Filtered by vendor Netapp
Subscribe
Total
2475 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-5491 | 1 Netapp | 1 Clustered Data Ontap | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| Clustered Data ONTAP versions prior to 9.1P15 and 9.3 prior to 9.3P7 are susceptible to a vulnerability which discloses sensitive information to an unauthenticated user. | |||||
| CVE-2019-5509 | 1 Netapp | 1 Ontap Select Deploy Administration Utility | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| ONTAP Select Deploy administration utility versions 2.11.2 through 2.12.2 are susceptible to a code injection vulnerability which when successfully exploited could allow an unauthenticated remote attacker to enable and use a privileged user account. | |||||
| CVE-2019-5501 | 1 Netapp | 1 Data Ontap | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 may disclose sensitive LDAP account information to unauthenticated remote attackers. | |||||
| CVE-2019-5496 | 1 Netapp | 1 Oncommand Insight | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| Oncommand Insight versions prior to 7.3.5 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors. | |||||
| CVE-2019-5494 | 1 Netapp | 1 Oncommand Unified Manager | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| OnCommand Unified Manager 7-Mode prior to version 5.2.4 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors. | |||||
| CVE-2018-14883 | 4 Canonical, Debian, Netapp and 1 more | 4 Ubuntu Linux, Debian Linux, Storage Automation Store and 1 more | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. An Integer Overflow leads to a heap-based buffer over-read in exif_thumbnail_extract of exif.c. | |||||
| CVE-2019-17274 | 1 Netapp | 6 All Flash Fabric-attached Storage A400, All Flash Fabric-attached Storage A400 Firmware, Fabric-attached Storage 8300 and 3 more | 2020-08-24 | 7.2 HIGH | 7.8 HIGH |
| NetApp FAS 8300/8700 and AFF A400 Baseboard Management Controller (BMC) firmware versions 13.x prior to 13.1P1 were shipped with a default account enabled that could allow unauthorized arbitrary command execution via local access. | |||||
| CVE-2018-6485 | 4 Gnu, Netapp, Oracle and 1 more | 15 Glibc, Cloud Backup, Data Ontap Edge and 12 more | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption. | |||||
| CVE-2018-6445 | 2 Brocade, Netapp | 2 Network Advisor, Brocade Network Advisor | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| A Vulnerability in Brocade Network Advisor versions before 14.0.3 could allow a remote unauthenticated attacker to export the current user database which includes the encrypted (not hashed) password of the systems. The attacker could gain access to the Brocade Network Advisor System after extracting/decrypting the passwords. | |||||
| CVE-2018-12015 | 6 Apple, Archive\, Canonical and 3 more | 9 Mac Os X, \, Ubuntu Linux and 6 more | 2020-08-24 | 6.4 MEDIUM | 7.5 HIGH |
| In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name. | |||||
| CVE-2019-5490 | 1 Netapp | 2 Clustered Data Ontap, Service Processor | 2020-08-24 | 10.0 HIGH | 9.8 CRITICAL |
| Certain versions between 2.x to 5.x (refer to advisory) of the NetApp Service Processor firmware were shipped with a default account enabled that could allow unauthorized arbitrary command execution. Any platform listed in the advisory Impact section may be affected and should be upgraded to a fixed version of Service Processor firmware IMMEDIATELY. | |||||
| CVE-2019-5492 | 1 Netapp | 2 Element Plug-in For Vcenter Server, Hyper Converged Infrastructure Compute Node | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| Element Plug-in for vCenter Server versions prior to 4.2.3 may disclose sensitive account information to an unauthenticated attacker. NetApp HCI Compute Node versions prior to 1.4P2 bundle affected versions of Element Plug-in for vCenter Server. | |||||
| CVE-2019-5498 | 1 Netapp | 1 Oncommand Insight | 2020-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| OnCommand Insight versions through 7.3.6 may disclose sensitive account information to an authenticated user. | |||||
| CVE-2019-2435 | 2 Netapp, Oracle | 4 Active Iq Unified Manager, Oncommand Workflow Automation, Snapcenter and 1 more | 2020-08-24 | 5.8 MEDIUM | 8.1 HIGH |
| Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/Python). Supported versions that are affected are 8.0.13 and prior and 2.1.8 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Connectors accessible data as well as unauthorized access to critical data or complete access to all MySQL Connectors accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N). | |||||
| CVE-2019-5493 | 1 Netapp | 1 Data Ontap | 2020-08-24 | 4.3 MEDIUM | 7.5 HIGH |
| Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 are susceptible to a vulnerability which discloses information to an unauthenticated attacker. A successful attack requires that multiple non-default options be enabled. | |||||
| CVE-2019-5503 | 1 Netapp | 1 Oncommand Workflow Automation | 2020-08-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| OnCommand Workflow Automation versions prior to 5.0 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors. | |||||
| CVE-2019-6260 | 2 Aspeedtech, Netapp | 5 Ast2400, Ast2400 Firmware, Ast2500 and 2 more | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| The ASPEED ast2400 and ast2500 Baseband Management Controller (BMC) hardware and firmware implement Advanced High-performance Bus (AHB) bridges, which allow arbitrary read and write access to the BMC's physical address space from the host (or from the network in unusual cases where the BMC console uart is attached to a serial concentrator). This CVE applies to the specific cases of iLPC2AHB bridge Pt I, iLPC2AHB bridge Pt II, PCIe VGA P2A bridge, DMA from/to arbitrary BMC memory via X-DMA, UART-based SoC Debug interface, LPC2AHB bridge, PCIe BMC P2A bridge, and Watchdog setup. | |||||
| CVE-2016-9131 | 4 Debian, Isc, Netapp and 1 more | 12 Debian Linux, Bind, Data Ontap Edge and 9 more | 2020-08-19 | 5.0 MEDIUM | 7.5 HIGH |
| named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed response to an RTYPE ANY query. | |||||
| CVE-2019-2987 | 4 Debian, Netapp, Oracle and 1 more | 12 Debian Linux, E-series Santricity Os Controller, E-series Santricity Storage Manager and 9 more | 2020-08-18 | 4.3 MEDIUM | 3.7 LOW |
| Vulnerability in the Java SE product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). | |||||
| CVE-2019-2977 | 3 Debian, Netapp, Oracle | 10 Debian Linux, Active Iq Unified Manager, E-series Santricity Os Controller and 7 more | 2020-08-18 | 5.8 MEDIUM | 4.8 MEDIUM |
| Vulnerability in the Java SE product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.8 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L). | |||||