Vulnerabilities > Netapp > Oncommand API Services
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-10-07 | CVE-2019-17267 | Deserialization of Untrusted Data vulnerability in multiple products A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. | 9.8 |
2019-10-01 | CVE-2019-16943 | Deserialization of Untrusted Data vulnerability in multiple products A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. | 9.8 |
2019-10-01 | CVE-2019-16942 | Deserialization of Untrusted Data vulnerability in multiple products A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. | 9.8 |
2019-09-15 | CVE-2019-16335 | Deserialization of Untrusted Data vulnerability in multiple products A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. | 9.8 |
2019-09-15 | CVE-2019-14540 | Deserialization of Untrusted Data vulnerability in multiple products A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. | 9.8 |
2019-07-10 | CVE-2018-14550 | Out-of-bounds Write vulnerability in multiple products An issue has been found in third-party PNM decoding associated with libpng 1.6.35. | 8.8 |
2018-02-23 | CVE-2017-15518 | Information Exposure vulnerability in Netapp Oncommand API Services and Service Level Manager All versions of OnCommand API Services prior to 2.1 and NetApp Service Level Manager prior to 1.0RC4 log a privileged database user account password. | 7.8 |
2017-07-25 | CVE-2017-8919 | Unspecified vulnerability in Netapp Oncommand API Services 1.0/1.1/1.2 NetApp OnCommand API Services before 1.2P3 logs the LDAP BIND password when a user attempts to log in using the REST API, which allows remote authenticated users to obtain sensitive password information via unspecified vectors. | 6.5 |
2017-04-17 | CVE-2017-5645 | Deserialization of Untrusted Data vulnerability in multiple products In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code. | 9.8 |