Vulnerabilities > Netapp > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-07-23 | CVE-2019-1010204 | Incorrect Conversion between Numeric Types vulnerability in multiple products GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. | 5.5 |
2019-07-02 | CVE-2019-5443 | Uncontrolled Search Path Element vulnerability in multiple products A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl <= 7.65.1 automatically run the code (as an openssl "engine") on invocation. | 4.4 |
2019-07-01 | CVE-2019-13118 | Type Confusion vulnerability in multiple products In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data. | 5.3 |
2019-06-12 | CVE-2019-3888 | Information Exposure Through Log Files vulnerability in multiple products A vulnerability was found in Undertow web server before 2.0.21. | 5.0 |
2019-05-23 | CVE-2019-0201 | Missing Authorization vulnerability in multiple products An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. | 5.9 |
2019-05-17 | CVE-2018-20839 | systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. | 4.3 |
2019-05-10 | CVE-2019-5496 | Cleartext Transmission of Sensitive Information vulnerability in Netapp Oncommand Insight Oncommand Insight versions prior to 7.3.5 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors. | 5.0 |
2019-05-10 | CVE-2019-5495 | 7PK - Security Features vulnerability in Netapp Oncommand Unified Manager OnCommand Unified Manager for VMware vSphere, Linux and Windows prior to 9.5 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors. | 5.0 |
2019-05-10 | CVE-2019-5494 | Cleartext Transmission of Sensitive Information vulnerability in Netapp Oncommand Unified Manager OnCommand Unified Manager 7-Mode prior to version 5.2.4 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors. | 5.0 |
2019-04-29 | CVE-2019-5492 | Unspecified vulnerability in Netapp products Element Plug-in for vCenter Server versions prior to 4.2.3 may disclose sensitive account information to an unauthenticated attacker. | 5.0 |