloud Backup and 2 more 2024-11-21 6.8 MEDIUM 7.8 HIGH
In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and unmounting can lead to a use-after-free in btrfs_queue_work in fs/btrfs/async-thread.c.
CVE-2019-19317 4 Netapp, Oracle, Siemens and 1 more 5 Cloud Backup, Ontap Select Deploy Administration Utility, Mysql Workbench and 2 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service or possibly have unspecified other impact.