VYPR

Vendor CVEs

NetApp

All CVEs

362 total · sorted by risk
  • CVE-2025-26515Sep 19, 2025
    risk 0.00cvss epss 0.00

    StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8.0.15 and 11.9.0.8 without Single Sign-on enabled are susceptible to a Server-Side Request Forgery (SSRF) vulnerability. Successful exploit could allow an unauthenticated attacker to change the password of any…

  • CVE-2025-26514Sep 19, 2025
    risk 0.00cvss epss 0.00

    StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8.0.15 and 11.9.0.8 are susceptible to a Reflected Cross-Site Scripting vulnerability. Successful exploit could allow an attacker to view or modify configuration settings or add or modify user accounts but…

  • CVE-2025-26513Aug 7, 2025
    risk 0.00cvss epss 0.00

    The installer for SAN Host Utilities for Windows versions prior to 8.0 is susceptible to a vulnerability which when successfully exploited could allow a local user to escalate their privileges.

  • CVE-2025-26512Mar 24, 2025
    risk 0.00cvss epss 0.01

    SnapCenter versions prior to 6.0.1P1 and 6.1P1 are susceptible to a vulnerability which may allow an authenticated SnapCenter Server user to become an admin user on a remote system where a SnapCenter plug-in has been installed.

  • CVE-2024-21994Nov 8, 2024
    risk 0.00cvss epss 0.00

    StorageGRID (formerly StorageGRID Webscale) versions prior to 11.9 are susceptible to a Denial of Service (DoS) vulnerability. Successful exploit by an authenticated attacker could lead to a service crash.

  • CVE-2024-21993Jul 9, 2024
    risk 0.00cvss epss 0.00

    SnapCenter versions prior to 5.0p1 are susceptible to a vulnerability which could allow an authenticated attacker to discover plaintext credentials.

  • CVE-2024-21988Jun 14, 2024
    risk 0.00cvss epss 0.00

    StorageGRID (formerly StorageGRID Webscale) versions prior to 11.7.0.9 and 11.8.0.5 are susceptible to disclosure of sensitive information via complex MiTM attacks due to a vulnerability in the SSH cryptographic implementation.

  • CVE-2024-21990Apr 17, 2024
    risk 0.00cvss epss 0.00

    ONTAP Select Deploy administration utility versions 9.12.1.x, 9.13.1.x and 9.14.1.x contain hard-coded credentials that could allow an attacker to view Deploy configuration information and modify the account credentials.

  • CVE-2024-21989Apr 17, 2024
    risk 0.00cvss epss 0.00

    ONTAP Select Deploy administration utility versions 9.12.1.x, 9.13.1.x and 9.14.1.x are susceptible to a vulnerability which when successfully exploited could allow a read-only user to escalate their privileges.

  • CVE-2024-21984Feb 16, 2024
    risk 0.00cvss epss 0.00

    StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8 are susceptible to a difficult to exploit Reflected Cross-Site Scripting (XSS) vulnerability. Successful exploit requires the attacker to know specific information about the target instance and trick a…

  • CVE-2024-21983Feb 16, 2024
    risk 0.00cvss epss 0.00

    StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8 are susceptible to a Denial of Service (DoS) vulnerability. Successful exploit by an authenticated attacker could lead to an out of memory condition or node reboot.

  • CVE-2024-21987Feb 16, 2024
    risk 0.00cvss epss 0.00

    SnapCenter versions 4.8 prior to 5.0 are susceptible to a vulnerability which could allow an authenticated SnapCenter Server user to modify system logging configuration settings

  • CVE-2023-27318Feb 5, 2024
    risk 0.00cvss epss 0.01

    StorageGRID (formerly StorageGRID Webscale) versions 11.6.0 through 11.6.0.13 are susceptible to a Denial of Service (DoS) vulnerability. A successful exploit could lead to a crash of the Local Distribution Router (LDR) service.

  • CVE-2024-21985Jan 26, 2024
    risk 0.00cvss epss 0.00

    ONTAP 9 versions prior to 9.9.1P18, 9.10.1P16, 9.11.1P13, 9.12.1P10 and 9.13.1P4 are susceptible to a vulnerability which could allow an authenticated user with multiple remote accounts with differing roles to perform actions via REST API beyond their intended privilege.…

  • CVE-2024-21982Jan 11, 2024
    risk 0.00cvss epss 0.00

    ONTAP versions 9.4 and higher are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information to unprivileged attackers when the object-store profiler command is being run by an administrative user.

  • CVE-2023-27319Dec 21, 2023
    risk 0.00cvss epss 0.00

    ONTAP Mediator versions prior to 1.7 are susceptible to a vulnerability that can allow an unauthenticated attacker to enumerate URLs via REST API.

