Vulnerabilities (CVE)

Vendor filter

Netapp Subscribe

Filter

206 total CVE
CVE Vendors Products Updated CVSS
CVE-2017-12420 1 Netapp 1 Clustered Data Ontap 2017-08-26 6.5
Heap-based buffer overflow in the SMB implementation in NetApp Clustered Data ONTAP before 8.3.2P8 and 9.0 before P2 allows remote authenticated users to cause a denial of service or execute arbitrary code.
CVE-2017-12859 1 Netapp 1 Data Ontap 2017-08-26 4.3
NetApp Data ONTAP before 8.2.5, when operating in 7-Mode in NFS environments, allows remote attackers to cause a denial of service via unspecified vectors.
CVE-2015-7887 1 Netapp 1 Snapcenter Server 2017-08-10 6.5
NetApp SnapCenter Server 1.0 allows remote authenticated users to list and delete backups.
CVE-2017-8919 1 Netapp 1 Oncommand Api 2017-08-10 4.0
NetApp OnCommand API Services before 1.2P3 logs the LDAP BIND password when a user attempts to log in using the REST API, which allows remote authenticated users to obtain sensitive password information via unspecified vectors.
CVE-2017-7947 1 Netapp 1 Clustered Data Ontap 2017-08-08 5.0
NetApp Clustered Data ONTAP before 8.3.2P11, 9.0 before P4, and 9.1 before P5 allow attackers to obtain sensitive password information by leveraging logging of passwords entered non-interactively on the command line.
CVE-2008-3349 1 Netapp 1 Data Ontap 2017-08-08 10.0
Multiple unspecified vulnerabilities in NetApp Data ONTAP, as used on NetApp and IBM eServer platforms, allow remote attackers to execute arbitrary commands, cause a denial of service (system crash), or obtain sensitive information, probably...
CVE-2016-7172 1 Netapp 1 Snap Creator Framework 2017-07-27 5.0
NetApp Snap Creator Framework before 4.3.1 discloses sensitive information which could be viewed by an unauthorized user.
CVE-2016-3997 1 Netapp 1 Clustered Data Ontap 2017-07-05 6.8
NetApp Clustered Data ONTAP allows man-in-the-middle attackers to obtain sensitive information, gain privileges, or cause a denial of service by leveraging failure to enable SMB signing enforcement in its default state.
CVE-2016-3998 1 Netapp 1 Altavault 2017-07-05 5.1
NetApp AltaVault 4.1 and earlier allows man-in-the-middle attackers to obtain sensitive information, gain privileges, or cause a denial of service via vectors related to the SMB protocol.
CVE-2016-5045 1 Netapp 1 Oncommand System Manager 2017-07-05 6.8
NetApp OnCommand System Manager before 9.0 allows remote attackers to obtain sensitive credentials via vectors related to cluster peering setup.
CVE-2017-7236 1 Netapp 1 Oncommand Unified Manager Core Package 2017-06-02 5.0
SQL injection vulnerability in NetApp OnCommand Unified Manager Core Package 5.x before 5.2.2P1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2017-7439 1 Netapp 1 Oncommand Unified Manager Core Package 2017-06-02 5.0
NetApp OnCommand Unified Manager Core Package 5.x before 5.2.2P1 might allow remote attackers to obtain sensitive information via vectors involving error messages.
CVE-2017-7345 1 Netapp 1 Clustered Data Ontap 2017-04-17 5.0
NetApp OnCommand Performance Manager and OnCommand Unified Manager for Clustered Data ONTAP before 7.1P1 improperly bind the Java Management Extension Remote Method Invocation (aka JMX RMI) service to the network, which allows remote attackers to...
CVE-2017-5988 1 Netapp 1 Clustered Data Ontap 2017-04-15 5.0
NetApp Clustered Data ONTAP 8.1 through 9.1P1, when NFS or SMB is enabled, allows remote attackers to cause a denial of service via unspecified vectors.
CVE-2016-5374 1 Netapp 1 Data Ontap 2017-03-14 6.5
NetApp Data ONTAP 9.0 and 9.1 before 9.1P1 allows remote authenticated users that own SMB-hosted data to bypass intended sharing restrictions by leveraging improper handling of the owner_rights ACL entry.
CVE-2017-5995 1 Netapp 1 Ontap Select Administration Utility 2017-03-09 5.0
The NetApp ONTAP Select Deploy administration utility 2.0 through 2.2.1 might allow remote attackers to obtain sensitive information via unspecified vectors.
CVE-2016-4341 1 Netapp 1 Clustered Data Ontap 2017-02-24 5.0
NetApp Clustered Data ONTAP before 8.3.2P7 allows remote attackers to obtain SMB share information via unspecified vectors.
CVE-2016-1502 1 Netapp 1 Snapcenter Server 2017-02-24 7.5
NetApp SnapCenter Server 1.0 and 1.0P1 allows remote attackers to partially bypass authentication and then list and delete backups via unspecified vectors.
CVE-2016-6667 1 Netapp 1 Oncommand Unified Manager For Clustered Data Ontap 2017-02-24 7.5
NetApp OnCommand Unified Manager for Clustered Data ONTAP 6.3 through 6.4P1 contain a default privileged account, which allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2016-6495 1 Netapp 1 Data Ontap 2017-02-24 4.3
NetApp Data ONTAP before 8.2.4P5, when operating in 7-Mode, allows remote attackers to obtain information about the volumes configured for HTTP access.