VIR Vulnerability Intelligence Relay

Search

Found 116 results in 51ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2024-6119 high 7.5 7.5 FIX rhel sles rocky opensslnetapp 2y ago Moderate: openssl security update
CVE-2024-6387 high 8.1 9.1 EXPFIX rhelarch arch sles openbsdredhatnetapp 2y ago A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote a…
CVE-2024-33602 high 7.4 7.4 FIX rhel rockydebian debian gnunetapp 2y ago RHSA-2024:3344: glibc security update (Important)
CVE-2024-2961 high 7.3 8.3 EXPFIX rhel rockydebian debian gnunetapp 2y ago RHSA-2024:3269: glibc security update (Important)
CVE-2023-44487 high 7.5 10.0 KEVEXPFIX rocky rheldebian debian siemensietfnghttp2 3y ago The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
CVE-2023-38545 critical 9.8 9.8 FIX rhelarch archdebian debian haxxnetapp 3y ago This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to the SOCKS5 proxy to allow that to resolve the address instead of it…
CVE-2023-4911 high 7.8 10.0 KEVEXPFIX rhel rocky sles gnuredhatnetapp 3y ago GNU C Library's dynamic loader ld.so contains a buffer overflow vulnerability when processing the GLIBC_TUNABLES environment variable, allowing a local attacker to execute code with elevated privileg…
CVE-2022-43945 high 7.5 7.5 FIX arch arch rhel rocky netapp 3y ago The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send …
CVE-2022-34169 high 7.5 7.5 FIX debian debian rhel sles apacheoraclenetapp 4y ago RHSA-2022:5726: java-17-openjdk security, bug fix, and enhancement update (Important)
CVE-2022-27781 high 7.5 7.5 FIX arch archdebian debian sles haxxnetappsplunk 4y ago libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make li…
CVE-2022-27775 high 7.5 7.5 FIX rhelarch archdebian debian haxxnetappsplunk 4y ago An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a conn…
CVE-2022-22576 high 8.1 8.1 FIX rhelarch archdebian debian haxxnetappsplunk 4y ago An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was au…
CVE-2022-25647 high 7.5 7.5 FIX slesdebian debian googlenetapporacle 4y ago Deserialization of Untrusted Data in Gson
CVE-2022-21476 high 7.5 7.5 FIX rhelarch arch sles oraclenetappazul 4y ago RHSA-2022:1491: java-1.8.0-openjdk security update (Important)
CVE-2022-0778 high 7.5 7.5 FIX rhel sles rocky opensslnetapptenable 4y ago RHSA-2022:5326: compat-openssl10 security update (Low)
CVE-2022-0492 high 7.8 10.0 KEVEXPFIX sles rockydebian debian redhatnetapp 4y ago Linux Kernel contains an improper authentication vulnerability which could allow for privilege escalation via the cgroups v1 release_agent feature.
CVE-2022-23305 critical 9.8 9.8 FIX debian debian sles rocky apachenetappbroadcom 4y ago RHSA-2022:0290: parfait:0.5 security update (Important)
CVE-2022-23302 high 8.8 8.8 FIX debian debian sles rocky apachenetappbroadcom 4y ago RHSA-2022:0290: parfait:0.5 security update (Important)
CVE-2021-41617 high 7.0 7.0 FIX arch arch sles rocky openbsdnetapporacle 5y ago sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs …
CVE-2021-38202 high 7.5 7.5 FIX debian debian linux-kernel netapp 5y ago fs/nfsd/trace.h in the Linux kernel before 5.13.4 might allow remote attackers to cause a denial of service (out-of-bounds read in strlen) by sending NFS traffic when the trace event framework is bei…
CVE-2021-22926 high 7.5 7.5 sles haxxnetapporacle 5y ago libcurl-using applications can ask for a specific client certificate to be used in a transfer. This is done with the `CURLOPT_SSLCERT` option (`--cert` with the command line tool).When libcurl is bui…
CVE-2020-36183 high 8.1 8.1 FIX debian debian fasterxmlnetapporacle 6y ago Unsafe Deserialization in jackson-databind
