Filtered by vendor Netapp Subscriptions
Total 2371 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2016-7172 1 Netapp 1 Snap Creator Framework 2024-11-21 N/A
NetApp Snap Creator Framework before 4.3.1 discloses sensitive information which could be viewed by an unauthorized user.
CVE-2016-7171 1 Netapp 1 Netapp Plug-in 2024-11-21 N/A
NetApp Plug-in for Symantec NetBackup prior to version 2.0.1 makes use of a non-unique server certificate, making it vulnerable to impersonation.
CVE-2016-7103 7 Debian, Fedoraproject, Jqueryui and 4 more 13 Debian Linux, Fedora, Jquery Ui and 10 more 2024-11-21 6.1 Medium
Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.
CVE-2016-6904 1 Netapp 1 Vasa Provider 2024-11-21 N/A
Versions of VASA Provider for Clustered Data ONTAP prior to 7.0P1 contain a web server that accepts plain text authentication. This could allow an unauthenticated attacker to obtain authentication credentials.
CVE-2016-6820 1 Netapp 1 Metrocluster Tiebreaker 2024-11-21 N/A
MetroCluster Tiebreaker for clustered Data ONTAP in versions before 1.2 discloses sensitive information in cleartext which may be viewed by an unauthenticated user.
CVE-2016-6797 6 Apache, Canonical, Debian and 3 more 15 Tomcat, Ubuntu Linux, Debian Linux and 12 more 2024-11-21 7.5 High
The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked to the web application. Therefore, it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not.
CVE-2016-6796 6 Apache, Canonical, Debian and 3 more 16 Tomcat, Ubuntu Linux, Debian Linux and 13 more 2024-11-21 7.5 High
A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 was able to bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet.
CVE-2016-6794 6 Apache, Canonical, Debian and 3 more 15 Tomcat, Ubuntu Linux, Debian Linux and 12 more 2024-11-21 5.3 Medium
When a SecurityManager is configured, a web application's ability to read system properties should be controlled by the SecurityManager. In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70, 6.0.0 to 6.0.45 the system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible.
CVE-2016-6667 1 Netapp 1 Oncommand Unified Manager For Clustered Data Ontap 2024-11-21 N/A
NetApp OnCommand Unified Manager for Clustered Data ONTAP 6.3 through 6.4P1 contain a default privileged account, which allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2016-6495 1 Netapp 1 Data Ontap 2024-11-21 N/A
NetApp Data ONTAP before 8.2.4P5, when operating in 7-Mode, allows remote attackers to obtain information about the volumes configured for HTTP access.
CVE-2016-5711 1 Netapp 1 Virtual Storage Console For Vmware Vsphere 2024-11-21 N/A
NetApp Virtual Storage Console for VMware vSphere before 6.2.1 uses a non-unique certificate, which allows remote attackers to conduct man-in-the-middle attacks via unspecified vectors.
CVE-2016-5710 1 Netapp 1 Snap Creator Framework 2024-11-21 4.6 Medium
NetApp Snap Creator Framework before 4.3P1 allows remote authenticated users to conduct clickjacking attacks via unspecified vectors.
CVE-2016-5374 1 Netapp 1 Data Ontap 2024-11-21 N/A
NetApp Data ONTAP 9.0 and 9.1 before 9.1P1 allows remote authenticated users that own SMB-hosted data to bypass intended sharing restrictions by leveraging improper handling of the owner_rights ACL entry.
CVE-2016-5372 1 Netapp 1 Snap Creator Framework 2024-11-21 N/A
Cross-site request forgery (CSRF) vulnerability in NetApp Snap Creator Framework before 4.3.0P1 allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors.
CVE-2016-5047 1 Netapp 1 Oncommand System Manager 2024-11-21 N/A
NetApp OnCommand System Manager 8.3.x before 8.3.2P5 allows remote authenticated users to cause a denial of service via unspecified vectors.
CVE-2016-5045 1 Netapp 1 Oncommand System Manager 2024-11-21 N/A
NetApp OnCommand System Manager before 9.0 allows remote attackers to obtain sensitive credentials via vectors related to cluster peering setup.
CVE-2016-5018 6 Apache, Canonical, Debian and 3 more 16 Tomcat, Ubuntu Linux, Debian Linux and 13 more 2024-11-21 9.1 Critical
In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web application was able to bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications.
CVE-2016-4461 2 Apache, Netapp 2 Struts, Oncommand Balance 2024-11-21 N/A
Apache Struts 2.x before 2.3.29 allows remote attackers to execute arbitrary code via a "%{}" sequence in a tag attribute, aka forced double OGNL evaluation. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-0785.
CVE-2016-4341 1 Netapp 1 Clustered Data Ontap 2024-11-21 N/A
NetApp Clustered Data ONTAP before 8.3.2P7 allows remote attackers to obtain SMB share information via unspecified vectors.
CVE-2016-3998 1 Netapp 1 Altavault 2024-11-21 N/A
NetApp AltaVault 4.1 and earlier allows man-in-the-middle attackers to obtain sensitive information, gain privileges, or cause a denial of service via vectors related to the SMB protocol.