Vendor CVEs
NetApp
All CVEs
362 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-5491 | 0.00 | — | 0.02 | Feb 27, 2019 | Clustered Data ONTAP versions prior to 9.1P15 and 9.3 prior to 9.3P7 are susceptible to a vulnerability which discloses sensitive information to an unauthenticated user. | |||
| CVE-2018-5498 | 0.00 | — | 0.01 | Feb 1, 2019 | Clustered Data ONTAP versions 9.0 through 9.4 are susceptible to a vulnerability which allows remote authenticated attackers to cause a Denial of Service (DoS) in NFS and SMB environments. Exploitation of this vulnerability will allow a remote authenticated attacker to cause a… | |||
| CVE-2018-5497 | 0.00 | — | 0.00 | Jan 24, 2019 | Clustered Data ONTAP versions prior to 9.1P16, 9.3P10 and 9.4P5 are susceptible to a vulnerability which discloses sensitive information to an unauthorized user. | |||
| CVE-2018-5481 | 0.00 | — | 0.01 | Jan 7, 2019 | OnCommand Unified Manager for 7-Mode (core package) prior to 5.2.4 uses cookies that lack the secure attribute in certain circumstances making it vulnerable to impersonation via man-in-the-middle (MITM) attacks. | |||
| CVE-2018-5496 | 0.00 | — | 0.00 | Dec 4, 2018 | Data ONTAP operating in 7-Mode versions prior to 8.2.5P2 are susceptible to a vulnerability which discloses sensitive information to an unauthorized user. | |||
| CVE-2018-5495 | 0.00 | — | 0.02 | Nov 14, 2018 | All StorageGRID Webscale versions are susceptible to a vulnerability which could permit an unauthenticated attacker to communicate with systems on the same network as the StorageGRID Webscale Admin Node via HTTP or to take over services on the Admin Node. | |||
| CVE-2014-9354 | 0.00 | — | 0.01 | Feb 6, 2015 | NetApp OnCommand Balance before 4.2P3 allows local users to obtain sensitive information via unspecified vectors related to cleartext storage. | |||
| CVE-2014-9353 | 0.00 | — | 0.03 | Feb 6, 2015 | NetApp OnCommand Balance before 4.2P2 contains a "default privileged account," which allows remote attackers to gain privileges via unspecified vectors. | |||
| CVE-2008-3349 | 0.00 | — | 0.03 | Jul 28, 2008 | Multiple unspecified vulnerabilities in NetApp Data ONTAP, as used on NetApp and IBM eServer platforms, allow remote attackers to execute arbitrary commands, cause a denial of service (system crash), or obtain sensitive information, probably related to insufficient access… | |||
| CVE-2007-2379 | 0.00 | — | 0.03 | Apr 30, 2007 | The jQuery framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the… | |||
| CVE-2006-3569 | 0.00 | — | 0.00 | Jul 13, 2006 | Unspecified vulnerability in NetApp Data ONTAP 7.0x through 7.0.4P8D9, 7.1x, 7.1.0.1x, and 7.2RC1, RC2, and RC3, as used in IBM N series Filers and other products, allows unauthorized users to gain access to privileged commands via unknown vectors, probably related to incorrect… | |||
| CVE-1999-0472 | 0.00 | — | 0.02 | Apr 7, 1999 | The SNMP default community name "public" is not properly removed in NetApps C630 Netcache, even if the administrator tries to disable it. |
- CVE-2019-5491Feb 27, 2019risk 0.00cvss —epss 0.02
Clustered Data ONTAP versions prior to 9.1P15 and 9.3 prior to 9.3P7 are susceptible to a vulnerability which discloses sensitive information to an unauthenticated user.
- CVE-2018-5498Feb 1, 2019risk 0.00cvss —epss 0.01
Clustered Data ONTAP versions 9.0 through 9.4 are susceptible to a vulnerability which allows remote authenticated attackers to cause a Denial of Service (DoS) in NFS and SMB environments. Exploitation of this vulnerability will allow a remote authenticated attacker to cause a…
- CVE-2018-5497Jan 24, 2019risk 0.00cvss —epss 0.00
Clustered Data ONTAP versions prior to 9.1P16, 9.3P10 and 9.4P5 are susceptible to a vulnerability which discloses sensitive information to an unauthorized user.
- CVE-2018-5481Jan 7, 2019risk 0.00cvss —epss 0.01
OnCommand Unified Manager for 7-Mode (core package) prior to 5.2.4 uses cookies that lack the secure attribute in certain circumstances making it vulnerable to impersonation via man-in-the-middle (MITM) attacks.
- CVE-2018-5496Dec 4, 2018risk 0.00cvss —epss 0.00
Data ONTAP operating in 7-Mode versions prior to 8.2.5P2 are susceptible to a vulnerability which discloses sensitive information to an unauthorized user.
- CVE-2018-5495Nov 14, 2018risk 0.00cvss —epss 0.02
All StorageGRID Webscale versions are susceptible to a vulnerability which could permit an unauthenticated attacker to communicate with systems on the same network as the StorageGRID Webscale Admin Node via HTTP or to take over services on the Admin Node.
- CVE-2014-9354Feb 6, 2015risk 0.00cvss —epss 0.01
NetApp OnCommand Balance before 4.2P3 allows local users to obtain sensitive information via unspecified vectors related to cleartext storage.
- CVE-2014-9353Feb 6, 2015risk 0.00cvss —epss 0.03
NetApp OnCommand Balance before 4.2P2 contains a "default privileged account," which allows remote attackers to gain privileges via unspecified vectors.
- CVE-2008-3349Jul 28, 2008risk 0.00cvss —epss 0.03
Multiple unspecified vulnerabilities in NetApp Data ONTAP, as used on NetApp and IBM eServer platforms, allow remote attackers to execute arbitrary commands, cause a denial of service (system crash), or obtain sensitive information, probably related to insufficient access…
- CVE-2007-2379Apr 30, 2007risk 0.00cvss —epss 0.03
The jQuery framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the…
- CVE-2006-3569Jul 13, 2006risk 0.00cvss —epss 0.00
Unspecified vulnerability in NetApp Data ONTAP 7.0x through 7.0.4P8D9, 7.1x, 7.1.0.1x, and 7.2RC1, RC2, and RC3, as used in IBM N series Filers and other products, allows unauthorized users to gain access to privileged commands via unknown vectors, probably related to incorrect…
- CVE-1999-0472Apr 7, 1999risk 0.00cvss —epss 0.02
The SNMP default community name "public" is not properly removed in NetApps C630 Netcache, even if the administrator tries to disable it.
Page 8 of 8