Filtered by vendor Netapp
Subscriptions
Total
2293 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-15919 | 2 Netapp, Openbsd | 7 Cloud Backup, Cn1610, Cn1610 Firmware and 4 more | 2019-03-07 | N/A |
| Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states 'We understand that the OpenSSH developers do not want to treat such a username enumeration (or "oracle") as a vulnerability.' | ||||
| CVE-2018-5497 | 1 Netapp | 1 Clustered Data Ontap | 2019-02-15 | N/A |
| Clustered Data ONTAP versions prior to 9.1P16, 9.3P10 and 9.4P5 are susceptible to a vulnerability which discloses sensitive information to an unauthorized user. | ||||
| CVE-2018-5498 | 1 Netapp | 1 Clustered Data Ontap | 2019-02-05 | N/A |
| Clustered Data ONTAP versions 9.0 through 9.4 are susceptible to a vulnerability which allows remote authenticated attackers to cause a Denial of Service (DoS) in NFS and SMB environments. Exploitation of this vulnerability will allow a remote authenticated attacker to cause a Denial of Service (DoS) on affected versions of clustered Data ONTAP configured for multiprotocol access. | ||||
| CVE-2018-5496 | 1 Netapp | 1 Data Ontap | 2019-02-05 | N/A |
| Data ONTAP operating in 7-Mode versions prior to 8.2.5P2 are susceptible to a vulnerability which discloses sensitive information to an unauthorized user. | ||||
| CVE-2018-5492 | 1 Netapp | 1 E-series Santricity Os Controller | 2018-12-20 | N/A |
| NetApp E-Series SANtricity OS Controller Software 11.30 and later version 11.30.5 is susceptible to unauthenticated remote code execution. | ||||
| CVE-2017-13652 | 1 Netapp | 1 Oncommand Insight | 2018-10-05 | N/A |
| NetApp OnCommand Insight version 7.3.0 and versions prior to 7.2.0 are susceptible to clickjacking attacks which could cause a user to perform an unintended action in the user interface. | ||||
| CVE-2017-7568 | 1 Netapp | 1 Oncommand Unified Manager | 2018-08-13 | N/A |
| NetApp OnCommand Unified Manager for 7-Mode (core package) versions prior to 5.2.3 may disclose sensitive LDAP account information to authenticated users when the LDAP authentication configuration is tested via the user interface. | ||||
| CVE-2018-5488 | 1 Netapp | 2 Santricity Storage Manager, Santricity Web Services Proxy | 2018-08-11 | N/A |
| NetApp SANtricity Web Services Proxy versions 1.10.x000.0002 through 2.12.X000.0002 and SANtricity Storage Manager 11.30.0X00.0004 through 11.42.0X00.0001 ship with the Java Management Extension Remote Method Invocation (JMX RMI) service bound to the network, and are susceptible to unauthenticated remote code execution. | ||||
| CVE-2018-5487 | 2 Linux, Netapp | 2 Linux Kernel, Oncommand Unified Manager | 2018-07-05 | N/A |
| NetApp OnCommand Unified Manager for Linux versions 7.2 through 7.3 ship with the Java Management Extension Remote Method Invocation (JMX RMI) service bound to the network, and are susceptible to unauthenticated remote code execution. | ||||
| CVE-2017-14583 | 1 Netapp | 1 Clustered Data Ontap | 2018-01-05 | N/A |
| NetApp Clustered Data ONTAP versions 9.x prior to 9.1P10 and 9.2P2 are susceptible to a vulnerability which allows an attacker to cause a Denial of Service (DoS) in SMB environments. | ||||
| CVE-2016-6904 | 1 Netapp | 1 Vasa Provider | 2017-12-29 | N/A |
| Versions of VASA Provider for Clustered Data ONTAP prior to 7.0P1 contain a web server that accepts plain text authentication. This could allow an unauthenticated attacker to obtain authentication credentials. | ||||
| CVE-2017-15517 | 1 Netapp | 1 Altavault Ost Plug-in | 2017-12-04 | N/A |
| AltaVault OST Plug-in versions prior to 1.2.2 may allow attackers to obtain sensitive information via unspecified vectors. All users are urged to move to a fixed version and change passwords used by Veritas NetBackup to access the OST shares on the NetApp AltaVault as a precaution. | ||||
| CVE-2017-15516 | 1 Netapp | 1 Snapcenter Server | 2017-12-02 | N/A |
| NetApp SnapCenter Server versions 1.1 through 2.x are susceptible to a Cross-Site Request Forgery (CSRF) vulnerability which could be used to cause an unintended authenticated action in the user interface. | ||||
| CVE-2017-11461 | 1 Netapp | 1 Oncommand Unified Manager | 2017-11-30 | N/A |
| NetApp OnCommand Unified Manager for 7-mode (core package) versions prior to 5.2.1 are susceptible to a clickjacking or "UI redress attack" which could be used to cause a user to perform an unintended action in the user interface. | ||||
| CVE-2017-5201 | 1 Netapp | 1 Clustered Data Ontap | 2017-11-29 | N/A |
| NetApp Clustered Data ONTAP before 8.3.2P8 and 9.0 before P2 allow remote authenticated users to obtain sensitive cluster and tenant information via unspecified vectors, a different vulnerability than CVE-2016-3064. | ||||
| CVE-2016-6820 | 1 Netapp | 1 Metrocluster Tiebreaker | 2017-11-16 | N/A |
| MetroCluster Tiebreaker for clustered Data ONTAP in versions before 1.2 discloses sensitive information in cleartext which may be viewed by an unauthenticated user. | ||||
| CVE-2016-5372 | 1 Netapp | 1 Snap Creator Framework | 2017-11-16 | N/A |
| Cross-site request forgery (CSRF) vulnerability in NetApp Snap Creator Framework before 4.3.0P1 allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors. | ||||
| CVE-2016-5047 | 1 Netapp | 1 Oncommand System Manager | 2017-11-16 | N/A |
| NetApp OnCommand System Manager 8.3.x before 8.3.2P5 allows remote authenticated users to cause a denial of service via unspecified vectors. | ||||
| CVE-2016-3064 | 1 Netapp | 1 Clustered Data Ontap | 2017-11-16 | N/A |
| NetApp Clustered Data ONTAP before 8.2.4P4 and 8.3.x before 8.3.2P2 allows remote authenticated users to obtain sensitive cluster and tenant information via unspecified vectors. | ||||
| CVE-2016-3063 | 1 Netapp | 1 Oncommand System Manager | 2017-11-16 | N/A |
| Multiple functions in NetApp OnCommand System Manager before 8.3.2 do not properly escape special characters, which allows remote authenticated users to execute arbitrary API calls via unspecified vectors. | ||||