  • CVE-2023-27317Dec 15, 2023
    risk 0.00cvss epss 0.00

    ONTAP 9 versions 9.12.1P8, 9.13.1P4, and 9.13.1P5 are susceptible to a vulnerability which will cause all SAS-attached FIPS 140-2 drives to become unlocked after a system reboot or power cycle or a single SAS-attached FIPS 140-2 drive to become unlocked after reinsertion.…

  • CVE-2023-27316Oct 12, 2023
    risk 0.00cvss epss 0.00

    SnapCenter versions 4.8 through 4.9 are susceptible to a vulnerability which may allow an authenticated SnapCenter Server user to become an admin user on a remote system where a SnapCenter plug-in has been installed.

  • CVE-2023-27314Oct 12, 2023
    risk 0.00cvss epss 0.01

    ONTAP 9 versions prior to 9.8P19, 9.9.1P16, 9.10.1P12, 9.11.1P8, 9.12.1P2 and 9.13.1 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to cause a crash of the HTTP service.

  • CVE-2023-27313Oct 12, 2023
    risk 0.00cvss epss 0.00

    SnapCenter versions 3.x and 4.x prior to 4.9 are susceptible to a vulnerability which may allow an authenticated unprivileged user to gain access as an admin user.

  • CVE-2023-27312Oct 12, 2023
    risk 0.00cvss epss 0.00

    SnapCenter Plugin for VMware vSphere versions 4.6 prior to 4.9 are susceptible to a vulnerability which may allow authenticated unprivileged users to modify email and snapshot name settings within the VMware vSphere user interface.

  • CVE-2023-27315Oct 12, 2023
    risk 0.00cvss epss 0.00

    SnapGathers versions prior to 4.9 are susceptible to a vulnerability which could allow a local authenticated attacker to discover plaintext domain user credentials

  • CVE-2023-27311May 26, 2023
    risk 0.00cvss epss 0.01

    NetApp Blue XP Connector versions prior to 3.9.25 expose information via a directory listing. A new Connector architecture resolves this issue - obtaining the fix requires redeploying a fresh Connector.

  • CVE-2023-1096May 12, 2023
    risk 0.00cvss epss 0.01

    SnapCenter versions 4.7 prior to 4.7P2 and 4.8 prior to 4.8P1 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to gain access as an admin user.

  • CVE-2022-38734Mar 2, 2023
    risk 0.00cvss epss 0.01

    StorageGRID (formerly StorageGRID Webscale) versions prior to 11.6.0.8 are susceptible to a Denial of Service (DoS) vulnerability. A successful exploit could lead to to a crash of the Local Distribution Router (LDR) service.

  • CVE-2022-23239Feb 28, 2023
    risk 0.00cvss epss 0.00

    Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.11P1 are susceptible to a vulnerability which allows administrative users to perform a Stored Cross-Site Scripting (XSS) attack.

  • CVE-2022-23240Feb 28, 2023
    risk 0.00cvss epss 0.00

    Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.11P1 are susceptible to a vulnerability which allows unauthorized users to update EMS Subscriptions via unspecified vectors.

  • CVE-2022-34397Feb 13, 2023
    risk 0.00cvss epss 0.00

    Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 10.0.0.5 and below contains an authorization bypass vulnerability, allowing users to perform actions in which they are not authorized.

  • CVE-2022-45104Feb 10, 2023
    risk 0.00cvss epss 0.01

    Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 9.2.3.x contain a command execution vulnerability. A low privileged remote attacker could potentially exploit this vulnerability, leading to execute arbitrary commands on the underlying…

  • CVE-2022-45103Jan 18, 2023
    risk 0.00cvss epss 0.01

    Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 9.2.3.x contain an information disclosure vulnerability. A low privileged remote attacker could potentially exploit this vulnerability, leading to read arbitrary files on the underlying file…

  • CVE-2022-38733Dec 20, 2022
    risk 0.00cvss epss 0.01

    OnCommand Insight versions 7.3.1 through 7.3.14 are susceptible to an authentication bypass vulnerability in the Data Warehouse component.

  • CVE-2022-23241Oct 19, 2022
    risk 0.00cvss epss 0.01

    Clustered Data ONTAP versions 9.11.1 through 9.11.1P2 with SnapLock configured FlexGroups are susceptible to a vulnerability which could allow an authenticated remote attacker to arbitrarily modify or delete WORM data prior to the end of the retention period.

  • CVE-2022-38732Sep 29, 2022
    risk 0.00cvss epss 0.01

    SnapCenter versions prior to 4.7 shipped without Content Security Policy (CSP) implemented which could allow certain types of attacks that otherwise would be prevented.

  • CVE-2022-23235Aug 25, 2022
    risk 0.00cvss epss 0.01

    Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.10P1 are susceptible to a vulnerability which could allow an attacker to discover cluster, node and Active IQ Unified Manager specific information via AutoSupport telemetry data that…

  • CVE-2022-23238Aug 9, 2022
    risk 0.00cvss epss 0.01

    Linux deployments of StorageGRID (formerly StorageGRID Webscale) versions 11.6.0 through 11.6.0.2 deployed with a Linux kernel version less than 4.7.0 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to view limited metrics information and…

  • CVE-2022-23236Jun 1, 2022
    risk 0.00cvss epss 0.00

    E-Series SANtricity OS Controller Software versions 11.40 through 11.70.2 store the LDAP BIND password in plaintext within a file accessible only to privileged users.

