Filtered by vendor Netapp
Subscribe
Total
2304 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-6443 | 2 Brocade, Netapp | 2 Network Advisor, Brocade Network Advisor | 2019-05-23 | 4.3 MEDIUM | 8.1 HIGH |
| A vulnerability in Brocade Network Advisor Versions before 14.3.1 could allow an unauthenticated, remote attacker to log in to the JBoss Administration interface of an affected system using an undocumented user credentials and install additional JEE applications. A remote unauthenticated user who has access to Network Advisor client libraries and able to decrypt the Jboss credentials could gain access to the Jboss web console. | |||||
| CVE-2019-5495 | 1 Netapp | 1 Oncommand Unified Manager | 2019-05-14 | 5.0 MEDIUM | 7.5 HIGH |
| OnCommand Unified Manager for VMware vSphere, Linux and Windows prior to 9.5 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors. | |||||
| CVE-2016-4461 | 2 Apache, Netapp | 2 Struts, Oncommand Balance | 2019-05-01 | 9.0 HIGH | 8.8 HIGH |
| Apache Struts 2.x before 2.3.29 allows remote attackers to execute arbitrary code via a "%{}" sequence in a tag attribute, aka forced double OGNL evaluation. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-0785. | |||||
| CVE-2018-12099 | 2 Grafana, Netapp | 3 Grafana, Active Iq Performance Analytics Services, Storagegrid Webscale Nas Bridge | 2019-04-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| Grafana before 5.2.0-beta1 has XSS vulnerabilities in dashboard links. | |||||
| CVE-2018-1413 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2019-04-27 | 3.5 LOW | 5.4 MEDIUM |
| IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138819. | |||||
| CVE-2017-15707 | 3 Apache, Netapp, Oracle | 12 Struts, Oncommand Balance, Agile Plm Framework and 9 more | 2019-04-26 | 5.0 MEDIUM | 6.2 MEDIUM |
| In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an outdated JSON-lib library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted JSON payload. | |||||
| CVE-2018-8026 | 2 Apache, Netapp | 3 Solr, Snapcenter, Storage Automation Store | 2019-03-29 | 2.1 LOW | 5.5 MEDIUM |
| This vulnerability in Apache Solr 6.0.0 to 6.6.4 and 7.0.0 to 7.3.1 relates to an XML external entity expansion (XXE) in Solr config files (currency.xml, enumsConfig.xml referred from schema.xml, TIKA parsecontext config file). In addition, Xinclude functionality provided in these config files is also affected in a similar way. The vulnerability can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the internal network. The manipulated files can be uploaded as configsets using Solr's API, allowing to exploit that vulnerability. | |||||
| CVE-2017-9119 | 2 Netapp, Php | 3 Clustered Data Ontap, Storage Automation Store, Php | 2019-03-19 | 7.5 HIGH | 9.8 CRITICAL |
| The i_zval_ptr_dtor function in Zend/zend_variables.h in PHP 7.1.5 allows attackers to cause a denial of service (memory consumption and application crash) or possibly have unspecified other impact by triggering crafted operations on array data structures. | |||||
| CVE-2018-12882 | 3 Canonical, Netapp, Php | 3 Ubuntu Linux, Storage Automation Store, Php | 2019-03-12 | 7.5 HIGH | 9.8 CRITICAL |
| exif_read_from_impl in ext/exif/exif.c in PHP 7.2.x through 7.2.7 allows attackers to trigger a use-after-free (in exif_read_from_file) because it closes a stream that it is not responsible for closing. The vulnerable code is reachable through the PHP exif_read_data function. | |||||
| CVE-2018-15132 | 2 Netapp, Php | 2 Storage Automation Store, Php | 2019-03-08 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in ext/standard/link_win32.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. The linkinfo function on Windows doesn't implement the open_basedir check. This could be abused to find files on paths outside of the allowed directories. | |||||
| CVE-2017-15515 | 1 Netapp | 1 Snapcenter Server | 2019-03-07 | 3.5 LOW | 4.8 MEDIUM |
| NetApp SnapCenter Server prior to 4.0 is susceptible to cross site scripting vulnerability that could allow a privileged user to inject arbitrary scripts into the custom secondary policy label field. | |||||
| CVE-2018-15919 | 2 Netapp, Openbsd | 7 Cloud Backup, Cn1610, Cn1610 Firmware and 4 more | 2019-03-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states 'We understand that the OpenSSH developers do not want to treat such a username enumeration (or "oracle") as a vulnerability.' | |||||
| CVE-2018-5497 | 1 Netapp | 1 Clustered Data Ontap | 2019-02-15 | 2.1 LOW | 4.4 MEDIUM |
| Clustered Data ONTAP versions prior to 9.1P16, 9.3P10 and 9.4P5 are susceptible to a vulnerability which discloses sensitive information to an unauthorized user. | |||||
| CVE-2018-5498 | 1 Netapp | 1 Clustered Data Ontap | 2019-02-05 | 3.5 LOW | 4.4 MEDIUM |
| Clustered Data ONTAP versions 9.0 through 9.4 are susceptible to a vulnerability which allows remote authenticated attackers to cause a Denial of Service (DoS) in NFS and SMB environments. Exploitation of this vulnerability will allow a remote authenticated attacker to cause a Denial of Service (DoS) on affected versions of clustered Data ONTAP configured for multiprotocol access. | |||||
| CVE-2018-5496 | 1 Netapp | 1 Data Ontap | 2019-02-05 | 2.1 LOW | 4.4 MEDIUM |
| Data ONTAP operating in 7-Mode versions prior to 8.2.5P2 are susceptible to a vulnerability which discloses sensitive information to an unauthorized user. | |||||
| CVE-2018-5492 | 1 Netapp | 1 E-series Santricity Os Controller | 2018-12-20 | 7.5 HIGH | 9.8 CRITICAL |
| NetApp E-Series SANtricity OS Controller Software 11.30 and later version 11.30.5 is susceptible to unauthenticated remote code execution. | |||||
| CVE-2017-13652 | 1 Netapp | 1 Oncommand Insight | 2018-10-05 | 4.3 MEDIUM | 6.5 MEDIUM |
| NetApp OnCommand Insight version 7.3.0 and versions prior to 7.2.0 are susceptible to clickjacking attacks which could cause a user to perform an unintended action in the user interface. | |||||
| CVE-2017-7568 | 1 Netapp | 1 Oncommand Unified Manager | 2018-08-13 | 3.5 LOW | 5.3 MEDIUM |
| NetApp OnCommand Unified Manager for 7-Mode (core package) versions prior to 5.2.3 may disclose sensitive LDAP account information to authenticated users when the LDAP authentication configuration is tested via the user interface. | |||||
| CVE-2018-5488 | 1 Netapp | 2 Santricity Storage Manager, Santricity Web Services Proxy | 2018-08-11 | 7.5 HIGH | 9.8 CRITICAL |
| NetApp SANtricity Web Services Proxy versions 1.10.x000.0002 through 2.12.X000.0002 and SANtricity Storage Manager 11.30.0X00.0004 through 11.42.0X00.0001 ship with the Java Management Extension Remote Method Invocation (JMX RMI) service bound to the network, and are susceptible to unauthenticated remote code execution. | |||||
| CVE-2018-5487 | 2 Linux, Netapp | 2 Linux Kernel, Oncommand Unified Manager | 2018-07-05 | 7.5 HIGH | 9.8 CRITICAL |
| NetApp OnCommand Unified Manager for Linux versions 7.2 through 7.3 ship with the Java Management Extension Remote Method Invocation (JMX RMI) service bound to the network, and are susceptible to unauthenticated remote code execution. | |||||