Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Storage_automation_store
(Netapp)| Repositories |
• https://github.com/php/php-src
• https://github.com/openssh/openssh-portable • https://github.com/derickr/timelib |
| #Vulnerabilities | 115 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2018-04-19 | CVE-2018-2839 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS... | Ubuntu_linux, Oncommand_insight, Oncommand_unified_manager, Oncommand_workflow_automation, Snapcenter, Storage_automation_store, Mysql | 4.9 | ||
| 2018-10-17 | CVE-2018-10933 | A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access. | Ubuntu_linux, Debian_linux, Libssh, Oncommand_unified_manager, Oncommand_workflow_automation, Snapcenter, Storage_automation_store, Mysql_workbench, Enterprise_linux | 9.1 | ||
| 2018-09-16 | CVE-2018-17082 | The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a "Transfer-Encoding: chunked" request, because the bucket brigade is mishandled in the php_handler function in sapi/apache2handler/sapi_apache2.c. | Debian_linux, Storage_automation_store, Php | 6.1 | ||
| 2018-08-03 | CVE-2018-14884 | An issue was discovered in PHP 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. Inappropriately parsing an HTTP response leads to a segmentation fault because http_header_value in ext/standard/http_fopen_wrapper.c can be a NULL value that is mishandled in an atoi call. | Storage_automation_store, Php | 7.5 | ||
| 2018-08-02 | CVE-2018-14851 | exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG file. | Ubuntu_linux, Debian_linux, Storage_automation_store, Php | 5.5 | ||
| 2018-04-29 | CVE-2018-10549 | An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. exif_read_data in ext/exif/exif.c has an out-of-bounds read for crafted JPEG data because exif_iif_add_value mishandles the case of a MakerNote that lacks a final '\0' character. | Ubuntu_linux, Debian_linux, Storage_automation_store, Php | 8.8 | ||
| 2018-04-29 | CVE-2018-10548 | An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. ext/ldap/ldap.c allows remote LDAP servers to cause a denial of service (NULL pointer dereference and application crash) because of mishandling of the ldap_get_dn return value. | Ubuntu_linux, Debian_linux, Storage_automation_store, Php | 7.5 | ||
| 2018-04-29 | CVE-2018-10547 | An issue was discovered in ext/phar/phar_object.c in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. There is Reflected XSS on the PHAR 403 and 404 error pages via request data of a request for a .phar file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-5712. | Ubuntu_linux, Debian_linux, Storage_automation_store, Php | 6.1 | ||
| 2018-04-29 | CVE-2018-10546 | An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. An infinite loop exists in ext/iconv/iconv.c because the iconv stream filter does not reject invalid multibyte sequences. | Ubuntu_linux, Debian_linux, Storage_automation_store, Php | 7.5 | ||
| 2018-04-29 | CVE-2018-10545 | An issue was discovered in PHP before 5.6.35, 7.0.x before 7.0.29, 7.1.x before 7.1.16, and 7.2.x before 7.2.4. Dumpable FPM child processes allow bypassing opcache access controls because fpm_unix.c makes a PR_SET_DUMPABLE prctl call, allowing one user (in a multiuser environment) to obtain sensitive information from the process memory of a second user's PHP applications by running gcore on the PID of the PHP-FPM worker process. | Ubuntu_linux, Debian_linux, Storage_automation_store, Php | 4.7 |