Vulnerabilities > Netapp > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-07-23 CVE-2019-1010204 Incorrect Conversion between Numeric Types vulnerability in multiple products
GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read.
local
low complexity
gnu netapp CWE-681
5.5
2019-07-02 CVE-2019-5443 Uncontrolled Search Path Element vulnerability in multiple products
A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl <= 7.65.1 automatically run the code (as an openssl "engine") on invocation.
4.4
2019-07-01 CVE-2019-13118 Type Confusion vulnerability in multiple products
In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data.
5.3
2019-06-12 CVE-2019-3888 Information Exposure Through Log Files vulnerability in multiple products
A vulnerability was found in Undertow web server before 2.0.21.
network
low complexity
redhat netapp CWE-532
5.0
2019-05-23 CVE-2019-0201 Missing Authorization vulnerability in multiple products
An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta.
network
high complexity
apache debian redhat oracle netapp CWE-862
5.9
2019-05-17 CVE-2018-20839 systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2.
low complexity
systemd-project netapp
4.3
2019-05-10 CVE-2019-5496 Cleartext Transmission of Sensitive Information vulnerability in Netapp Oncommand Insight
Oncommand Insight versions prior to 7.3.5 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors.
network
low complexity
netapp CWE-319
5.0
2019-05-10 CVE-2019-5495 7PK - Security Features vulnerability in Netapp Oncommand Unified Manager
OnCommand Unified Manager for VMware vSphere, Linux and Windows prior to 9.5 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors.
network
low complexity
netapp CWE-254
5.0
2019-05-10 CVE-2019-5494 Cleartext Transmission of Sensitive Information vulnerability in Netapp Oncommand Unified Manager
OnCommand Unified Manager 7-Mode prior to version 5.2.4 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors.
network
low complexity
netapp CWE-319
5.0
2019-04-29 CVE-2019-5492 Unspecified vulnerability in Netapp products
Element Plug-in for vCenter Server versions prior to 4.2.3 may disclose sensitive account information to an unauthenticated attacker.
network
low complexity
netapp
5.0