Netapp

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-9547 4Debian FasterxmlNetapp+1 more 16Active Iq Unified Manager Autovue For Agile Product Lifecycle ManagementBanking Platform+13 more Nov 21, 2024 Mar 2, 2020 N/A· v4 9.8 CRITICAL· v3 6.8 MEDIUM· v2 FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig (aka ibatis-sqlmap).
CVE-2020-9546 4Debian FasterxmlNetapp+1 more 31Active Iq Unified Manager Agile PlmAutovue For Agile Product Lifecycle Management+28 more Apr 29, 2026 Mar 2, 2020 N/A· v4 9.8 CRITICAL· v3 6.8 MEDIUM· v2 FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).
CVE-2019-17275 1Netapp 1Oncommand Cloud Manager Nov 21, 2024 Feb 26, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 OnCommand Cloud Manager versions prior to 3.8.0 are susceptible to arbitrary code execution by remote attackers.
CVE-2019-17274 1Netapp 3All Flash Fabric Attached Storage A400 Firmware Fabric Attached Storage 8300 FirmwareFabric Attached Storage 8700 Firmware Nov 21, 2024 Feb 26, 2020 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 NetApp FAS 8300/8700 and AFF A400 Baseboard Management Controller (BMC) firmware versions 13.x prior to 13.1P1 were shipped with a default account enabled that could allow unauthorized arbitrary command execution via loc...Show more NetApp FAS 8300/8700 and AFF A400 Baseboard Management Controller (BMC) firmware versions 13.x prior to 13.1P1 were shipped with a default account enabled that could allow unauthorized arbitrary command execution via local access.Show less
CVE-2020-9391 3Fedoraproject LinuxNetapp 9Active Iq Unified Manager Cloud BackupData Availability Services+6 more Nov 21, 2024 Feb 25, 2020 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 An issue was discovered in the Linux kernel 5.4 and 5.5 through 5.5.6 on the AArch64 architecture. It ignores the top byte in the address passed to the brk system call, potentially moving the memory break downwards when...Show more An issue was discovered in the Linux kernel 5.4 and 5.5 through 5.5.6 on the AArch64 architecture. It ignores the top byte in the address passed to the brk system call, potentially moving the memory break downwards when the application expects it to move upwards, aka CID-dcde237319e6. This has been observed to cause heap corruption with the GNU C Library malloc implementation.Show less
CVE-2020-9383 5Canonical DebianLinux+2 more 12Active Iq Unified Manager Cloud BackupData Availability Services+9 more Nov 21, 2024 Feb 25, 2020 N/A· v4 7.1 HIGH· v3 3.6 LOW· v2 An issue was discovered in the Linux kernel 3.16 through 5.5.6. set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it, aka CID-...Show more An issue was discovered in the Linux kernel 3.16 through 5.5.6. set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it, aka CID-2e90ca68b0d2.Show less
CVE-2020-1938 7Apache BlackberryDebian+4 more 21Agile Engineering Data Management Agile PlmCommunications Element Manager+18 more Oct 27, 2025 Feb 24, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If su...Show more When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may be surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, Tomcat shipped with an AJP Connector enabled by default that listened on all configured IP addresses. It was expected (and recommended in the security guide) that this Connector would be disabled if not required. This vulnerability report identified a mechanism that allowed: - returning arbitrary files from anywhere in the web application - processing any file in the web application as a JSP Further, if the web application allowed file upload and stored those files within the web application (or the attacker was able to control the content of the web application by some other means) then this, along with the ability to process a file as a JSP, made remote code execution possible. It is important to note that mitigation is only required if an AJP port is accessible to untrusted users. Users wishing to take a defence-in-depth approach and block the vector that permits returning arbitrary files and execution as JSP may upgrade to Apache Tomcat 9.0.31, 8.5.51 or 7.0.100 or later. A number of changes were made to the default AJP Connector configuration in 9.0.31 to harden the default configuration. It is likely that users upgrading to 9.0.31, 8.5.51 or 7.0.100 or later will need to make small changes to their configurations.Show less
CVE-2020-1935 6Apache CanonicalDebian+3 more 20Agile Engineering Data Management Agile Product Lifecycle ManagementCommunications Element Manager+17 more Nov 21, 2024 Feb 24, 2020 N/A· v4 4.8 MEDIUM· v3 5.8 MEDIUM· v2 In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a po...Show more In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. Such a reverse proxy is considered unlikely.Show less
CVE-2019-17569 5Apache DebianNetapp+2 more 16Agile Engineering Data Management Agile PlmCommunications Instant Messaging Server+13 more Nov 21, 2024 Feb 24, 2020 N/A· v4 4.8 MEDIUM· v3 5.8 MEDIUM· v2 The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were incorrectly processed...Show more The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were incorrectly processed leading to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. Such a reverse proxy is considered unlikely.Show less
CVE-2020-9327 5Canonical NetappOracle+2 more 11Cloud Backup Communications Messaging ServerCommunications Network Charging And Control+8 more Nov 21, 2024 Feb 21, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations.
