Filtered by vendor Netapp Subscriptions
Filtered by product Clustered Data Ontap Subscriptions
Total 189 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2021-21705 4 Netapp, Oracle, Php and 1 more 5 Clustered Data Ontap, Sd-wan Aware, Php and 2 more 2024-11-21 4.3 Medium
In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using URL validation functionality via filter_var() function with FILTER_VALIDATE_URL parameter, an URL with invalid password field can be accepted as valid. This can lead to the code incorrectly parsing the URL and potentially leading to other security implications - like contacting a wrong server or making a wrong access decision.
CVE-2021-21704 2 Netapp, Php 2 Clustered Data Ontap, Php 2024-11-21 5 Medium
In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using Firebird PDO driver extension, a malicious database server could cause crashes in various database functions, such as getAttribute(), execute(), fetch() and others by returning invalid response data that is not parsed correctly by the driver. This can result in crashes, denial of service or potentially memory corruption.
CVE-2021-21703 6 Debian, Fedoraproject, Netapp and 3 more 7 Debian Linux, Fedora, Clustered Data Ontap and 4 more 2024-11-21 7.8 High
In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower-privileged users, it is possible for the child processes to access memory shared with the main process and write to it, modifying it in a way that would cause the root process to conduct invalid memory reads and writes, which can be used to escalate privileges from local unprivileged user to the root user.
CVE-2021-21702 5 Debian, Netapp, Oracle and 2 more 6 Debian Linux, Clustered Data Ontap, Communications Diameter Signaling Router and 3 more 2024-11-21 5.3 Medium
In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to connect to a SOAP server, a malicious SOAP server could return malformed XML data as a response that would cause PHP to access a null pointer and thus cause a crash.
CVE-2021-0127 2 Intel, Netapp 755 Celeron G1610, Celeron G1610t, Celeron G1620 and 752 more 2024-11-21 5.5 Medium
Insufficient control flow management in some Intel(R) Processors may allow an authenticated user to potentially enable a denial of service via local access.
CVE-2020-8698 6 Debian, Fedoraproject, Intel and 3 more 54 Debian Linux, Fedora, Core I3-1000g1 and 51 more 2024-11-21 5.5 Medium
Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2020-8696 5 Debian, Fedoraproject, Intel and 2 more 507 Debian Linux, Fedora, Celeron 3855u and 504 more 2024-11-21 5.5 Medium
Improper removal of sensitive information before storage or transfer in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2020-8590 1 Netapp 1 Clustered Data Ontap 2024-11-21 3.3 Low
Clustered Data ONTAP versions prior to 9.1P18 and 9.3P12 are susceptible to a vulnerability which could allow an attacker to discover node names via AutoSupport bundles even when the –remove-private-data parameter is set to true.
CVE-2020-8589 1 Netapp 1 Clustered Data Ontap 2024-11-21 3.5 Low
Clustered Data ONTAP versions prior to 9.3P20 and 9.5P15 are susceptible to a vulnerability which could allow unauthorized tenant users to discover the names of other Storage Virtual Machines (SVMs) and filenames on those SVMs.
CVE-2020-8588 1 Netapp 1 Clustered Data Ontap 2024-11-21 3.5 Low
Clustered Data ONTAP versions prior to 9.3P20 and 9.5P15 are susceptible to a vulnerability which could allow unauthorized tenant users to discover the existence of data on other Storage Virtual Machines (SVMs).
CVE-2020-8581 1 Netapp 1 Clustered Data Ontap 2024-11-21 6.5 Medium
Clustered Data ONTAP versions prior to 9.3P20 and 9.5 are susceptible to a vulnerability which could allow an authenticated but unauthorized attacker to overwrite arbitrary data when VMware vStorage support is enabled.
CVE-2020-8579 1 Netapp 1 Clustered Data Ontap 2024-11-21 7.5 High
Clustered Data ONTAP versions 9.7 through 9.7P7 are susceptible to a vulnerability which allows an attacker with access to an intercluster LIF to cause a Denial of Service (DoS).
CVE-2020-8578 1 Netapp 1 Clustered Data Ontap 2024-11-21 3.3 Low
Clustered Data ONTAP versions prior to 9.3P20 are susceptible to a vulnerability which could allow an attacker to discover node names via AutoSupport bundles even when the –remove-private-data parameter is set to true.
CVE-2020-8576 1 Netapp 1 Clustered Data Ontap 2024-11-21 5.4 Medium
Clustered Data ONTAP versions prior to 9.3P19, 9.5P14, 9.6P9 and 9.7 are susceptible to a vulnerability which when successfully exploited could lead to addition or modification of data or disclosure of sensitive information.
CVE-2020-8286 9 Apple, Debian, Fedoraproject and 6 more 22 Mac Os X, Macos, Debian Linux and 19 more 2024-11-21 7.5 High
curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response.
CVE-2020-8285 10 Apple, Debian, Fedoraproject and 7 more 32 Mac Os X, Macos, Debian Linux and 29 more 2024-11-21 7.5 High
curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing.
CVE-2020-8284 10 Apple, Debian, Fedoraproject and 7 more 31 Mac Os X, Macos, Debian Linux and 28 more 2024-11-21 3.7 Low
A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions.
CVE-2020-7595 8 Canonical, Debian, Fedoraproject and 5 more 35 Ubuntu Linux, Debian Linux, Fedora and 32 more 2024-11-21 7.5 High
xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.
CVE-2020-7469 2 Freebsd, Netapp 2 Freebsd, Clustered Data Ontap 2024-11-21 7.5 High
In FreeBSD 12.2-STABLE before r367402, 11.4-STABLE before r368202, 12.2-RELEASE before p1, 12.1-RELEASE before p11 and 11.4-RELEASE before p5 the handler for a routing option caches a pointer into the packet buffer holding the ICMPv6 message. However, when processing subsequent options the packet buffer may be freed, rendering the cached pointer invalid. The network stack may later dereference the pointer, potentially triggering a use-after-free.
CVE-2020-7456 2 Freebsd, Netapp 2 Freebsd, Clustered Data Ontap 2024-11-21 6.8 Medium
In FreeBSD 12.1-STABLE before r361918, 12.1-RELEASE before p6, 11.4-STABLE before r361919, 11.3-RELEASE before p10, and 11.4-RC2 before p1, an invalid memory location may be used for HID items if the push/pop level is not restored within the processing of that HID item allowing an attacker with physical access to a USB port to be able to use a specially crafted USB device to gain kernel or user-space code execution.