Code injection

Element Plug-in for vCenter Server versions prior to 4.2.3 may disclose sensitive account information to an unauthenticated attacker. NetApp HCI Compute Node versions prior to 1.4P2 bundle affected versions of Element Plug-in for vCenter Server...

CVE-2019-5492

Element Plug-in for vCenter Server versions prior to 4.2.3 may disclose sensitive account information to an unauthenticated attacker. NetApp HCI Compute Node versions prior to 1.4P2 bundle affected versions of Element Plug-in for vCenter Server...

CVE-2019-5492

CVE-2019-5492 affects Element Plug-in for vCenter Server prior to 4.2.3, with NetApp HCI Compute Node versions prior to 1.4P2 bundle affecting the same plug-in. The vulnerability is that it may disclose sensitive account information to an unauthenticated attacker. The available connected document...

CVE-2019-5492

Element Plug-in for vCenter Server versions prior to 4.2.3 may disclose sensitive account information to an unauthenticated attacker. NetApp HCI Compute Node versions prior to 1.4P2 bundle affected versions of Element Plug-in for vCenter Server...

Default Privileged Account Vulnerability in the NetApp Service Processor - Lenovo Support US

No description provided...

Default Privileged Account Vulnerability in the NetApp Service Processor - US

Lenovo Security Advisory: LEN-26771 Potential Impact: Privilege escalation Severity: High Scope of Impact: Industry-wide CVE Identifier: CVE-2019-5490 Summary Description: Certain versions of the NetApp Service Processor firmware were shipped with a default account enabled that could allow...

Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM Spectrum Protect Backup-Archive Client NetApp Services (CVE-2018-0737, CVE-2018-0732, CVE-2018-0734)

Summary OpenSSL vulnerabilities were disclosed on April 16, 2018, June 16, 2018. and October 30, 2018 by the OpenSSL Project. OpenSSL, used by the IBM Spectrum Protect formerly Tivoli Storage Manager Backup-Archive Client for network connections with NetApp services, has addressed the applicable...

Command injection

Certain versions between 2.x to 5.x refer to advisory of the NetApp Service Processor firmware were shipped with a default account enabled that could allow unauthorized arbitrary command execution. Any platform listed in the advisory Impact section may be affected and should be upgraded to a fixe...

CVE-2019-5490

Certain versions between 2.x to 5.x refer to advisory of the NetApp Service Processor firmware were shipped with a default account enabled that could allow unauthorized arbitrary command execution. Any platform listed in the advisory Impact section may be affected and should be upgraded to a fixe...

CVE-2019-5490

Certain versions between 2.x to 5.x refer to advisory of the NetApp Service Processor firmware were shipped with a default account enabled that could allow unauthorized arbitrary command execution. Any platform listed in the advisory Impact section may be affected and should be upgraded to a fixe...

CVE-2019-5490

Certain versions between 2.x to 5.x refer to advisory of the NetApp Service Processor firmware were shipped with a default account enabled that could allow unauthorized arbitrary command execution. Any platform listed in the advisory Impact section may be affected and should be upgraded to a fixe...

CVE-2019-5490

CVE-2019-5490 affects NetApp Service Processor firmware 2.x–5.x, shipped with a default account enabled, enabling unauthorized command execution. The issue is tied to the default-privilege account and is documented by NetApp/Lenovo advisories; affected platforms may include the listed models, req...

Scientific Linux Security Update : kernel on SL7.x x86_64 (20190314)

Security Fixes : - kernel: Memory corruption due to incorrect socket cloning CVE-2018-9568 - kernel: Unprivileged users able to inspect kernel stacks of arbitrary tasks CVE-2018-17972 - kernel: Faulty computation of numberic bounds in the BPF verifier CVE-2018-18445 Bug Fixes and Enhancements : -...

Important: Red Hat Security Advisory: kernel security, bug fix, and enhancement update

An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

NetApp SnapCenter Server Cross-Site Scripting Vulnerability

NetApp SnapCenter is a suite of applications from NetApp, Inc. that provides the ability to back up, validate, clone, and restore NetApp storage systems.NetApp SnapCenter Server is one of the server components. A cross-site scripting vulnerability exists in NetApp SnapCenter Server versions prior...

CVE-2018-5482

NetApp SnapCenter Server prior to 4.1 does not set the secure flag for a sensitive cookie in an HTTPS session which can allow the transmission of the cookie in plain text over an unencrypted channel...

Design/Logic Flaw

NetApp SnapCenter Server prior to 4.1 does not set the secure flag for a sensitive cookie in an HTTPS session which can allow the transmission of the cookie in plain text over an unencrypted channel...

CVE-2018-5482

NetApp SnapCenter Server prior to 4.1 does not set the secure flag for a sensitive cookie in an HTTPS session which can allow the transmission of the cookie in plain text over an unencrypted channel...

CVE-2018-5482

NetApp SnapCenter Server prior to 4.1 is affected by a vulnerability where a sensitive cookie is not secured with the Secure flag in HTTPS sessions, potentially allowing the cookie to be transmitted in cleartext over an unencrypted channel. Root cause: missing Secure attribute on a sensitive cook...

CVE-2018-5482

NetApp SnapCenter Server prior to 4.1 does not set the secure flag for a sensitive cookie in an HTTPS session which can allow the transmission of the cookie in plain text over an unencrypted channel...