Netapp

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2018-2622 6Canonical DebianMariadb+3 more 15Active Iq Unified Manager Debian LinuxEnterprise Linux Desktop+12 more Nov 21, 2024 Jan 18, 2018 N/A· v4 6.5 MEDIUM· v3 6.8 MEDIUM· v2 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability...Show more Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).Show less
CVE-2018-2612 5Canonical DebianMariadb+2 more 8Active Iq Unified Manager Debian LinuxMariadb+5 more Nov 21, 2024 Jan 18, 2018 N/A· v4 6.5 MEDIUM· v3 7.5 HIGH· v2 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged...Show more Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H).Show less
CVE-2018-2581 3Netapp OracleRedhat 20Active Iq Unified Manager Cloud BackupE Series Santricity Management Plug Ins+17 more Nov 21, 2024 Jan 18, 2018 N/A· v4 4.7 MEDIUM· v3 4.3 MEDIUM· v2 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE: 7u161, 8u152 and 9.0.1. Easily exploitable vulnerability allows unauthenticated attacker...Show more Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE: 7u161, 8u152 and 9.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N).Show less
CVE-2018-2562 6Canonical DebianMariadb+3 more 15Active Iq Unified Manager Debian LinuxEnterprise Linux Desktop+12 more Nov 21, 2024 Jan 18, 2018 N/A· v4 7.1 HIGH· v3 7.5 HIGH· v2 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnera...Show more Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H).Show less
CVE-2017-17485 4Debian FasterxmlNetapp+1 more 8Debian Linux E Series Santricity Os ControllerE Series Santricity Web Services Proxy+5 more Aug 27, 2025 Jan 10, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending malic...Show more FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the Spring libraries are available in the classpath.Show less
CVE-2017-5753 13Arm CanonicalDebian+10 more 308Atom C Atom EAtom X3+305 more May 28, 2026 Jan 4, 2018 N/A· v4 5.6 MEDIUM· v3 4.7 MEDIUM· v2 Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
CVE-2017-5715 7Arm CanonicalDebian+4 more 220Atom C Atom EAtom X3+217 more May 6, 2025 Jan 4, 2018 N/A· v4 5.6 MEDIUM· v3 1.9 LOW· v2 Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
CVE-2017-14583 1Netapp 1Clustered Data Ontap May 13, 2026 Dec 18, 2017 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 NetApp Clustered Data ONTAP versions 9.x prior to 9.1P10 and 9.2P2 are susceptible to a vulnerability which allows an attacker to cause a Denial of Service (DoS) in SMB environments.
CVE-2016-6904 1Netapp 1Vasa Provider May 13, 2026 Dec 11, 2017 N/A· v4 8.1 HIGH· v3 4.3 MEDIUM· v2 Versions of VASA Provider for Clustered Data ONTAP prior to 7.0P1 contain a web server that accepts plain text authentication. This could allow an unauthenticated attacker to obtain authentication credentials.
CVE-2017-15707 3Apache NetappOracle 12Agile Plm Framework Enterprise Manager For VirtualizationFinancial Services Hedge Management And Ifrs Valuations+9 more May 13, 2026 Dec 1, 2017 N/A· v4 6.2 MEDIUM· v3 5.0 MEDIUM· v2 In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an outdated JSON-lib library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted JSON payload.
CVE-2017-15517 1Netapp 1Altavault Ost Plug In May 13, 2026 Nov 17, 2017 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 AltaVault OST Plug-in versions prior to 1.2.2 may allow attackers to obtain sensitive information via unspecified vectors. All users are urged to move to a fixed version and change passwords used by Veritas NetBackup to...Show more AltaVault OST Plug-in versions prior to 1.2.2 may allow attackers to obtain sensitive information via unspecified vectors. All users are urged to move to a fixed version and change passwords used by Veritas NetBackup to access the OST shares on the NetApp AltaVault as a precaution.Show less
CVE-2017-15516 1Netapp 1Snapcenter Server May 13, 2026 Nov 16, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 NetApp SnapCenter Server versions 1.1 through 2.x are susceptible to a Cross-Site Request Forgery (CSRF) vulnerability which could be used to cause an unintended authenticated action in the user interface.
CVE-2016-8610 7Debian FujitsuNetapp+4 more 45Adaptive Access Manager Application Testing SuiteClustered Data Ontap+42 more May 13, 2026 Nov 13, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use t...Show more A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.Show less
CVE-2017-5201 1Netapp 1Clustered Data Ontap May 13, 2026 Nov 10, 2017 N/A· v4 5.7 MEDIUM· v3 2.7 LOW· v2 NetApp Clustered Data ONTAP before 8.3.2P8 and 9.0 before P2 allow remote authenticated users to obtain sensitive cluster and tenant information via unspecified vectors, a different vulnerability than CVE-2016-3064.
CVE-2017-11461 1Netapp 1Oncommand Unified Manager May 13, 2026 Nov 10, 2017 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 NetApp OnCommand Unified Manager for 7-mode (core package) versions prior to 5.2.1 are susceptible to a clickjacking or "UI redress attack" which could be used to cause a user to perform an unintended action in the user...Show more NetApp OnCommand Unified Manager for 7-mode (core package) versions prior to 5.2.1 are susceptible to a clickjacking or "UI redress attack" which could be used to cause a user to perform an unintended action in the user interface.Show less
CVE-2017-16642 4Canonical DebianNetapp+1 more 5Clustered Data Ontap Debian LinuxPhp+2 more May 13, 2026 Nov 7, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension's timelib_meridian handling of 'front of' and 'back of' directives could be used by attackers able to supply date strings t...Show more In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension's timelib_meridian handling of 'front of' and 'back of' directives could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function. NOTE: this is a different issue than CVE-2017-11145.Show less
CVE-2017-15906 5Debian NetappOpenbsd+2 more 21Active Iq Unified Manager Cloud BackupClustered Data Ontap+18 more May 28, 2026 Oct 26, 2017 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.
CVE-2017-10388 4Debian NetappOracle+1 more 29Active Iq Unified Manager Cloud BackupDebian Linux+26 more May 13, 2026 Oct 19, 2017 N/A· v4 7.5 HIGH· v3 5.1 MEDIUM· v2 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Difficult to exp...Show more Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: Applies to the Java SE Kerberos client. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).Show less
CVE-2017-10384 5Debian MariadbNetapp+2 more 17Active Iq Unified Manager Debian LinuxEnterprise Linux Desktop+14 more May 13, 2026 Oct 19, 2017 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.57 and earlier 5.6.37 and earlier 5.7.19 and earlier. Easily exploitable vulnerability...Show more Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.57 and earlier 5.6.37 and earlier 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).Show less
CVE-2017-10379 5Debian MariadbNetapp+2 more 17Active Iq Unified Manager Debian LinuxEnterprise Linux Desktop+14 more May 13, 2026 Oct 19, 2017 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vuln...Show more Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).Show less

Previous 1...117118119...126 Next