CVE-2020-35728 high 8.1 8.1 FIX slesdebian debian fasterxmlnetapporacle 6y ago Serialization gadget exploit in jackson-databind
CVE-2020-14060 high 8.1 8.1 FIX debian debian fasterxmlnetapporacle 6y ago Deserialization of untrusted data in Jackson Databind
CVE-2020-14062 high 8.1 8.1 FIX debian debian fasterxmlnetapporacle 6y ago Deserialization of untrusted data in Jackson Databind
CVE-2020-11619 high 8.1 8.1 FIX debian debian fasterxmlnetapporacle 6y ago jackson-databind mishandles the interaction between serialization gadgets and typing
CVE-2020-11113 high 8.8 8.8 FIX debian debian fasterxmlnetapporacle 6y ago jackson-databind mishandles the interaction between serialization gadgets and typing
CVE-2020-11112 high 8.8 8.8 FIX debian debian fasterxmlnetapporacle 6y ago jackson-databind mishandles the interaction between serialization gadgets and typing
CVE-2020-9546 critical 9.8 9.8 FIX debian debian rocky rhel fasterxmlnetapporacle 6y ago RHSA-2020:1644: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (Moderate)
CVE-2019-17571 critical 9.8 9.8 FIX debian debian slesubuntu ubuntu apachenetapporacle 7y ago Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization ga…
CVE-2019-11068 critical 9.8 9.8 FIX slesdebian debianubuntu ubuntu xmlsoftoraclenetapp 7y ago RHSA-2020:4464: libxslt security update (Moderate)
CVE-2016-10708 high 7.5 7.5 FIX slesdebian debianubuntu ubuntu openbsdnetapp 9y ago sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, relat…
CVE-2016-6904 high 8.1 8.1 netapp 9y ago Versions of VASA Provider for Clustered Data ONTAP prior to 7.0P1 contain a web server that accepts plain text authentication. This could allow an unauthenticated attacker to obtain authentication cr…
CVE-2017-15516 high 8.8 8.8 netapp 9y ago NetApp SnapCenter Server versions 1.1 through 2.x are susceptible to a Cross-Site Request Forgery (CSRF) vulnerability which could be used to cause an unintended authenticated action in the user inte…
CVE-2016-8610 high 7.5 7.5 FIX sles rheldebian debian opensslredhatnetapp 9y ago A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote…
CVE-2017-16642 high 7.5 8.5 EXP slesdebian debianubuntu ubuntu phpnetapp 9y ago In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension's timelib_meridian handling of 'front of' and 'back of' directives could be used by attackers able to …
CVE-2017-10388 high 7.5 7.5 FIX slesdebian debian rhel oracleredhatnetapp 9y ago Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u…
CVE-2017-10346 critical 9.6 9.6 FIX sles rheldebian debian oracleredhatnetapp 9y ago Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u14…
CVE-2017-10309 high 7.1 8.1 EXPFIX sles rheldebian debian oracleredhatnetapp 9y ago Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 8u144 and 9. Easily exploitable vulnerability allows unauthentic…
CVE-2017-10285 critical 9.6 9.6 FIX slesdebian debian rhel oracleredhatnetapp 9y ago Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. E…
CVE-2016-4461 high 8.8 8.8 apachenetapp 9y ago Apache Struts forced double OGNL evaluation
CVE-2017-14053 high 7.5 7.5 netapp 9y ago NetApp OnCommand Unified Manager for Clustered Data ONTAP before 7.2P1 does not set the secure flag for an unspecified cookie in an HTTPS session, which makes it easier for remote attackers to captur…
CVE-2017-12423 high 7.7 7.7 netapp 9y ago NetApp Clustered Data ONTAP 8.3.x before 8.3.2P12 allows remote authenticated users to read data on other Storage Virtual Machines (SVMs) via unspecified vectors.
CVE-2017-12421 high 8.8 8.8 netapp 9y ago NetApp Clustered Data ONTAP 8.3.x before 8.3.2P12 allows remote authenticated users to execute arbitrary code on the storage controller via unspecified vectors.
