CVE-2019-7317

CVE-2019-7317 is a use-after-free involving png_image_free in libpng. A connected document ties this to the FLTK package, affecting versions less than 1.3.8-1, and states that upgrading to a later FLTK version resolves the issue. If applying this advisory, upgrade FLTK to 1.3.8-1 or newer for rem...

CVE-2018-3082

CVE-2018-3082 affects Oracle MySQL’s MySQL Server component, specifically the Server: DDL subcomponent. Affected are MySQL 8.0.11 and earlier. An attacker with network access via multiple protocols and high privileges can read a subset of MySQL Server data due to the vulnerability. The issue is a...

CVE-2020-10719

Undertow under CVE-2020-10719 is vulnerable in versions before 2.1.1.Final due to improper handling of invalid HTTP requests with large chunk sizes, enabling HTTP request smuggling. Several connected sources (Red Hat advisories, Mageia security advisory) confirm a fix/update to Undertow 2.1.1.Fin...

CVE-2019-5496

Oncommand Insight versions prior to 7.3.5 are affected by CVE-2019-5496 due to missing HTTP security headers, which could allow an attacker to obtain sensitive information via unspecified vectors. The connected NVD entry lists CVSS scores (2.0/3.0) indicating network access with no authentication...

CVE-2017-13652

NetApp OnCommand Insight (affected: version 7.3.0 and versions prior to 7.2.0) is susceptible to clickjacking in its UI, which could cause a user to perform an unintended action. The description does not specify the underlying root cause or exact impact beyond this UI interaction risk, and no rem...