CVE-2020-4135 2Ibm Netapp 2Db2 Oncommand Insight Nov 21, 2024 Feb 19, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow an unauthenticated user to send specially crafted packets to cause a denial of service from excessive memory u...Show more IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow an unauthenticated user to send specially crafted packets to cause a denial of service from excessive memory usage.Show less
CVE-2020-8992 4Canonical LinuxNetapp+1 more 10Active Iq Unified Manager Cloud BackupData Availability Services+7 more Nov 21, 2024 Feb 14, 2020 N/A· v4 5.5 MEDIUM· v3 4.9 MEDIUM· v2 ext4_protect_reserved_inode in fs/ext4/block_validity.c in the Linux kernel through 5.5.3 allows attackers to cause a denial of service (soft lockup) via a crafted journal size.
CVE-2019-14598 2Intel Netapp 2Converged Security Management Engine Firmware Steelstore Cloud Integrated Storage Nov 21, 2024 Feb 13, 2020 N/A· v4 6.7 MEDIUM· v3 4.6 MEDIUM· v2 Improper Authentication in subsystem in Intel(R) CSME versions 12.0 through 12.0.48 (IOT only: 12.0.56), versions 13.0 through 13.0.20, versions 14.0 through 14.0.10 may allow a privileged user to potentially enable esca...Show more Improper Authentication in subsystem in Intel(R) CSME versions 12.0 through 12.0.48 (IOT only: 12.0.56), versions 13.0 through 13.0.20, versions 14.0 through 14.0.10 may allow a privileged user to potentially enable escalation of privilege, denial of service or information disclosure via local access.Show less
CVE-2016-5710 1Netapp 1Snap Creator Framework Nov 21, 2024 Feb 11, 2020 N/A· v4 4.6 MEDIUM· v3 3.5 LOW· v2 NetApp Snap Creator Framework before 4.3P1 allows remote authenticated users to conduct clickjacking attacks via unspecified vectors.
CVE-2020-8840 5Debian FasterxmlHuawei+2 more 8Debian Linux Global Lifecycle Management OpatchJackson Databind+5 more Nov 21, 2024 Feb 10, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.
CVE-2020-8648 6Broadcom CanonicalDebian+3 more 9Active Iq Unified Manager Brocade Fabric Operating System FirmwareCloud Backup+6 more Nov 21, 2024 Feb 6, 2020 N/A· v4 7.1 HIGH· v3 3.6 LOW· v2 There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common function in drivers/tty/n_tty.c.
CVE-2019-9674 3Canonical NetappPython 3Active Iq Unified Manager PythonUbuntu Linux Dec 31, 2025 Feb 4, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb.
CVE-2019-20446 6Canonical DebianFedoraproject+3 more 6Active Iq Unified Manager Debian LinuxFedora+3 more Nov 21, 2024 Feb 2, 2020 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so that the number of fina...Show more In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so that the number of final rendered objects grows exponentially.Show less
CVE-2013-3322 1Netapp 1Oncommand System Manager Nov 21, 2024 Jan 31, 2020 N/A· v4 7.2 HIGH· v3 9.0 HIGH· v2 NetApp OnCommand System Manager 2.1 and earlier allows remote attackers to inject arbitrary commands in the Halt/Reboot interface.
CVE-2019-17273 1Netapp 1E Series Santricity Os Controller Nov 21, 2024 Jan 30, 2020 N/A· v4 6.5 MEDIUM· v3 3.3 LOW· v2 E-Series SANtricity OS Controller Software version 11.60.0 is susceptible to a vulnerability which allows an attacker to cause a Denial of Service (DoS) in IPv6 environments.

Previous 1...899091...126 Next