| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| OnCommand Insight versions through 7.3.6 may disclose sensitive account information to an authenticated user. |
| NetApp AFF A700s Baseboard Management Controller (BMC) firmware versions 1.22 and higher were shipped with a default account enabled that could allow unauthorized arbitrary command execution. |
| Oncommand Insight versions prior to 7.3.5 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors. |
| OnCommand Unified Manager for VMware vSphere, Linux and Windows prior to 9.5 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors. |
| OnCommand Unified Manager 7-Mode prior to version 5.2.4 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors. |
| Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 are susceptible to a vulnerability which discloses information to an unauthenticated attacker. A successful attack requires that multiple non-default options be enabled. |
| Element Plug-in for vCenter Server versions prior to 4.2.3 may disclose sensitive account information to an unauthenticated attacker. NetApp HCI Compute Node versions prior to 1.4P2 bundle affected versions of Element Plug-in for vCenter Server. |
| Clustered Data ONTAP versions prior to 9.1P15 and 9.3 prior to 9.3P7 are susceptible to a vulnerability which discloses sensitive information to an unauthenticated user. |
| Certain versions between 2.x to 5.x (refer to advisory) of the NetApp Service Processor firmware were shipped with a default account enabled that could allow unauthorized arbitrary command execution. Any platform listed in the advisory Impact section may be affected and should be upgraded to a fixed version of Service Processor firmware IMMEDIATELY. |
| The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server. |
| EARCLINK ESPCMS-P8 has SQL injection in the install_pack/index.php?ac=Member&at=verifyAccount verify_key parameter. install_pack/espcms_public/espcms_db.php may allow retrieving sensitive information from the ESPCMS database. |
| An improper access control vulnerability exists in Gitlab EE <v12.3.3, <v12.2.7, & <v12.1.13 that allowed the group search feature with Elasticsearch to return private code, merge requests and commits. |
| A authentication bypass vulnerability exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.10 in the Salesforce login integration that could be used by an attacker to create an account that bypassed domain restrictions and email verification requirements. |
| NPM package gitlabhook version 0.0.17 is vulnerable to a Command Injection vulnerability. Arbitrary commands can be injected through the repository name. |
| Bower before 1.8.8 has a path traversal vulnerability permitting file write in arbitrary locations via install command, which allows attackers to write arbitrary files when a malicious package is extracted. |
| Seneca < 3.9.0 contains a vulnerability that could lead to exposing environment variables to unauthorized users. |
| Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3. |
| Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3. |
| A path traversal vulnerability in <= v0.9.7 of statichttpserver npm module allows attackers to list files in arbitrary folders. |
| An unintended require vulnerability in <v0.5.5 larvitbase-api may allow an attacker to load arbitrary non-production code (JavaScript file). |