  • CVE-2022-23234Mar 16, 2022
    risk 0.00cvss epss 0.00

    SnapCenter versions prior to 4.5 are susceptible to a vulnerability which could allow a local authenticated attacker to discover plaintext HANA credentials.

  • CVE-2022-23233Mar 4, 2022
    risk 0.00cvss epss 0.01

    StorageGRID (formerly StorageGRID Webscale) versions prior to 11.6.0 are susceptible to a vulnerability which when successfully exploited could lead to Denial of Service (DoS) of the Local Distribution Router (LDR) service.

  • CVE-2022-23232Mar 4, 2022
    risk 0.00cvss epss 0.01

    StorageGRID (formerly StorageGRID Webscale) versions prior to 11.6.0 are susceptible to a vulnerability which when successfully exploited could allow disabled, expired, or locked external user accounts to access S3 data to which they previously had access. StorageGRID 11.6.0…

  • CVE-2021-27006Dec 23, 2021
    risk 0.00cvss epss 0.00

    StorageGRID (formerly StorageGRID Webscale) versions 11.5 prior to 11.5.0.5 are susceptible to a vulnerability which may allow an administrative user to escalate their privileges and modify settings in SANtricity System Manager.

  • CVE-2021-27005Nov 1, 2021
    risk 0.00cvss epss 0.01

    Clustered Data ONTAP versions 9.6 and higher prior to 9.6P16, 9.7P16, 9.8P7 and 9.9.1P3 are susceptible to a vulnerability which could allow a remote attacker to cause a crash of the httpd server.

  • CVE-2021-27001Oct 19, 2021
    risk 0.00cvss epss 0.00

    Clustered Data ONTAP versions 9.x prior to 9.5P18, 9.6P16, 9.7P16, 9.8P7 and 9.9.1P2 are susceptible to a vulnerability which could allow an authenticated privileged local attacker to arbitrarily modify Compliance-mode WORM data prior to the end of the retention period.

  • CVE-2021-27003Oct 12, 2021
    risk 0.00cvss epss 0.01

    Clustered Data ONTAP versions prior to 9.5P18, 9.6P15, 9.7P14, 9.8P5 and 9.9.1 are missing an X-Frame-Options header which could allow a clickjacking attack.

  • CVE-2021-26993Jun 11, 2021
    risk 0.00cvss epss 0.01

    E-Series SANtricity OS Controller Software 11.x versions prior to 11.70.1 are susceptible to a vulnerability which when successfully exploited could allow a remote attacker to cause a partial Denial of Service (DoS) to the web server.

  • CVE-2021-26995Jun 11, 2021
    risk 0.00cvss epss 0.01

    E-Series SANtricity OS Controller Software 11.x versions prior to 11.70.1 are susceptible to a vulnerability which when successfully exploited could allow privileged attackers to execute arbitrary code.

  • CVE-2021-26996Jun 11, 2021
    risk 0.00cvss epss 0.01

    E-Series SANtricity OS Controller Software 11.x versions prior to 11.70.1 are susceptible to a vulnerability which when successfully exploited could allow a remote attacker to discover system configuration and application information which may aid in crafting more complex…

  • CVE-2021-26997Jun 11, 2021
    risk 0.00cvss epss 0.01

    E-Series SANtricity OS Controller Software 11.x versions prior to 11.70.1 are susceptible to a vulnerability which when successfully exploited could allow a remote attacker to discover information via error messaging which may aid in crafting more complex attacks.

  • CVE-2021-26994Jun 4, 2021
    risk 0.00cvss epss 0.01

    Clustered Data ONTAP versions prior to 9.7P13 and 9.8P3 are susceptible to a vulnerability which could allow single workloads to cause a Denial of Service (DoS) on a cluster node.

  • CVE-2021-26987Mar 15, 2021
    risk 0.00cvss epss 0.02

    Element Plug-in for vCenter Server incorporates SpringBoot Framework. SpringBoot Framework versions prior to 1.3.2 are susceptible to a vulnerability which when successfully exploited could lead to Remote Code Execution. All versions of Element Plug-in for vCenter Server,…

  • CVE-2021-26989Mar 4, 2021
    risk 0.00cvss epss 0.01

    Clustered Data ONTAP versions prior to 9.3P21, 9.5P16, 9.6P12, 9.7P9 and 9.8 are susceptible to a vulnerability which could allow a remote authenticated attacker to cause a Denial of Service (DoS) on clustered Data ONTAP configured for SMB access.

Page 6 of 8