Vulnerabilities > Netapp > Critical

DATE CVE VULNERABILITY TITLE RISK
2019-11-21 CVE-2019-5509 Code Injection vulnerability in Netapp Ontap Select Deploy Administration Utility
ONTAP Select Deploy administration utility versions 2.11.2 through 2.12.2 are susceptible to a code injection vulnerability which when successfully exploited could allow an unauthenticated remote attacker to enable and use a privileged user account.
network
low complexity
netapp CWE-94
critical
 9.8
9.8
2019-11-07 CVE-2019-18805 Integer Overflow or Wraparound vulnerability in multiple products
An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before 5.0.11.
network
low complexity
linux opensuse redhat netapp broadcom CWE-190
critical
 9.8
9.8
2019-10-12 CVE-2019-17531 Deserialization of Untrusted Data vulnerability in multiple products
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10.
network
low complexity
fasterxml debian redhat oracle netapp CWE-502
critical
 9.8
9.8
2019-10-07 CVE-2019-17267 Deserialization of Untrusted Data vulnerability in multiple products
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10.
network
low complexity
fasterxml netapp debian redhat oracle CWE-502
critical
 9.8
9.8
2019-10-02 CVE-2019-10212 Information Exposure Through Log Files vulnerability in multiple products
A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security.
network
low complexity
redhat netapp CWE-532
critical
 9.8
9.8
2019-10-01 CVE-2019-16943 Deserialization of Untrusted Data vulnerability in multiple products
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10.
network
low complexity
fasterxml debian fedoraproject redhat oracle netapp CWE-502
critical
 9.8
9.8
2019-10-01 CVE-2019-16942 Deserialization of Untrusted Data vulnerability in multiple products
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10.
network
low complexity
fasterxml debian fedoraproject redhat netapp oracle CWE-502
critical
 9.8
9.8
2019-09-24 CVE-2019-5505 Insufficiently Protected Credentials vulnerability in Netapp Ontap Select Deploy Administration Utility
ONTAP Select Deploy administration utility versions 2.2 through 2.12.1 transmit credentials in plaintext.
network
low complexity
netapp CWE-522
critical
 9.8
9.8
2019-09-24 CVE-2019-5504 Missing Authentication for Critical Function vulnerability in Netapp Ontap Select Deploy Administration Utility 2.12/2.12.1
ONTAP Select Deploy administration utility versions 2.12 & 2.12.1 ship with an HTTP service bound to the network allowing unauthenticated remote attackers to perform administrative actions.
network
low complexity
netapp CWE-306
critical
 9.8
9.8
2019-09-16 CVE-2019-5482 Out-of-bounds Write vulnerability in multiple products
Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.
network
low complexity
haxx fedoraproject opensuse netapp oracle debian CWE-787
critical
 9.8
9.8