13 matches found
CVE-2019-3822
CVE-2019-3822 affects libcurl 7.36.0 through before 7.64.0. The vulnerability is a stack-based buffer overflow in the NTLM header creation path: Curl_auth_create_ntlm_type3_message() uses unsigned arithmetic to guard a local buffer, but the check is insufficient, allowing the output data to excee...
CVE-2019-8936
CVE-2019-8936 concerns NTP (ntpd) up to version 4.2.8p12. The vulnerability arises from a NULL pointer dereference in mode 6 handling, which can cause ntpd to crash and thus a denial of service. Public documents describe authenticated-mode mode-6 packet exploitation and a crash vector, with multi...
CVE-2018-16890
CVE-2018-16890 affects libcurl versions 7.36.0 to before 7.64.0. The NTLM type-2 handling path (lib/vauth/ntlm.c:ntlm_decode_type2_target) fails to validate incoming data, enabling an integer overflow that an attacker could abuse to trigger a heap read out-of-bounds. Related issues in the same se...
CVE-2019-3823
CVE-2019-3823 affects curl/libcurl from version 7.34.0 through before 7.64.0. The issue is a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to smtp_endofresp() isn’t NUL terminated and contains no character ending the parsed number, and len is 5, a...
CVE-2018-5490
NetApp Data ONTAP 8.3 RC releases are affected by CVE-2018-5490 where read-only export policy rules were not correctly enforced, potentially allowing more than read-only access via authenticated SMBv2/v3 clients. The issue has been resolved in the GA 8.3 release; customers running RCs should upda...
CVE-2020-8581
NetApp Clustered Data ONTAP vulnerability CVE-2020-8581 affects Clustered Data ONTAP versions prior to 9.3P20 and 9.5. An authenticated but unauthorized attacker can overwrite arbitrary data when VMware vStorage support is enabled. No remediation/patch version is stated in the provided materials;...
CVE-2020-8590
CVE-2020-8590 affects NetApp Clustered Data ONTAP prior to 9.1P18 and 9.3P12. The vulnerability allows an attacker to discover node names via AutoSupport bundles even when the remove-private-data flag is set. Root cause is information disclosure through AutoSupport in affected releases; no exploi...
CVE-2020-8578
CVE-2020-8578 affects NetApp Clustered Data ONTAP versions prior to 9.3P20. The vulnerability enables information disclosure by allowing an attacker to discover node names via AutoSupport bundles, even when the remove-private-data parameter is set to true. The NVD/NIST entry lists a Low severity ...
CVE-2020-8589
CVE-2020-8589 affects NetApp Clustered Data ONTAP, with versions prior to 9.3P20 and 9.5P15 vulnerable to information disclosure: unauthorized tenant users could discover other SVM names and filenames. Root cause is a disclosure weakness in the address/authorization model of the ONTAP multi-tenan...
CVE-2020-8588
In NetApp Clustered Data ONTAP, versions prior to 9.3P20 and 9.5P15 are affected by CVE-2020-8588, which could allow unauthorized tenant users to discover the existence of data on other Storage Virtual Machines (SVMs). The issue is an information disclosure vulnerability related to cross-tenant d...
CVE-2021-27003
CVE-2021-27003 affects NetApp Clustered Data ONTAP. Affected products/versions: Clustered Data ONTAP earlier than 9.5P18, 9.6P15, 9.7P14, 9.8P5, and 9.9.1. Root cause: missing X-Frame-Options header could enable clickjacking. Impact stated in sources: exposure to clickjacking if served pages are ...
CVE-2017-5201
NetApp Clustered Data ONTAP exposes an information-disclosure vulnerability (CVE-2017-5201) affecting versions prior to 8.3.2P8 and 9.0 prior to P2. The issue allows remote authenticated users to obtain sensitive cluster and tenant information via unspecified vectors. Root cause and exact exploit...
CVE-2021-26994
NetApp Clustered Data ONTAP (Clustered Data ONTAP) vulnerable versions: 9.7P13 and 9.8P3 and earlier. A single workload could cause a Denial of Service on a cluster node. Root cause and exploit details are not disclosed in the provided documents. Remediation is to update to fixed versions (9.7P13...