CVE-2017-12420 high 8.8 8.8 netapp 9y ago Heap-based buffer overflow in the SMB implementation in NetApp Clustered Data ONTAP before 8.3.2P8 and 9.0 before P2 allows remote authenticated users to cause a denial of service or execute arbitrar…
CVE-2016-6796 high 7.5 7.5 slesdebian debian rhel apachenetapporacle 9y ago Apache Tomcat vulnerable to SecurityManager bypass
CVE-2016-6797 high 7.5 7.5 slesdebian debian rhel apacheoraclenetapp 9y ago Incorrect Authorization in Apache Tomcat
CVE-2016-5018 critical 9.1 9.1 slesdebian debian rhel apachenetappredhat 9y ago Authentication Bypass Using an Alternate Path or Channel in Apache Tomcat
CVE-2017-10176 high 7.5 7.5 FIX slesdebian debian oraclephoenixcontactnetapp 9y ago Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u13…
CVE-2017-10125 high 7.1 7.1 FIX slesdebian debian oraclenetapp 9y ago Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 7u141 and 8u131. Difficult to exploit vulnerability allows physi…
CVE-2017-10118 high 7.5 7.5 FIX slesdebian debian oraclephoenixcontactnetapp 9y ago Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131; JR…
CVE-2017-10116 high 8.3 8.3 FIX slesdebian debian rhel oraclephoenixcontactredhat 9y ago Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedde…
CVE-2017-10115 high 7.5 7.5 FIX debian debian rhel oraclephoenixcontactredhat 9y ago Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u…
CVE-2017-10114 high 8.3 8.3 FIX slesdebian debian oraclenetapp 9y ago Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE: 7u141 and 8u131. Difficult to exploit vulnerability allows unauthent…
CVE-2017-10111 critical 9.6 9.6 FIX slesdebian debian rhel oraclenetapp 9y ago Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). The supported version that is affected is Java SE: 8u131; Java SE Embedded: 8u131. Easily exploit…
CVE-2017-10110 critical 9.6 9.6 FIX slesdebian debian rhel oracleredhatnetapp 9y ago Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthe…
CVE-2017-10107 critical 9.6 9.6 FIX slesdebian debian rhel oracleredhatnetapp 9y ago Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easi…
CVE-2017-10102 critical 9.0 9.0 FIX slesdebian debian rhel oraclephoenixcontactnetapp 9y ago Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Diff…
CVE-2017-10101 critical 9.6 9.6 FIX slesdebian debian rhel oracleredhatnetapp 9y ago Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Eas…
CVE-2017-10096 critical 9.6 9.6 FIX slesdebian debian rhel oracleredhatnetapp 9y ago Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Eas…
CVE-2017-10090 critical 9.6 9.6 FIX slesdebian debian rhel oraclenetappredhat 9y ago Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131. Easil…
CVE-2017-10089 critical 9.6 9.6 FIX slesdebian debian rhel oracleredhatnetapp 9y ago Vulnerability in the Java SE component of Oracle Java SE (subcomponent: ImageIO). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows una…
CVE-2017-10087 critical 9.6 9.6 FIX slesdebian debian rhel oracleredhatnetapp 9y ago Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131…
CVE-2017-10086 critical 9.6 9.6 FIX slesdebian debian oraclenetapp 9y ago Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE: 7u141 and 8u131. Easily exploitable vulnerability allows unauthentic…
CVE-2017-10078 high 8.1 8.1 FIX slesdebian debian rhel oracleredhatphoenixcontact 9y ago Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Scripting). The supported version that is affected is Java SE: 8u131. Easily exploitable vulnerability allows low privileged at…
CVE-2017-10074 high 8.3 8.3 FIX slesdebian debian rhel oraclenetapp 9y ago Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. …
CVE-2017-10067 high 7.5 7.5 FIX slesdebian debian rhel oracleredhatnetapp 9y ago Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Difficult to exploit vulnerability allows …
CVE-2015-7871 critical 9.8 10.0 EXPFIX debian debian ntpnetapp 9y ago Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication.
CVE-2015-7854 high 8.8 8.8 FIX debian debian ntpnetapp 9y ago Buffer overflow in the password management functionality in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (daemon crash) or possibly…
CVE-2015-7853 critical 9.8 9.8 FIX debian debian ntpnetapp 9y ago The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative…
CVE-2015-7849 high 8.8 8.8 FIX debian debian ntpnetapp 9y ago Use-after-free vulnerability in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to possibly execute arbitrary code or cause a denial of service (crash) via…
CVE-2015-7705 critical 9.8 9.8 FIX debian debian ntpnetappcitrix 9y ago The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests.
CVE-2015-7704 high 7.5 7.5 FIX debian debian rhel ntpnetappmcafee 9y ago The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages.
CVE-2015-7701 high 7.5 7.5 FIX debian debian rhel ntpnetapp 9y ago Memory leak in the CRYPTO_ASSOC function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (memory consumption).
CVE-2015-7692 high 7.5 7.5 FIX debian debian rhel ntpnetapp 9y ago The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomple…
CVE-2015-7691 high 7.5 7.5 FIX debian debian rhel ntpnetapp 9y ago The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted packets containing particular autokey op…
CVE-2015-7887 high 8.1 8.1 netapp 9y ago NetApp SnapCenter Server 1.0 allows remote authenticated users to list and delete backups.
