Filtered by vendor Netapp
Subscribe
Total
2308 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-10286 | 3 Mariadb, Netapp, Oracle | 9 Mariadb, Active Iq Unified Manager, Oncommand Balance and 6 more | 2024-02-28 | 3.5 LOW | 4.4 MEDIUM |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||||
CVE-2016-1894 | 1 Netapp | 1 Oncommand Workflow Automation | 2024-02-28 | 9.3 HIGH | 8.1 HIGH |
NetApp OnCommand Workflow Automation before 3.1P2 allows remote attackers to bypass authentication via unspecified vectors. | |||||
CVE-2016-3063 | 1 Netapp | 1 Oncommand System Manager | 2024-02-28 | 4.4 MEDIUM | 7.5 HIGH |
Multiple functions in NetApp OnCommand System Manager before 8.3.2 do not properly escape special characters, which allows remote authenticated users to execute arbitrary API calls via unspecified vectors. | |||||
CVE-2017-9119 | 2 Netapp, Php | 3 Clustered Data Ontap, Storage Automation Store, Php | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
The i_zval_ptr_dtor function in Zend/zend_variables.h in PHP 7.1.5 allows attackers to cause a denial of service (memory consumption and application crash) or possibly have unspecified other impact by triggering crafted operations on array data structures. | |||||
CVE-2016-1502 | 1 Netapp | 1 Snapcenter Server | 2024-02-28 | 7.5 HIGH | 7.3 HIGH |
NetApp SnapCenter Server 1.0 and 1.0P1 allows remote attackers to partially bypass authentication and then list and delete backups via unspecified vectors. | |||||
CVE-2016-7103 | 7 Debian, Fedoraproject, Jqueryui and 4 more | 13 Debian Linux, Fedora, Jquery Ui and 10 more | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function. | |||||
CVE-2017-5988 | 1 Netapp | 1 Clustered Data Ontap | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
NetApp Clustered Data ONTAP 8.1 through 9.1P1, when NFS or SMB is enabled, allows remote attackers to cause a denial of service via unspecified vectors. | |||||
CVE-2016-6495 | 1 Netapp | 1 Data Ontap | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
NetApp Data ONTAP before 8.2.4P5, when operating in 7-Mode, allows remote attackers to obtain information about the volumes configured for HTTP access. | |||||
CVE-2016-7480 | 2 Netapp, Php | 2 Clustered Data Ontap, Php | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
The SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access) via crafted serialized data. | |||||
CVE-2016-7172 | 1 Netapp | 1 Snap Creator Framework | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
NetApp Snap Creator Framework before 4.3.1 discloses sensitive information which could be viewed by an unauthorized user. | |||||
CVE-2017-5340 | 2 Netapp, Php | 2 Clustered Data Ontap, Php | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Zend/zend_hash.c in PHP before 7.0.15 and 7.1.x before 7.1.1 mishandles certain cases that require large array allocations, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow, uninitialized memory access, and use of arbitrary destructor function pointers) via crafted serialized data. | |||||
CVE-2015-8544 | 1 Netapp | 1 Snapdrive | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
NetApp SnapDrive for Windows before 7.0.2P4, 7.0.3, and 7.1 before 7.1.3P1 allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
CVE-2015-7977 | 8 Canonical, Debian, Fedoraproject and 5 more | 12 Ubuntu Linux, Debian Linux, Fedora and 9 more | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference) via a ntpdc reslist command. | |||||
CVE-2016-5374 | 1 Netapp | 1 Data Ontap | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
NetApp Data ONTAP 9.0 and 9.1 before 9.1P1 allows remote authenticated users that own SMB-hosted data to bypass intended sharing restrictions by leveraging improper handling of the owner_rights ACL entry. | |||||
CVE-2016-6667 | 1 Netapp | 1 Oncommand Unified Manager For Clustered Data Ontap | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
NetApp OnCommand Unified Manager for Clustered Data ONTAP 6.3 through 6.4P1 contain a default privileged account, which allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
CVE-2016-5372 | 1 Netapp | 1 Snap Creator Framework | 2024-02-28 | 6.8 MEDIUM | 6.3 MEDIUM |
Cross-site request forgery (CSRF) vulnerability in NetApp Snap Creator Framework before 4.3.0P1 allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors. | |||||
CVE-2017-5600 | 1 Netapp | 1 Oncommand Insight | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
The Data Warehouse component in NetApp OnCommand Insight before 7.2.3 allows remote attackers to obtain administrative access by leveraging a default privileged account. | |||||
CVE-2016-9131 | 4 Debian, Isc, Netapp and 1 more | 12 Debian Linux, Bind, Data Ontap Edge and 9 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed response to an RTYPE ANY query. | |||||
CVE-2016-4341 | 1 Netapp | 1 Clustered Data Ontap | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
NetApp Clustered Data ONTAP before 8.3.2P7 allows remote attackers to obtain SMB share information via unspecified vectors. | |||||
CVE-2016-5711 | 1 Netapp | 1 Virtual Storage Console For Vmware Vsphere | 2024-02-28 | 6.8 MEDIUM | 9.8 CRITICAL |
NetApp Virtual Storage Console for VMware vSphere before 6.2.1 uses a non-unique certificate, which allows remote attackers to conduct man-in-the-middle attacks via unspecified vectors. |