Filtered by vendor Netapp
Subscribe
Total
2475 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-14799 | 2 Netapp, Oracle | 5 Active Iq Unified Manager, Oncommand Insight, Oncommand Workflow Automation and 2 more | 2022-04-12 | 4.0 MEDIUM | 4.9 MEDIUM |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2020-14800 | 2 Netapp, Oracle | 5 Active Iq Unified Manager, Oncommand Insight, Oncommand Workflow Automation and 2 more | 2022-04-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2020-14771 | 2 Netapp, Oracle | 5 Active Iq Unified Manager, Oncommand Insight, Oncommand Workflow Automation and 2 more | 2022-04-12 | 3.5 LOW | 2.2 LOW |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: LDAP Auth). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.2 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L). | |||||
| CVE-2018-1258 | 5 Netapp, Oracle, Pivotal Software and 2 more | 42 Oncommand Insight, Oncommand Unified Manager, Oncommand Workflow Automation and 39 more | 2022-04-11 | 6.5 MEDIUM | 8.8 HIGH |
| Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted. | |||||
| CVE-2020-11656 | 5 Netapp, Oracle, Siemens and 2 more | 12 Ontap Select Deploy Administration Utility, Communications Messaging Server, Communications Network Charging And Control and 9 more | 2022-04-08 | 7.5 HIGH | 9.8 CRITICAL |
| In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement. | |||||
| CVE-2020-11655 | 7 Canonical, Debian, Netapp and 4 more | 18 Ubuntu Linux, Debian Linux, Ontap Select Deploy Administration Utility and 15 more | 2022-04-08 | 5.0 MEDIUM | 7.5 HIGH |
| SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled. | |||||
| CVE-2020-9327 | 5 Canonical, Netapp, Oracle and 2 more | 11 Ubuntu Linux, Cloud Backup, Communications Messaging Server and 8 more | 2022-04-08 | 5.0 MEDIUM | 7.5 HIGH |
| In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations. | |||||
| CVE-2021-26987 | 2 Netapp, Vmware | 4 Element Plug-in For Vcenter Server, Management Services For Element Software And Netapp Hci, Solidfire \& Hci Management Node and 1 more | 2022-04-07 | 7.5 HIGH | 9.8 CRITICAL |
| Element Plug-in for vCenter Server incorporates SpringBoot Framework. SpringBoot Framework versions prior to 1.3.2 are susceptible to a vulnerability which when successfully exploited could lead to Remote Code Execution. All versions of Element Plug-in for vCenter Server, Management Services versions prior to 2.17.56 and Management Node versions through 12.2 contain vulnerable versions of SpringBoot Framework. | |||||
| CVE-2020-28097 | 2 Linux, Netapp | 18 Linux Kernel, Cloud Backup, H300e and 15 more | 2022-04-06 | 3.6 LOW | 5.9 MEDIUM |
| The vgacon subsystem in the Linux kernel before 5.8.10 mishandles software scrollback. There is a vgacon_scrolldelta out-of-bounds read, aka CID-973c096f6a85. | |||||
| CVE-2021-28691 | 2 Linux, Netapp | 18 Linux Kernel, Cloud Backup, H300e and 15 more | 2022-04-06 | 4.6 MEDIUM | 7.8 HIGH |
| Guest triggered use-after-free in Linux xen-netback A malicious or buggy network PV frontend can force Linux netback to disable the interface and terminate the receive kernel thread associated with queue 0 in response to the frontend sending a malformed packet. Such kernel thread termination will lead to a use-after-free in Linux netback when the backend is destroyed, as the kernel thread associated with queue 0 will have already exited and thus the call to kthread_stop will be performed against a stale pointer. | |||||
| CVE-2019-20372 | 5 Apple, Canonical, F5 and 2 more | 5 Xcode, Ubuntu Linux, Nginx and 2 more | 2022-04-06 | 4.3 MEDIUM | 5.3 MEDIUM |
| NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer. | |||||
| CVE-2018-25020 | 2 Linux, Netapp | 18 Linux Kernel, Cloud Backup, H300e and 15 more | 2022-04-05 | 4.6 MEDIUM | 7.8 HIGH |
| The BPF subsystem in the Linux kernel before 4.17 mishandles situations with a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions, leading to an overflow. This affects kernel/bpf/core.c and net/core/filter.c. | |||||
| CVE-2019-9641 | 5 Canonical, Debian, Netapp and 2 more | 5 Ubuntu Linux, Debian Linux, Storage Automation Store and 2 more | 2022-04-05 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_TIFF. | |||||
| CVE-2019-9639 | 6 Canonical, Debian, Netapp and 3 more | 6 Ubuntu Linux, Debian Linux, Storage Automation Store and 3 more | 2022-04-05 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the data_len variable. | |||||
| CVE-2019-9640 | 6 Canonical, Debian, Netapp and 3 more | 6 Ubuntu Linux, Debian Linux, Storage Automation Store and 3 more | 2022-04-05 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an Invalid Read in exif_process_SOFn. | |||||
| CVE-2019-9162 | 3 Canonical, Linux, Netapp | 7 Ubuntu Linux, Linux Kernel, Cn1610 and 4 more | 2022-04-05 | 4.6 MEDIUM | 7.8 HIGH |
| In the Linux kernel before 4.20.12, net/ipv4/netfilter/nf_nat_snmp_basic_main.c in the SNMP NAT module has insufficient ASN.1 length checks (aka an array index error), making out-of-bounds read and write operations possible, leading to an OOPS or local privilege escalation. This affects snmp_version and snmp_helper. | |||||
| CVE-2019-9638 | 6 Canonical, Debian, Netapp and 3 more | 6 Ubuntu Linux, Debian Linux, Storage Automation Store and 3 more | 2022-04-05 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the maker_note->offset relationship to value_len. | |||||
| CVE-2019-9924 | 5 Canonical, Debian, Gnu and 2 more | 6 Ubuntu Linux, Debian Linux, Bash and 3 more | 2022-04-05 | 7.2 HIGH | 7.8 HIGH |
| rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell. | |||||
| CVE-2019-14888 | 2 Netapp, Redhat | 6 Active Iq Unified Manager, Jboss Data Grid, Jboss Enterprise Application Platform and 3 more | 2022-04-01 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability was found in the Undertow HTTP server in versions before 2.0.28.SP1 when listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service (DOS) to make the service unavailable on SSL. | |||||
| CVE-2021-22555 | 3 Brocade, Linux, Netapp | 20 Fabric Operating System, Linux Kernel, Aff 500f and 17 more | 2022-03-31 | 4.6 MEDIUM | 7.8 HIGH |
| A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c. This allows an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name space | |||||