Filtered by vendor Netapp
Subscribe
Total
2037 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-8740 | 2 Intel, Netapp | 325 Bios, Core I5-7640x, Core I7-3820 and 322 more | 2021-01-28 | 4.6 MEDIUM | 6.7 MEDIUM |
| Out of bounds write in Intel BIOS platform sample code for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2018-5968 | 4 Debian, Fasterxml, Netapp and 1 more | 10 Debian Linux, Jackson-databind, E-series Santricity Os Controller and 7 more | 2021-01-21 | 6.8 MEDIUM | 8.1 HIGH |
| FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. This is exploitable via two different gadgets that bypass a blacklist. | |||||
| CVE-2017-17485 | 4 Debian, Fasterxml, Netapp and 1 more | 9 Debian Linux, Jackson-databind, E-series Santricity Os Controller and 6 more | 2021-01-19 | 7.5 HIGH | 9.8 CRITICAL |
| FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the Spring libraries are available in the classpath. | |||||
| CVE-2018-1000873 | 3 Fasterxml, Netapp, Oracle | 6 Jackson-modules-java8, Active Iq Unified Manager, Clusterware and 3 more | 2021-01-19 | 4.3 MEDIUM | 6.5 MEDIUM |
| Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in Jackson-Modules-Java8 that can result in Causes a denial-of-service (DoS). This attack appear to be exploitable via The victim deserializes malicious input, specifically very large values in the nanoseconds field of a time value. This vulnerability appears to have been fixed in 2.9.8. | |||||
| CVE-2019-0192 | 2 Apache, Netapp | 2 Solr, Storage Automation Store | 2020-12-09 | 7.5 HIGH | 9.8 CRITICAL |
| In Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5, the Config API allows to configure the JMX server via an HTTP POST request. By pointing it to a malicious RMI server, an attacker could take advantage of Solr's unsafe deserialization to trigger remote code execution on the Solr side. | |||||
| CVE-2020-8749 | 2 Intel, Netapp | 2 Active Management Technology, Cloud Backup | 2020-11-18 | 5.8 MEDIUM | 8.8 HIGH |
| Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. | |||||
| CVE-2020-8760 | 2 Intel, Netapp | 2 Active Management Technology, Cloud Backup | 2020-11-18 | 4.6 MEDIUM | 7.8 HIGH |
| Integer overflow in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 14.0.45 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2020-8757 | 2 Intel, Netapp | 2 Active Management Technology, Cloud Backup | 2020-11-18 | 4.6 MEDIUM | 6.7 MEDIUM |
| Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2020-8747 | 2 Intel, Netapp | 2 Active Management Technology, Cloud Backup | 2020-11-18 | 6.4 MEDIUM | 9.1 CRITICAL |
| Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information disclosure and/or denial of service via network access. | |||||
| CVE-2020-8746 | 2 Intel, Netapp | 2 Active Management Technology, Cloud Backup | 2020-11-18 | 3.3 LOW | 6.5 MEDIUM |
| Integer overflow in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | |||||
| CVE-2020-12356 | 2 Intel, Netapp | 2 Active Management Technology, Cloud Backup | 2020-11-18 | 2.1 LOW | 4.4 MEDIUM |
| Out-of-bounds read in subsystem in Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow a privileged user to potentially enable information disclosure via local access. | |||||
| CVE-2020-8752 | 2 Intel, Netapp | 3 Active Management Technology, Standard Manageability, Cloud Backup | 2020-11-18 | 7.5 HIGH | 9.8 CRITICAL |
| Out-of-bounds write in IPv6 subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 14.0.45 may allow an unauthenticated user to potentially enable escalation of privileges via network access. | |||||
| CVE-2020-8754 | 2 Intel, Netapp | 3 Active Management Technology, Standard Manageability, Cloud Backup | 2020-11-18 | 5.0 MEDIUM | 7.5 HIGH |
| Out-of-bounds read in subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information disclosure via network access. | |||||
| CVE-2020-8577 | 1 Netapp | 1 E-series Santricity Os Controller | 2020-11-13 | 4.3 MEDIUM | 5.9 MEDIUM |
| SANtricity OS Controller Software versions 11.50.1 and higher are susceptible to a vulnerability which could allow an attacker to discover sensitive information by intercepting its transmission within an https session. | |||||
| CVE-2020-8580 | 1 Netapp | 1 E-series Santricity Os Controller | 2020-11-12 | 5.0 MEDIUM | 7.5 HIGH |
| SANtricity OS Controller Software versions 11.30 and higher are susceptible to a vulnerability which allows an unauthenticated attacker with access to the system to cause a Denial of Service (DoS). | |||||
| CVE-2020-8579 | 1 Netapp | 1 Clustered Data Ontap | 2020-10-27 | 5.0 MEDIUM | 7.5 HIGH |
| Clustered Data ONTAP versions 9.7 through 9.7P7 are susceptible to a vulnerability which allows an attacker with access to an intercluster LIF to cause a Denial of Service (DoS). | |||||
| CVE-2019-5436 | 7 Debian, F5, Fedoraproject and 4 more | 11 Debian Linux, Traffix Signaling Delivery Controller, Fedora and 8 more | 2020-10-20 | 4.6 MEDIUM | 7.8 HIGH |
| A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1. | |||||
| CVE-2018-12538 | 2 Eclipse, Netapp | 12 Jetty, E-series Santricity Management Plug-ins, E-series Santricity Os Controller and 9 more | 2020-10-20 | 6.5 MEDIUM | 8.8 HIGH |
| In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access/hijack other HttpSessions and even delete unmatched HttpSessions present in the FileSystem's storage for the FileSessionDataStore. | |||||
| CVE-2017-3136 | 4 Debian, Isc, Netapp and 1 more | 11 Debian Linux, Bind, Data Ontap Edge and 8 more | 2020-10-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| A query with a specific set of characteristics could cause a server using DNS64 to encounter an assertion failure and terminate. An attacker could deliberately construct a query, enabling denial-of-service against a server if it was configured to use the DNS64 feature and other preconditions were met. Affects BIND 9.8.0 -> 9.8.8-P1, 9.9.0 -> 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.0 -> 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0 -> 9.11.0-P3, 9.11.1b1->9.11.1rc1, 9.9.3-S1 -> 9.9.9-S8. | |||||
| CVE-2019-3856 | 7 Debian, Fedoraproject, Libssh2 and 4 more | 13 Debian Linux, Fedora, Libssh2 and 10 more | 2020-10-15 | 6.8 MEDIUM | 8.8 HIGH |
| An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server. | |||||