Filtered by vendor Netapp
Subscriptions
Total
2319 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-11034 | 6 Canonical, Debian, Netapp and 3 more | 8 Ubuntu Linux, Debian Linux, Storage Automation Store and 5 more | 2024-09-17 | 9.1 Critical |
| When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash. | ||||
| CVE-2020-4354 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2024-09-17 | 5.4 Medium |
| IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 178506. | ||||
| CVE-2018-11763 | 5 Apache, Canonical, Netapp and 2 more | 11 Http Server, Ubuntu Linux, Storage Automation Store and 8 more | 2024-09-17 | N/A |
| In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol. | ||||
| CVE-2022-0635 | 2 Isc, Netapp | 17 Bind, H300e, H300e Firmware and 14 more | 2024-09-17 | 7.5 High |
| Versions affected: BIND 9.18.0 When a vulnerable version of named receives a series of specific queries, the named process will eventually terminate due to a failed assertion check. | ||||
| CVE-2017-7525 | 5 Debian, Fasterxml, Netapp and 2 more | 30 Debian Linux, Jackson-databind, Oncommand Balance and 27 more | 2024-09-17 | 9.8 Critical |
| A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. | ||||
| CVE-2017-15715 | 5 Apache, Canonical, Debian and 2 more | 10 Http Server, Ubuntu Linux, Debian Linux and 7 more | 2024-09-17 | N/A |
| In Apache httpd 2.4.0 to 2.4.29, the expression specified in <FilesMatch> could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the trailing portion of the filename. | ||||
| CVE-2022-1664 | 2 Debian, Netapp | 3 Debian Linux, Dpkg, Ontap Select Deploy Administration Utility | 2024-09-17 | 9.8 Critical |
| Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction can lead to directory traversal situations on specially crafted orig.tar and debian.tar tarballs. | ||||
| CVE-2020-8835 | 4 Canonical, Fedoraproject, Linux and 1 more | 47 Ubuntu Linux, Fedora, Linux Kernel and 44 more | 2024-09-17 | 7.8 High |
| In the Linux kernel 5.5.0 and newer, the bpf verifier (kernel/bpf/verifier.c) did not properly restrict the register bounds for 32-bit operations, leading to out-of-bounds reads and writes in kernel memory. The vulnerability also affects the Linux 5.4 stable series, starting with v5.4.7, as the introducing commit was backported to that branch. This vulnerability was fixed in 5.6.1, 5.5.14, and 5.4.29. (issue is aka ZDI-CAN-10780) | ||||
| CVE-2019-4471 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2024-09-17 | 6.5 Medium |
| IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for a sensitive cookie in an HTTPS session. A remote attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 163780. | ||||
| CVE-2017-15517 | 1 Netapp | 1 Altavault Ost Plug-in | 2024-09-17 | N/A |
| AltaVault OST Plug-in versions prior to 1.2.2 may allow attackers to obtain sensitive information via unspecified vectors. All users are urged to move to a fixed version and change passwords used by Veritas NetBackup to access the OST shares on the NetApp AltaVault as a precaution. | ||||
| CVE-2018-1303 | 5 Apache, Canonical, Debian and 2 more | 10 Http Server, Ubuntu Linux, Debian Linux and 7 more | 2024-09-17 | N/A |
| A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of mod_cache_socache. The vulnerability is considered as low risk since mod_cache_socache is not widely used, mod_cache_disk is not concerned by this vulnerability. | ||||
| CVE-2021-29824 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2024-09-17 | 4.3 Medium |
| IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to priviledge escalation where a lower level user could have read access to to the 'Data Connections' page to which they don't have access. IBM X-Force ID: 204468. | ||||
| CVE-2017-12615 | 4 Apache, Microsoft, Netapp and 1 more | 24 Tomcat, Windows, 7-mode Transition Tool and 21 more | 2024-09-17 | 8.1 High |
| When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server. | ||||
| CVE-2019-4722 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2024-09-17 | 4.3 Medium |
| IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information via a stack trace due to mishandling of certain error conditions. IBM X-Force ID: 172128. | ||||
| CVE-2021-38945 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2024-09-17 | 9.8 Critical |
| IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 could allow a remote attacker to upload arbitrary files, caused by improper content validation. IBM X-Force ID: 211238. | ||||
| CVE-2018-5489 | 1 Netapp | 1 7-mode Transition Tool | 2024-09-17 | N/A |
| NetApp 7-Mode Transition Tool allows users with valid credentials to access functions and information which may have been intended to be restricted to administrators or privileged users. 7MTT versions below 2.0 do not enforce user authorization rules on file information and status that it has previously collected. The released version of 7MTT has been updated to maintain and verify authorization rules for file information, status and utilities. | ||||
| CVE-2019-4723 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2024-09-17 | 7.5 High |
| IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings in New Data Server Connection page. IBM X-Force ID: 172129. | ||||
| CVE-2017-7568 | 1 Netapp | 1 Oncommand Unified Manager | 2024-09-17 | N/A |
| NetApp OnCommand Unified Manager for 7-Mode (core package) versions prior to 5.2.3 may disclose sensitive LDAP account information to authenticated users when the LDAP authentication configuration is tested via the user interface. | ||||
| CVE-2018-5498 | 1 Netapp | 1 Clustered Data Ontap | 2024-09-17 | N/A |
| Clustered Data ONTAP versions 9.0 through 9.4 are susceptible to a vulnerability which allows remote authenticated attackers to cause a Denial of Service (DoS) in NFS and SMB environments. Exploitation of this vulnerability will allow a remote authenticated attacker to cause a Denial of Service (DoS) on affected versions of clustered Data ONTAP configured for multiprotocol access. | ||||
| CVE-2020-8620 | 4 Canonical, Isc, Netapp and 1 more | 4 Ubuntu Linux, Bind, Steelstore Cloud Integrated Storage and 1 more | 2024-09-17 | 7.5 High |
| In BIND 9.15.6 -> 9.16.5, 9.17.0 -> 9.17.3, An attacker who can establish a TCP connection with the server and send data on that connection can exploit this to trigger the assertion failure, causing the server to exit. | ||||