Vulnerabilities (CVE)

Vendor filter

Netapp Subscribe

Filter

42 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-14379 3 Fasterxml, Netapp, Debian 4 Jackson-databind, Oncommand Workflow Automation, Snapcenter and 1 more 2019-10-06 7.5
SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution.
CVE-2017-5600 1 Netapp 1 Oncommand Insight 2019-10-03 7.5
The Data Warehouse component in NetApp OnCommand Insight before 7.2.3 allows remote attackers to obtain administrative access by leveraging a default privileged account.
CVE-2018-5495 1 Netapp 1 Storagegrid Webscale 2019-10-03 7.5
All StorageGRID Webscale versions are susceptible to a vulnerability which could permit an unauthenticated attacker to communicate with systems on the same network as the StorageGRID Webscale Admin Node via HTTP or to take over services on the Admin Node.
CVE-2018-8014 4 Apache, Canonical, Netapp and 1 more 7 Tomcat, Ubuntu Linux, Oncommand Insight and 4 more 2019-10-03 7.5
The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable 'supportsCredentials' for all origins. It is expected that users of the CORS...
CVE-2019-5504 1 Netapp 1 Ontap Select Deploy Administration Utility 2019-09-25 7.5
ONTAP Select Deploy administration utility versions 2.12 & 2.12.1 ship with an HTTP service bound to the network allowing unauthenticated remote attackers to perform administrative actions.
CVE-2018-18314 5 Perl, Canonical, Debian and 2 more 7 Perl, Ubuntu Linux, Debian Linux and 4 more 2019-09-06 7.5
Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
CVE-2018-18312 5 Perl, Canonical, Debian and 2 more 7 Perl, Ubuntu Linux, Debian Linux and 4 more 2019-09-06 7.5
Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
CVE-2017-7657 3 Eclipse, Debian, Netapp 10 Jetty, Debian Linux, E-series Santricity Management and 7 more 2019-08-21 7.5
In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer...
CVE-2017-9120 2 Php, Netapp 2 Php, Storage Automation Store 2019-08-19 7.5
PHP 7.x through 7.1.5 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a long string because of an Integer overflow in mysqli_real_escape_string.
CVE-2019-0192 2 Apache, Netapp 2 Solr, Storage Automation Store 2019-07-23 7.5
In Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5, the Config API allows to configure the JMX server via an HTTP POST request. By pointing it to a malicious RMI server, an attacker could take advantage of Solr's unsafe deserialization to...
CVE-2019-3822 6 Haxx, Canonical, Debian and 3 more 8 Libcurl, Ubuntu Linux, Debian Linux and 5 more 2019-07-19 7.5
libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (`lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()`), generates the request HTTP header...
CVE-2018-18311 7 Perl, Canonical, Debian and 4 more 17 Perl, Ubuntu Linux, Debian Linux and 14 more 2019-07-16 7.5
Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
CVE-2019-5497 1 Netapp 1 Clustered Data Ontap 2019-07-03 7.5
NetApp AFF A700s Baseboard Management Controller (BMC) firmware versions 1.22 and higher were shipped with a default account enabled that could allow unauthorized arbitrary command execution.
CVE-2018-1002105 3 Kubernetes, Redhat, Netapp 3 Kubernetes, Openshift Container Platform, Trident 2019-06-28 7.5
In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API...
CVE-2018-6444 2 Brocade, Netapp 2 Network Advisor, Brocade Network Advisor 2019-06-19 10.0
A Vulnerability in Brocade Network Advisor versions before 14.1.0 could allow a remote unauthenticated attacker to execute arbitray code. The vulnerability could also be exploited to execute arbitrary OS Commands.
CVE-2017-5645 4 Apache, Netapp, Oracle and 1 more 59 Log4j, Oncommand Api Services, Oncommand Insight and 56 more 2019-06-19 7.5
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.
CVE-2019-9641 5 Php, Debian, Canonical and 2 more 5 Php, Debian Linux, Ubuntu Linux and 2 more 2019-06-18 7.5
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_TIFF.
CVE-2019-9023 5 Php, Debian, Canonical and 2 more 5 Php, Debian Linux, Ubuntu Linux and 2 more 2019-06-18 7.5
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid...
CVE-2019-9021 5 Php, Debian, Canonical and 2 more 5 Php, Debian Linux, Ubuntu Linux and 2 more 2019-06-18 7.5
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A heap-based buffer over-read in PHAR reading functions in the PHAR extension may allow an attacker to read allocated or unallocated...
CVE-2019-9020 5 Php, Debian, Canonical and 2 more 5 Php, Debian Linux, Ubuntu Linux and 2 more 2019-06-18 7.5
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Invalid input to the function xmlrpc_decode() can lead to an invalid memory access (heap out of bounds read or read after free). This is...