Filtered by vendor Netapp Subscriptions
Filtered by product Ontap Select Deploy Administration Utility Subscriptions
Total 164 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2019-3859 5 Debian, Fedoraproject, Libssh2 and 2 more 5 Debian Linux, Fedora, Libssh2 and 2 more 2024-11-21 N/A
An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the _libssh2_packet_require and _libssh2_packet_requirev functions. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.
CVE-2019-3858 6 Debian, Fedoraproject, Libssh2 and 3 more 7 Debian Linux, Fedora, Libssh2 and 4 more 2024-11-21 N/A
An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.
CVE-2019-3857 7 Debian, Fedoraproject, Libssh2 and 4 more 17 Debian Linux, Fedora, Libssh2 and 14 more 2024-11-21 8.8 High
An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.
CVE-2019-3856 7 Debian, Fedoraproject, Libssh2 and 4 more 17 Debian Linux, Fedora, Libssh2 and 14 more 2024-11-21 8.8 High
An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.
CVE-2019-3855 8 Apple, Debian, Fedoraproject and 5 more 18 Xcode, Debian Linux, Fedora and 15 more 2024-11-21 8.8 High
An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.
CVE-2019-25013 6 Broadcom, Debian, Fedoraproject and 3 more 12 Fabric Operating System, Debian Linux, Fedora and 9 more 2024-11-21 5.9 Medium
The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read.
CVE-2019-20388 7 Debian, Fedoraproject, Netapp and 4 more 34 Debian Linux, Fedora, Cloud Backup and 31 more 2024-11-21 7.5 High
xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.
CVE-2019-1559 13 Canonical, Debian, F5 and 10 more 91 Ubuntu Linux, Debian Linux, Big-ip Access Policy Manager and 88 more 2024-11-21 5.9 Medium
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).
CVE-2019-19956 8 Canonical, Debian, Fedoraproject and 5 more 15 Ubuntu Linux, Debian Linux, Fedora and 12 more 2024-11-21 7.5 High
xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs.
CVE-2019-19646 5 Netapp, Oracle, Siemens and 2 more 6 Cloud Backup, Ontap Select Deploy Administration Utility, Mysql Workbench and 3 more 2024-11-21 9.8 Critical
pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns.
CVE-2019-19645 5 Netapp, Oracle, Siemens and 2 more 6 Cloud Backup, Ontap Select Deploy Administration Utility, Mysql Workbench and 3 more 2024-11-21 5.5 Medium
alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements.
CVE-2019-19603 6 Apache, Netapp, Oracle and 3 more 7 Guacamole, Cloud Backup, Ontap Select Deploy Administration Utility and 4 more 2024-11-21 7.5 High
SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash.
CVE-2019-19317 4 Netapp, Oracle, Siemens and 1 more 5 Cloud Backup, Ontap Select Deploy Administration Utility, Mysql Workbench and 2 more 2024-11-21 9.8 Critical
lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service or possibly have unspecified other impact.
CVE-2019-17498 6 Debian, Fedoraproject, Libssh2 and 3 more 13 Debian Linux, Fedora, Libssh2 and 10 more 2024-11-21 8.1 High
In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server.
CVE-2019-17272 1 Netapp 1 Ontap Select Deploy Administration Utility 2024-11-21 7.2 High
All versions of ONTAP Select Deploy administration utility are susceptible to a vulnerability which when successfully exploited could allow an administrative user to escalate their privileges.
CVE-2019-16168 9 Canonical, Debian, Fedoraproject and 6 more 21 Ubuntu Linux, Debian Linux, Fedora and 18 more 2024-11-21 6.5 Medium
In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner."
CVE-2019-13118 7 Apple, Canonical, Fedoraproject and 4 more 25 Icloud, Iphone Os, Itunes and 22 more 2024-11-21 5.3 Medium
In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data.
CVE-2019-13115 5 Debian, F5, Fedoraproject and 2 more 7 Debian Linux, Traffix Systems Signaling Delivery Controller, Fedora and 4 more 2024-11-21 8.1 High
In libssh2 before 1.9.0, kex_method_diffie_hellman_group_exchange_sha256_key_exchange in kex.c has an integer overflow that could lead to an out-of-bounds read in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server. This is related to an _libssh2_check_length mistake, and is different from the various issues fixed in 1.8.1, such as CVE-2019-3855.
CVE-2018-25032 11 Apple, Azul, Debian and 8 more 45 Mac Os X, Macos, Zulu and 42 more 2024-11-21 7.5 High
zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
CVE-2018-20796 2 Gnu, Netapp 4 Glibc, Cloud Backup, Ontap Select Deploy Administration Utility and 1 more 2024-11-21 N/A
In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\227|)(\\1\\1|t1|\\\2537)+' in grep.