Filtered by vendor Netapp
Subscribe
Total
2285 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-6495 | 1 Netapp | 1 Data Ontap | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
NetApp Data ONTAP before 8.2.4P5, when operating in 7-Mode, allows remote attackers to obtain information about the volumes configured for HTTP access. | |||||
CVE-2016-6667 | 1 Netapp | 1 Oncommand Unified Manager For Clustered Data Ontap | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
NetApp OnCommand Unified Manager for Clustered Data ONTAP 6.3 through 6.4P1 contain a default privileged account, which allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
CVE-2017-5340 | 2 Netapp, Php | 2 Clustered Data Ontap, Php | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Zend/zend_hash.c in PHP before 7.0.15 and 7.1.x before 7.1.1 mishandles certain cases that require large array allocations, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow, uninitialized memory access, and use of arbitrary destructor function pointers) via crafted serialized data. | |||||
CVE-2016-1894 | 1 Netapp | 1 Oncommand Workflow Automation | 2023-12-10 | 9.3 HIGH | 8.1 HIGH |
NetApp OnCommand Workflow Automation before 3.1P2 allows remote attackers to bypass authentication via unspecified vectors. | |||||
CVE-2016-1502 | 1 Netapp | 1 Snapcenter Server | 2023-12-10 | 7.5 HIGH | 7.3 HIGH |
NetApp SnapCenter Server 1.0 and 1.0P1 allows remote attackers to partially bypass authentication and then list and delete backups via unspecified vectors. | |||||
CVE-2016-9131 | 4 Debian, Isc, Netapp and 1 more | 12 Debian Linux, Bind, Data Ontap Edge and 9 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed response to an RTYPE ANY query. | |||||
CVE-2016-9843 | 10 Apple, Canonical, Debian and 7 more | 24 Iphone Os, Mac Os X, Tvos and 21 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation. | |||||
CVE-2016-5711 | 1 Netapp | 1 Virtual Storage Console For Vmware Vsphere | 2023-12-10 | 6.8 MEDIUM | 9.8 CRITICAL |
NetApp Virtual Storage Console for VMware vSphere before 6.2.1 uses a non-unique certificate, which allows remote attackers to conduct man-in-the-middle attacks via unspecified vectors. | |||||
CVE-2017-5988 | 1 Netapp | 1 Clustered Data Ontap | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
NetApp Clustered Data ONTAP 8.1 through 9.1P1, when NFS or SMB is enabled, allows remote attackers to cause a denial of service via unspecified vectors. | |||||
CVE-2015-8544 | 1 Netapp | 1 Snapdrive | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
NetApp SnapDrive for Windows before 7.0.2P4, 7.0.3, and 7.1 before 7.1.3P1 allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
CVE-2017-5600 | 1 Netapp | 1 Oncommand Insight | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The Data Warehouse component in NetApp OnCommand Insight before 7.2.3 allows remote attackers to obtain administrative access by leveraging a default privileged account. | |||||
CVE-2016-10160 | 3 Debian, Netapp, Php | 3 Debian Linux, Clustered Data Ontap, Php | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PHAR archive with an alias mismatch. | |||||
CVE-2015-8322 | 1 Netapp | 1 Data Ontap | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
NetApp OnCommand System Manager 8.3.x before 8.3.2 allows remote authenticated users to execute arbitrary code via unspecified vectors. | |||||
CVE-2015-7977 | 8 Canonical, Debian, Fedoraproject and 5 more | 12 Ubuntu Linux, Debian Linux, Fedora and 9 more | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference) via a ntpdc reslist command. | |||||
CVE-2016-7103 | 7 Debian, Fedoraproject, Jqueryui and 4 more | 13 Debian Linux, Fedora, Jquery Ui and 10 more | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function. | |||||
CVE-2016-5374 | 1 Netapp | 1 Data Ontap | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
NetApp Data ONTAP 9.0 and 9.1 before 9.1P1 allows remote authenticated users that own SMB-hosted data to bypass intended sharing restrictions by leveraging improper handling of the owner_rights ACL entry. | |||||
CVE-2016-2518 | 7 Debian, Freebsd, Netapp and 4 more | 18 Debian Linux, Freebsd, Clustered Data Ontap and 15 more | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value. | |||||
CVE-2017-7345 | 1 Netapp | 1 Clustered Data Ontap | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
NetApp OnCommand Performance Manager and OnCommand Unified Manager for Clustered Data ONTAP before 7.1P1 improperly bind the Java Management Extension Remote Method Invocation (aka JMX RMI) service to the network, which allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
CVE-2015-8020 | 1 Netapp | 1 Clustered Data Ontap | 2023-12-10 | 4.3 MEDIUM | 3.7 LOW |
Clustered Data ONTAP versions 8.0, 8.3.1, and 8.3.2 contain a default privileged account which under certain conditions can be used for unauthorized information disclosure. | |||||
CVE-2016-7172 | 1 Netapp | 1 Snap Creator Framework | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
NetApp Snap Creator Framework before 4.3.1 discloses sensitive information which could be viewed by an unauthorized user. |