Filtered by vendor Netapp
Subscribe
Total
2315 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-2502 | 3 Microsoft, Netapp, Oracle | 6 Windows, Oncommand Insight, Oncommand Unified Manager and 3 more | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2019-2481 | 5 Canonical, Mariadb, Netapp and 2 more | 11 Ubuntu Linux, Mariadb, Oncommand Insight and 8 more | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2019-2455 | 5 Canonical, Mariadb, Netapp and 2 more | 13 Ubuntu Linux, Mariadb, Active Iq Unified Manager and 10 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2019-2449 | 3 Netapp, Oracle, Redhat | 11 Oncommand Unified Manager, Oncommand Workflow Automation, Snapmanager and 8 more | 2024-11-21 | 2.6 LOW | 3.1 LOW |
| Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). The supported version that is affected is Java SE: 8u192. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L). | |||||
| CVE-2019-2436 | 3 Netapp, Oracle, Redhat | 10 Oncommand Unified Manager, Oncommand Workflow Automation, Snapcenter and 7 more | 2024-11-21 | 5.5 MEDIUM | 5.5 MEDIUM |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). | |||||
| CVE-2019-2435 | 2 Netapp, Oracle | 4 Active Iq Unified Manager, Oncommand Workflow Automation, Snapcenter and 1 more | 2024-11-21 | 5.8 MEDIUM | 8.1 HIGH |
| Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/Python). Supported versions that are affected are 8.0.13 and prior and 2.1.8 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Connectors accessible data as well as unauthorized access to critical data or complete access to all MySQL Connectors accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N). | |||||
| CVE-2019-2434 | 4 Canonical, Netapp, Oracle and 1 more | 11 Ubuntu Linux, Oncommand Unified Manager, Oncommand Workflow Automation and 8 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2019-2426 | 4 Hp, Netapp, Opensuse and 1 more | 7 Xp7 Command View, Oncommand Unified Manager, Oncommand Workflow Automation and 4 more | 2024-11-21 | 4.3 MEDIUM | 3.7 LOW |
| Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). | |||||
| CVE-2019-2422 | 7 Canonical, Debian, Hp and 4 more | 18 Ubuntu Linux, Debian Linux, Xp7 Command View and 15 more | 2024-11-21 | 2.6 LOW | 3.1 LOW |
| Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). | |||||
| CVE-2019-2420 | 4 Canonical, Netapp, Oracle and 1 more | 11 Ubuntu Linux, Oncommand Unified Manager, Oncommand Workflow Automation and 8 more | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2019-2215 | 5 Canonical, Debian, Google and 2 more | 145 Ubuntu Linux, Debian Linux, Android and 142 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-141720095 | |||||
| CVE-2019-25045 | 2 Linux, Netapp | 41 Linux Kernel, Aff 8300, Aff 8300 Firmware and 38 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered in the Linux kernel before 5.0.19. The XFRM subsystem has a use-after-free, related to an xfrm_state_fini panic, aka CID-dbb2483b2a46. | |||||
| CVE-2019-25044 | 2 Linux, Netapp | 21 Linux Kernel, Cloud Backup, H300e and 18 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| The block subsystem in the Linux kernel before 5.2 has a use-after-free that can lead to arbitrary code execution in the kernel context and privilege escalation, aka CID-c3e2219216c9. This is related to blk_mq_free_rqs and blk_cleanup_queue. | |||||
| CVE-2019-25013 | 5 Broadcom, Debian, Fedoraproject and 2 more | 10 Fabric Operating System, Debian Linux, Fedora and 7 more | 2024-11-21 | 7.1 HIGH | 5.9 MEDIUM |
| The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read. | |||||
| CVE-2019-20907 | 7 Canonical, Debian, Fedoraproject and 4 more | 8 Ubuntu Linux, Debian Linux, Fedora and 5 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation. | |||||
| CVE-2019-20636 | 2 Linux, Netapp | 18 Linux Kernel, Cloud Backup, Fas 8300 and 15 more | 2024-11-21 | 7.2 HIGH | 6.7 MEDIUM |
| In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bounds writes via a crafted keycode table, as demonstrated by input_set_keycode, aka CID-cb222aed03d7. | |||||
| CVE-2019-20446 | 6 Canonical, Debian, Fedoraproject and 3 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so that the number of final rendered objects grows exponentially. | |||||
| CVE-2019-20388 | 6 Debian, Fedoraproject, Netapp and 3 more | 31 Debian Linux, Fedora, Cloud Backup and 28 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak. | |||||
| CVE-2019-20386 | 5 Canonical, Fedoraproject, Netapp and 2 more | 7 Ubuntu Linux, Fedora, Active Iq Unified Manager and 4 more | 2024-11-21 | 2.1 LOW | 2.4 LOW |
| An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur. | |||||
| CVE-2019-20372 | 5 Apple, Canonical, F5 and 2 more | 5 Xcode, Ubuntu Linux, Nginx and 2 more | 2024-11-21 | 4.3 MEDIUM | 5.3 MEDIUM |
| NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer. | |||||