Filtered by vendor Netapp
Subscribe
Total
2415 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-6110 | 4 Netapp, Openbsd, Siemens and 1 more | 9 Element Software, Ontap Select Deploy, Storage Automation Store and 6 more | 2024-11-21 | 4.0 MEDIUM | 6.8 MEDIUM |
| In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred. | |||||
| CVE-2019-6109 | 9 Canonical, Debian, Fedoraproject and 6 more | 28 Ubuntu Linux, Debian Linux, Fedora and 25 more | 2024-11-21 | 4.0 MEDIUM | 6.8 MEDIUM |
| An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter() in progressmeter.c. | |||||
| CVE-2019-5736 | 13 Apache, Canonical, D2iq and 10 more | 19 Mesos, Ubuntu Linux, Dc\/os and 16 more | 2024-11-21 | 9.3 HIGH | 8.6 HIGH |
| runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe. | |||||
| CVE-2019-5614 | 2 Freebsd, Netapp | 2 Freebsd, Clustered Data Ontap | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In FreeBSD 12.1-STABLE before r356035, 12.1-RELEASE before 12.1-RELEASE-p4, 11.3-STABLE before r356036, and 11.3-RELEASE before 11.3-RELEASE-p8, incomplete packet data validation may result in accessing out-of-bounds memory leading to a kernel panic or other unpredictable results. | |||||
| CVE-2019-5612 | 2 Freebsd, Netapp | 2 Freebsd, Clustered Data Ontap | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| In FreeBSD 12.0-STABLE before r351264, 12.0-RELEASE before 12.0-RELEASE-p10, 11.3-STABLE before r351265, 11.3-RELEASE before 11.3-RELEASE-p3, and 11.2-RELEASE before 11.2-RELEASE-p14, the kernel driver for /dev/midistat implements a read handler that is not thread-safe. A multi-threaded program can exploit races in the handler to copy out kernel memory outside the boundaries of midistat's data buffer. | |||||
| CVE-2019-5611 | 2 Freebsd, Netapp | 2 Freebsd, Clustered Data Ontap | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| In FreeBSD 12.0-STABLE before r350828, 12.0-RELEASE before 12.0-RELEASE-p10, 11.3-STABLE before r350829, 11.3-RELEASE before 11.3-RELEASE-p3, and 11.2-RELEASE before 11.2-RELEASE-p14, a missing check in the function to arrange data in a chain of mbufs could cause data returned not to be contiguous. Extra checks in the IPv6 stack could catch the error condition and trigger a kernel panic, leading to a remote denial of service. | |||||
| CVE-2019-5610 | 2 Freebsd, Netapp | 2 Freebsd, Clustered Data Ontap | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In FreeBSD 12.0-STABLE before r350637, 12.0-RELEASE before 12.0-RELEASE-p9, 11.3-STABLE before r350638, 11.3-RELEASE before 11.3-RELEASE-p2, and 11.2-RELEASE before 11.2-RELEASE-p13, the bsnmp library is not properly validating the submitted length from a type-length-value encoding. A remote user could cause an out-of-bounds read or trigger a crash of the software such as bsnmpd resulting in a denial of service. | |||||
| CVE-2019-5608 | 2 Freebsd, Netapp | 2 Freebsd, Clustered Data Ontap | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In FreeBSD 12.0-STABLE before r350648, 12.0-RELEASE before 12.0-RELEASE-p9, 11.3-STABLE before r350650, 11.3-RELEASE before 11.3-RELEASE-p2, and 11.2-RELEASE before 11.2-RELEASE-p13, the ICMPv6 input path incorrectly handles cases where an MLDv2 listener query packet is internally fragmented across multiple mbufs. A remote attacker may be able to cause an out-of-bounds read or write that may cause the kernel to attempt to access an unmapped page and subsequently panic. | |||||
| CVE-2019-5509 | 1 Netapp | 1 Ontap Select Deploy Administration Utility | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| ONTAP Select Deploy administration utility versions 2.11.2 through 2.12.2 are susceptible to a code injection vulnerability which when successfully exploited could allow an unauthenticated remote attacker to enable and use a privileged user account. | |||||
| CVE-2019-5508 | 1 Netapp | 1 Clustered Data Ontap | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Clustered Data ONTAP versions 9.2 through 9.4 are susceptible to a vulnerability which allows an attacker to use l2ping to cause a Denial of Service (DoS). | |||||
| CVE-2019-5507 | 1 Netapp | 1 Snapmanager | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| SnapManager for Oracle prior to version 3.4.2P1 are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information. | |||||
| CVE-2019-5506 | 1 Netapp | 1 Clustered Data Ontap | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| Clustered Data ONTAP versions 9.0 and higher do not enforce hostname verification under certain circumstances making them susceptible to impersonation via man-in-the-middle attacks. | |||||
| CVE-2019-5505 | 1 Netapp | 1 Ontap Select Deploy Administration Utility | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| ONTAP Select Deploy administration utility versions 2.2 through 2.12.1 transmit credentials in plaintext. | |||||
| CVE-2019-5504 | 1 Netapp | 1 Ontap Select Deploy Administration Utility | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| ONTAP Select Deploy administration utility versions 2.12 & 2.12.1 ship with an HTTP service bound to the network allowing unauthenticated remote attackers to perform administrative actions. | |||||
| CVE-2019-5503 | 1 Netapp | 1 Oncommand Workflow Automation | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| OnCommand Workflow Automation versions prior to 5.0 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors. | |||||
| CVE-2019-5502 | 1 Netapp | 1 Data Ontap | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| SMB in Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 has weak cryptography which when exploited could lead to information disclosure or addition or modification of data. | |||||
| CVE-2019-5501 | 1 Netapp | 1 Data Ontap | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 may disclose sensitive LDAP account information to unauthenticated remote attackers. | |||||
| CVE-2019-5500 | 1 Netapp | 14 Aff A200, Aff A200 Firmware, Aff A220 and 11 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Certain versions of the NetApp Service Processor and Baseboard Management Controller firmware allow a remote unauthenticated attacker to cause a Denial of Service (DoS). | |||||
| CVE-2019-5498 | 1 Netapp | 1 Oncommand Insight | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| OnCommand Insight versions through 7.3.6 may disclose sensitive account information to an authenticated user. | |||||
| CVE-2019-5497 | 1 Netapp | 3 Aff A700s, Aff A700s Firmware, Clustered Data Ontap | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| NetApp AFF A700s Baseboard Management Controller (BMC) firmware versions 1.22 and higher were shipped with a default account enabled that could allow unauthorized arbitrary command execution. | |||||