Filtered by vendor Netapp
Subscribe
Total
2037 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-3997 | 1 Netapp | 1 Clustered Data Ontap | 2017-07-05 | 6.8 MEDIUM | 7.5 HIGH |
| NetApp Clustered Data ONTAP allows man-in-the-middle attackers to obtain sensitive information, gain privileges, or cause a denial of service by leveraging failure to enable SMB signing enforcement in its default state. | |||||
| CVE-2016-3998 | 1 Netapp | 1 Altavault | 2017-07-05 | 5.1 MEDIUM | 8.1 HIGH |
| NetApp AltaVault 4.1 and earlier allows man-in-the-middle attackers to obtain sensitive information, gain privileges, or cause a denial of service via vectors related to the SMB protocol. | |||||
| CVE-2016-5045 | 1 Netapp | 1 Oncommand System Manager | 2017-07-05 | 6.8 MEDIUM | 8.1 HIGH |
| NetApp OnCommand System Manager before 9.0 allows remote attackers to obtain sensitive credentials via vectors related to cluster peering setup. | |||||
| CVE-2017-7236 | 1 Netapp | 1 Oncommand Unified Manager Core Package | 2017-06-02 | 5.0 MEDIUM | 7.5 HIGH |
| SQL injection vulnerability in NetApp OnCommand Unified Manager Core Package 5.x before 5.2.2P1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2017-7439 | 1 Netapp | 1 Oncommand Unified Manager Core Package | 2017-06-02 | 5.0 MEDIUM | 7.5 HIGH |
| NetApp OnCommand Unified Manager Core Package 5.x before 5.2.2P1 might allow remote attackers to obtain sensitive information via vectors involving error messages. | |||||
| CVE-2017-7345 | 1 Netapp | 1 Clustered Data Ontap | 2017-04-17 | 5.0 MEDIUM | 5.3 MEDIUM |
| NetApp OnCommand Performance Manager and OnCommand Unified Manager for Clustered Data ONTAP before 7.1P1 improperly bind the Java Management Extension Remote Method Invocation (aka JMX RMI) service to the network, which allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2017-5988 | 1 Netapp | 1 Clustered Data Ontap | 2017-04-14 | 5.0 MEDIUM | 7.5 HIGH |
| NetApp Clustered Data ONTAP 8.1 through 9.1P1, when NFS or SMB is enabled, allows remote attackers to cause a denial of service via unspecified vectors. | |||||
| CVE-2016-5374 | 1 Netapp | 1 Data Ontap | 2017-03-14 | 6.5 MEDIUM | 8.8 HIGH |
| NetApp Data ONTAP 9.0 and 9.1 before 9.1P1 allows remote authenticated users that own SMB-hosted data to bypass intended sharing restrictions by leveraging improper handling of the owner_rights ACL entry. | |||||
| CVE-2016-4341 | 1 Netapp | 1 Clustered Data Ontap | 2017-02-24 | 5.0 MEDIUM | 7.5 HIGH |
| NetApp Clustered Data ONTAP before 8.3.2P7 allows remote attackers to obtain SMB share information via unspecified vectors. | |||||
| CVE-2016-1502 | 1 Netapp | 1 Snapcenter Server | 2017-02-24 | 7.5 HIGH | 7.3 HIGH |
| NetApp SnapCenter Server 1.0 and 1.0P1 allows remote attackers to partially bypass authentication and then list and delete backups via unspecified vectors. | |||||
| CVE-2016-6667 | 1 Netapp | 1 Oncommand Unified Manager For Clustered Data Ontap | 2017-02-24 | 7.5 HIGH | 9.8 CRITICAL |
| NetApp OnCommand Unified Manager for Clustered Data ONTAP 6.3 through 6.4P1 contain a default privileged account, which allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2016-6495 | 1 Netapp | 1 Data Ontap | 2017-02-24 | 4.3 MEDIUM | 5.9 MEDIUM |
| NetApp Data ONTAP before 8.2.4P5, when operating in 7-Mode, allows remote attackers to obtain information about the volumes configured for HTTP access. | |||||
| CVE-2016-5711 | 1 Netapp | 1 Virtual Storage Console For Vmware Vsphere | 2017-02-24 | 6.8 MEDIUM | 9.8 CRITICAL |
| NetApp Virtual Storage Console for VMware vSphere before 6.2.1 uses a non-unique certificate, which allows remote attackers to conduct man-in-the-middle attacks via unspecified vectors. | |||||
| CVE-2016-7171 | 1 Netapp | 1 Netapp Plug-in | 2016-12-23 | 6.8 MEDIUM | 5.6 MEDIUM |
| NetApp Plug-in for Symantec NetBackup prior to version 2.0.1 makes use of a non-unique server certificate, making it vulnerable to impersonation. | |||||
| CVE-2015-3292 | 1 Netapp | 1 Oncommand Workflow Automation | 2016-12-02 | 10.0 HIGH | N/A |
| The installer in NetApp OnCommand Workflow Automation before 2.2.1P1 and 3.x before 3.0P1 sets up the Java Debugging Wire Protocol (JDWP) service, which allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2014-9354 | 1 Netapp | 1 Oncommand Balance | 2015-02-09 | 4.0 MEDIUM | N/A |
| NetApp OnCommand Balance before 4.2P3 allows local users to obtain sensitive information via unspecified vectors related to cleartext storage. | |||||
| CVE-2014-9353 | 1 Netapp | 1 Oncommand Balance | 2015-02-06 | 10.0 HIGH | N/A |
| NetApp OnCommand Balance before 4.2P2 contains a "default privileged account," which allows remote attackers to gain privileges via unspecified vectors. | |||||