CVE-2016-8743 high 7.5 7.5 FIX debian debian sles rhel apachenetappredhat 9y ago Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors repres…
CVE-2015-7703 high 7.5 7.5 FIX debian debian rhel ntpnetapp 9y ago The "pidfile" or "driftfile" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, when ntpd is configured to allow remote configuration, allows remote attackers with an IP address th…
CVE-2017-9788 critical 9.1 9.1 FIX debian debianarch arch sles apachenetappredhat 9y ago In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assi…
CVE-2017-11147 critical 9.1 9.1 sles phpnetapp 9y ago In PHP before 5.6.30 and 7.x before 7.0.15, the PHAR archive handler could be used by attackers supplying malicious archive files to crash the PHP interpreter or potentially disclose information due …
CVE-2016-5045 high 8.1 8.1 netapp 9y ago NetApp OnCommand System Manager before 9.0 allows remote attackers to obtain sensitive credentials via vectors related to cluster peering setup.
CVE-2016-3998 high 8.1 8.1 netapp 9y ago NetApp AltaVault 4.1 and earlier allows man-in-the-middle attackers to obtain sensitive information, gain privileges, or cause a denial of service via vectors related to the SMB protocol.
CVE-2016-3997 high 7.5 7.5 netapp 9y ago NetApp Clustered Data ONTAP allows man-in-the-middle attackers to obtain sensitive information, gain privileges, or cause a denial of service by leveraging failure to enable SMB signing enforcement i…
CVE-2016-3400 high 7.5 7.5 netapp 9y ago NetApp Data ONTAP 8.1 and 8.2, when operating in 7-Mode, allows man-in-the-middle attackers to obtain sensitive information, gain privileges, or cause a denial of service via vectors related to the S…
CVE-2017-7668 high 7.5 7.5 FIX debian debianarch arch rhel apachenetapporacle 9y ago The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously…
CVE-2017-3167 critical 9.8 9.8 FIX debian debianarch arch sles apachenetappredhat 9y ago In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being…
CVE-2017-7439 high 7.5 7.5 netapp 9y ago NetApp OnCommand Unified Manager Core Package 5.x before 5.2.2P1 might allow remote attackers to obtain sensitive information via vectors involving error messages.
CVE-2017-7236 high 7.5 7.5 netapp 9y ago SQL injection vulnerability in NetApp OnCommand Unified Manager Core Package 5.x before 5.2.2P1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2016-9843 critical 9.8 9.8 FIX slesdebian debianubuntu ubuntu zliboracleredhat 9y ago The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.
CVE-2016-9841 critical 9.8 9.8 FIX slesdebian debianubuntu ubuntu zliboracleredhat 9y ago inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
CVE-2017-9119 critical 9.8 9.8 sles phpnetapp 9y ago The i_zval_ptr_dtor function in Zend/zend_variables.h in PHP 7.1.5 allows attackers to cause a denial of service (memory consumption and application crash) or possibly have unspecified other impact b…
CVE-2017-5645 critical 9.8 9.8 FIX debian debian sles rhel apachenetappredhat 9y ago Deserialization of Untrusted Data in Log4j
CVE-2017-5988 high 7.5 7.5 netapp 9y ago NetApp Clustered Data ONTAP 8.1 through 9.1P1, when NFS or SMB is enabled, allows remote attackers to cause a denial of service via unspecified vectors.
CVE-2017-5995 high 7.5 7.5 netapp 9y ago The NetApp ONTAP Select Deploy administration utility 2.0 through 2.2.1 might allow remote attackers to obtain sensitive information via unspecified vectors.
CVE-2016-5374 high 8.8 8.8 netapp 9y ago NetApp Data ONTAP 9.0 and 9.1 before 9.1P1 allows remote authenticated users that own SMB-hosted data to bypass intended sharing restrictions by leveraging improper handling of the owner_rights ACL e…
CVE-2016-6667 critical 9.8 9.8 netapp 9y ago NetApp OnCommand Unified Manager for Clustered Data ONTAP 6.3 through 6.4P1 contain a default privileged account, which allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2016-5711 critical 9.8 9.8 netapp 9y ago NetApp Virtual Storage Console for VMware vSphere before 6.2.1 uses a non-unique certificate, which allows remote attackers to conduct man-in-the-middle attacks via unspecified vectors.
CVE-2016-4341 high 7.5 7.5 netapp 9y ago NetApp Clustered Data ONTAP before 8.3.2P7 allows remote attackers to obtain SMB share information via unspecified vectors.
CVE-2016-3063 high 7.5 7.5 netapp 9y ago Multiple functions in NetApp OnCommand System Manager before 8.3.2 do not properly escape special characters, which allows remote authenticated users to execute arbitrary API calls via unspecified ve…