Vulnerabilities (CVE)

Filtered by vendor Netapp Subscribe
Filtered by product Storage Automation Store
Total 125 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-9640 5 Canonical, Debian, Netapp and 2 more 5 Ubuntu Linux, Debian Linux, Storage Automation Store and 2 more 2021-07-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an Invalid Read in exif_process_SOFn.
CVE-2019-9638 5 Canonical, Debian, Netapp and 2 more 5 Ubuntu Linux, Debian Linux, Storage Automation Store and 2 more 2021-07-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the maker_note->offset relationship to value_len.
CVE-2019-9025 2 Netapp, Php 2 Storage Automation Store, Php 2021-07-21 7.5 HIGH 9.8 CRITICAL
An issue was discovered in PHP 7.3.x before 7.3.1. An invalid multibyte string supplied as an argument to the mb_split() function in ext/mbstring/php_mbregex.c can cause PHP to execute memcpy() with a negative argument, which could read and write past buffers allocated for the data.
CVE-2019-9639 5 Canonical, Debian, Netapp and 2 more 5 Ubuntu Linux, Debian Linux, Storage Automation Store and 2 more 2021-07-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the data_len variable.
CVE-2019-9641 5 Canonical, Debian, Netapp and 2 more 5 Ubuntu Linux, Debian Linux, Storage Automation Store and 2 more 2021-07-21 7.5 HIGH 9.8 CRITICAL
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_TIFF.
CVE-2018-17189 7 Apache, Canonical, Debian and 4 more 13 Http Server, Ubuntu Linux, Debian Linux and 10 more 2021-07-06 5.0 MEDIUM 5.3 MEDIUM
In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_http2) connections.
CVE-2017-5645 4 Apache, Netapp, Oracle and 1 more 60 Log4j, Oncommand Api Services, Oncommand Insight and 57 more 2021-07-01 7.5 HIGH 9.8 CRITICAL
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.
CVE-2017-9788 6 Apache, Apple, Debian and 3 more 16 Http Server, Mac Os X, Debian Linux and 13 more 2021-06-06 6.4 MEDIUM 9.1 CRITICAL
In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault in other cases resulting in denial of service.
CVE-2018-1301 5 Apache, Canonical, Debian and 2 more 8 Http Server, Ubuntu Linux, Debian Linux and 5 more 2021-06-06 4.3 MEDIUM 5.9 MEDIUM
A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to trigger in non-debug mode (both log and build level), so it is classified as low risk for common server usage.
CVE-2018-11763 5 Apache, Canonical, Netapp and 2 more 9 Http Server, Ubuntu Linux, Storage Automation Store and 6 more 2021-06-06 4.3 MEDIUM 5.9 MEDIUM
In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol.
CVE-2018-1333 4 Apache, Canonical, Netapp and 1 more 6 Http Server, Ubuntu Linux, Cloud Backup and 3 more 2021-06-06 5.0 MEDIUM 7.5 HIGH
By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a denial of service. Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.18-2.4.30,2.4.33).
CVE-2018-1303 4 Apache, Canonical, Debian and 1 more 7 Http Server, Ubuntu Linux, Debian Linux and 4 more 2021-06-06 5.0 MEDIUM 7.5 HIGH
A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of mod_cache_socache. The vulnerability is considered as low risk since mod_cache_socache is not widely used, mod_cache_disk is not concerned by this vulnerability.
CVE-2018-1302 3 Apache, Canonical, Netapp 6 Http Server, Ubuntu Linux, Clustered Data Ontap and 3 more 2021-06-06 4.3 MEDIUM 5.9 MEDIUM
When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter and the team could not reproduce it outside debug builds, so it is classified as low risk.
CVE-2018-1312 5 Apache, Canonical, Debian and 2 more 8 Http Server, Ubuntu Linux, Debian Linux and 5 more 2021-06-06 6.8 MEDIUM 9.8 CRITICAL
In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed across servers by an attacker without detection.
CVE-2018-17199 5 Apache, Canonical, Debian and 2 more 6 Http Server, Ubuntu Linux, Debian Linux and 3 more 2021-06-06 5.0 MEDIUM 7.5 HIGH
In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded.
CVE-2018-1283 5 Apache, Canonical, Debian and 2 more 8 Http Server, Ubuntu Linux, Debian Linux and 5 more 2021-06-06 3.5 LOW 5.3 MEDIUM
In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a "Session" header. This comes from the "HTTP_SESSION" variable name used by mod_session to forward its data to CGIs, since the prefix "HTTP_" is also used by the Apache HTTP Server to pass HTTP header fields, per CGI specifications.
CVE-2017-15715 5 Apache, Canonical, Debian and 2 more 8 Http Server, Ubuntu Linux, Debian Linux and 5 more 2021-06-06 6.8 MEDIUM 8.1 HIGH
In Apache httpd 2.4.0 to 2.4.29, the expression specified in <FilesMatch> could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the trailing portion of the filename.
CVE-2017-15710 5 Apache, Canonical, Debian and 2 more 8 Http Server, Ubuntu Linux, Debian Linux and 5 more 2021-06-06 5.0 MEDIUM 7.5 HIGH
In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not present in the charset conversion table, a fallback mechanism is used to truncate it to a two characters value to allow a quick retry (for example, 'en-US' is truncated to 'en'). A header value of less than two characters forces an out of bound write of one NUL byte to a memory location that is not part of the string. In the worst case, quite unlikely, the process would crash which could be used as a Denial of Service attack. In the more likely case, this memory is already reserved for future use and the issue has no effect at all.
CVE-2018-1258 3 Netapp, Oracle, Pivotal Software 39 Oncommand Insight, Oncommand Unified Manager, Oncommand Workflow Automation and 36 more 2021-01-20 6.5 MEDIUM 8.8 HIGH
Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.
CVE-2019-1559 7 Canonical, Debian, F5 and 4 more 18 Ubuntu Linux, Debian Linux, Traffix Signaling Delivery Controller and 15 more 2021-01-20 4.3 MEDIUM 5.9 MEDIUM
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).