Filtered by vendor Netapp
Subscriptions
Total
2388 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-20012 | 2 Netapp, Openbsd | 5 Clustered Data Ontap, Hci Management Node, Ontap Select Deploy Administration Utility and 2 more | 2024-11-21 | 5.3 Medium |
| OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent only when that combination could be valid for a login session. NOTE: the vendor does not recognize user enumeration as a vulnerability for this product | ||||
| CVE-2016-10708 | 5 Canonical, Debian, Netapp and 2 more | 13 Ubuntu Linux, Debian Linux, Cloud Backup and 10 more | 2024-11-21 | N/A |
| sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c. | ||||
| CVE-2016-1000338 | 4 Bouncycastle, Canonical, Netapp and 1 more | 6 Legion-of-the-bouncy-castle-java-crytography-api, Ubuntu Linux, 7-mode Transition Tool and 3 more | 2024-11-21 | 7.5 High |
| In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of 'invisible' data into a signed structure. | ||||
| CVE-2015-20107 | 4 Fedoraproject, Netapp, Python and 1 more | 7 Fedora, Active Iq Unified Manager, Ontap Select Deploy Administration Utility and 4 more | 2024-11-21 | 7.6 High |
| In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments). The fix is also back-ported to 3.7, 3.8, 3.9 | ||||
| CVE-2013-3322 | 1 Netapp | 1 Oncommand System Manager | 2024-11-21 | 7.2 High |
| NetApp OnCommand System Manager 2.1 and earlier allows remote attackers to inject arbitrary commands in the Halt/Reboot interface. | ||||
| CVE-2013-3321 | 1 Netapp | 1 Oncommand System Manager | 2024-11-21 | 7.5 High |
| NetApp OnCommand System Manager 2.1 and earlier allows remote attackers to include arbitrary files through specially crafted requests to the "diagnostic" page using the SnapMirror log path parameter. | ||||
| CVE-2013-3320 | 1 Netapp | 1 Oncommand System Manager | 2024-11-21 | 6.1 Medium |
| Cross-site Scripting (XSS) vulnerability in NetApp OnCommand System Manager before 2.2 allows remote attackers to inject arbitrary web script or HTML via the 'full-name' and 'comment' fields. | ||||
| CVE-2009-5155 | 2 Gnu, Netapp | 4 Glibc, Cloud Backup, Ontap Select Deploy Administration Utility and 1 more | 2024-11-21 | N/A |
| In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match. | ||||