Filtered by vendor Netapp
Subscribe
Total
2384 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-5490 | 1 Netapp | 2 Clustered Data Ontap, Service Processor | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Certain versions between 2.x to 5.x (refer to advisory) of the NetApp Service Processor firmware were shipped with a default account enabled that could allow unauthorized arbitrary command execution. Any platform listed in the advisory Impact section may be affected and should be upgraded to a fixed version of Service Processor firmware IMMEDIATELY. | |||||
| CVE-2019-5489 | 2 Linux, Netapp | 3 Linux Kernel, Active Iq Performance Analytics Services, Element Software Management Node | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server. | |||||
| CVE-2019-5482 | 6 Debian, Fedoraproject, Haxx and 3 more | 17 Debian Linux, Fedora, Curl and 14 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3. | |||||
| CVE-2019-5481 | 6 Debian, Fedoraproject, Haxx and 3 more | 13 Debian Linux, Fedora, Curl and 10 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3. | |||||
| CVE-2019-5443 | 4 Haxx, Microsoft, Netapp and 1 more | 10 Curl, Windows, Oncommand Insight and 7 more | 2024-11-21 | 4.4 MEDIUM | 7.8 HIGH |
| A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl <= 7.65.1 automatically run the code (as an openssl "engine") on invocation. If that curl is invoked by a privileged user it can do anything it wants. | |||||
| CVE-2019-5436 | 7 Debian, F5, Fedoraproject and 4 more | 11 Debian Linux, Traffix Signaling Delivery Controller, Fedora and 8 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1. | |||||
| CVE-2019-5188 | 6 Canonical, Debian, E2fsprogs Project and 3 more | 8 Ubuntu Linux, Debian Linux, E2fsprogs and 5 more | 2024-11-21 | 4.4 MEDIUM | 7.5 HIGH |
| A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability. | |||||
| CVE-2019-5108 | 5 Canonical, Debian, Linux and 2 more | 21 Ubuntu Linux, Debian Linux, Linux Kernel and 18 more | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
| An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5.3. An attacker could exploit this vulnerability by triggering AP to send IAPP location updates for stations before the required authentication process has completed. This could lead to different denial-of-service scenarios, either by causing CAM table attacks, or by leading to traffic flapping if faking already existing clients in other nearby APs of the same wireless infrastructure. An attacker can forge Authentication and Association Request packets to trigger this vulnerability. | |||||
| CVE-2019-5094 | 5 Canonical, Debian, E2fsprogs Project and 2 more | 6 Ubuntu Linux, Debian Linux, E2fsprogs and 3 more | 2024-11-21 | 4.6 MEDIUM | 7.5 HIGH |
| An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability. | |||||
| CVE-2019-4730 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2024-11-21 | 5.5 MEDIUM | 7.1 HIGH |
| IBM Cognos Analytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 172533. | |||||
| CVE-2019-4729 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 172519. | |||||
| CVE-2019-4724 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings in New Content Backup page. IBM X-Force ID: 172130. | |||||
| CVE-2019-4723 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings in New Data Server Connection page. IBM X-Force ID: 172129. | |||||
| CVE-2019-4722 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information via a stack trace due to mishandling of certain error conditions. IBM X-Force ID: 172128. | |||||
| CVE-2019-4653 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 170964. | |||||
| CVE-2019-4471 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for a sensitive cookie in an HTTPS session. A remote attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 163780. | |||||
| CVE-2019-4343 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Cognos Analytics 11.0 and 11.1 allows overly permissive cross-origin resource sharing which could allow an attacker to transfer private information. An attacker could exploit this vulnerability to access content that should be restricted. IBM X-Force ID: 161422. | |||||
| CVE-2019-4342 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 161421. | |||||
| CVE-2019-4231 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 159356. | |||||
| CVE-2019-4183 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| IBM Cognos Analytics 11.0, and 11.1 is vulnerable to a denial of service attack that could allow a remote user to send specially crafted requests that would consume all available CPU and memory resources. IBM X-Force ID: 158973. | |||||