Vulnerabilities > Netapp > High

DATE CVE VULNERABILITY TITLE RISK
2019-05-28 CVE-2019-5436 Out-of-bounds Write vulnerability in multiple products
A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.
7.8
2019-05-15 CVE-2019-8936 NULL Pointer Dereference vulnerability in multiple products
NTP through 4.2.8p12 has a NULL Pointer Dereference.
network
low complexity
netapp fedoraproject opensuse hpe ntp CWE-476
7.5
2019-05-10 CVE-2019-5496 Cleartext Transmission of Sensitive Information vulnerability in Netapp Oncommand Insight
Oncommand Insight versions prior to 7.3.5 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors.
network
low complexity
netapp CWE-319
7.5
2019-05-10 CVE-2019-5495 7PK - Security Features vulnerability in Netapp Oncommand Unified Manager
OnCommand Unified Manager for VMware vSphere, Linux and Windows prior to 9.5 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors.
network
low complexity
netapp CWE-254
7.5
2019-05-10 CVE-2019-5494 Cleartext Transmission of Sensitive Information vulnerability in Netapp Oncommand Unified Manager
OnCommand Unified Manager 7-Mode prior to version 5.2.4 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors.
network
low complexity
netapp CWE-319
7.5
2019-05-08 CVE-2019-11815 Use After Free vulnerability in multiple products
An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8.
network
high complexity
linux canonical debian opensuse netapp CWE-416
8.1
2019-05-07 CVE-2018-20836 Use After Free vulnerability in multiple products
An issue was discovered in the Linux kernel before 4.20.
network
high complexity
linux canonical debian f5 netapp opensuse CWE-416
8.1
2019-04-29 CVE-2019-5492 Unspecified vulnerability in Netapp products
Element Plug-in for vCenter Server versions prior to 4.2.3 may disclose sensitive account information to an unauthenticated attacker.
network
low complexity
netapp
7.5
2019-04-26 CVE-2019-3844 It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit set.
local
low complexity
systemd-project canonical netapp
7.8
2019-04-26 CVE-2019-3843 Improper Privilege Management vulnerability in multiple products
It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated.
7.8