Lucene search
+L
NetappClustered Data Ontap*

13 matches found

CVE
CVE
added 2019/02/06 8:0 p.m.455 views

CVE-2019-3822

CVE-2019-3822 affects libcurl 7.36.0 through before 7.64.0. The vulnerability is a stack-based buffer overflow in the NTLM header creation path: Curl_auth_create_ntlm_type3_message() uses unsigned arithmetic to guard a local buffer, but the check is insufficient, allowing the output data to excee...

9.8CVSS9.3AI score0.12771EPSS
CVE
CVE
added 2019/05/15 3:37 p.m.406 views

CVE-2019-8936

CVE-2019-8936 concerns NTP (ntpd) up to version 4.2.8p12. The vulnerability arises from a NULL pointer dereference in mode 6 handling, which can cause ntpd to crash and thus a denial of service. Public documents describe authenticated-mode mode-6 packet exploitation and a crash vector, with multi...

7.5CVSS7.4AI score0.05726EPSS
CVE
CVE
added 2019/02/06 8:0 p.m.297 views

CVE-2018-16890

CVE-2018-16890 affects libcurl versions 7.36.0 to before 7.64.0. The NTLM type-2 handling path (lib/vauth/ntlm.c:ntlm_decode_type2_target) fails to validate incoming data, enabling an integer overflow that an attacker could abuse to trigger a heap read out-of-bounds. Related issues in the same se...

7.5CVSS8.6AI score0.05351EPSS
CVE
CVE
added 2019/02/06 8:0 p.m.290 views

CVE-2019-3823

CVE-2019-3823 affects curl/libcurl from version 7.34.0 through before 7.64.0. The issue is a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to smtp_endofresp() isn’t NUL terminated and contains no character ending the parsed number, and len is 5, a...

7.5CVSS8.5AI score0.04286EPSS
CVE
CVE
added 2018/08/03 7:0 p.m.71 views

CVE-2018-5490

NetApp Data ONTAP 8.3 RC releases are affected by CVE-2018-5490 where read-only export policy rules were not correctly enforced, potentially allowing more than read-only access via authenticated SMBv2/v3 clients. The issue has been resolved in the GA 8.3 release; customers running RCs should upda...

8.8CVSS8.4AI score0.00861EPSS
CVE
CVE
added 2021/01/19 5:4 p.m.64 views

CVE-2020-8581

NetApp Clustered Data ONTAP vulnerability CVE-2020-8581 affects Clustered Data ONTAP versions prior to 9.3P20 and 9.5. An authenticated but unauthorized attacker can overwrite arbitrary data when VMware vStorage support is enabled. No remediation/patch version is stated in the provided materials;...

6.5CVSS6.2AI score0.00889EPSS
CVE
CVE
added 2021/02/08 9:40 p.m.61 views

CVE-2020-8590

CVE-2020-8590 affects NetApp Clustered Data ONTAP prior to 9.1P18 and 9.3P12. The vulnerability allows an attacker to discover node names via AutoSupport bundles even when the remove-private-data flag is set. Root cause is information disclosure through AutoSupport in affected releases; no exploi...

3.3CVSS4.2AI score0.00342EPSS
CVE
CVE
added 2021/02/08 9:38 p.m.58 views

CVE-2020-8578

CVE-2020-8578 affects NetApp Clustered Data ONTAP versions prior to 9.3P20. The vulnerability enables information disclosure by allowing an attacker to discover node names via AutoSupport bundles, even when the remove-private-data parameter is set to true. The NVD/NIST entry lists a Low severity ...

3.3CVSS4.2AI score0.00342EPSS
CVE
CVE
added 2021/02/03 5:35 p.m.57 views

CVE-2020-8589

CVE-2020-8589 affects NetApp Clustered Data ONTAP, with versions prior to 9.3P20 and 9.5P15 vulnerable to information disclosure: unauthorized tenant users could discover other SVM names and filenames. Root cause is a disclosure weakness in the address/authorization model of the ONTAP multi-tenan...

3.5CVSS4.3AI score0.00548EPSS
CVE
CVE
added 2021/02/03 5:33 p.m.55 views

CVE-2020-8588

In NetApp Clustered Data ONTAP, versions prior to 9.3P20 and 9.5P15 are affected by CVE-2020-8588, which could allow unauthorized tenant users to discover the existence of data on other Storage Virtual Machines (SVMs). The issue is an information disclosure vulnerability related to cross-tenant d...

3.5CVSS4.5AI score0.00548EPSS
CVE
CVE
added 2021/10/12 5:57 p.m.55 views

CVE-2021-27003

CVE-2021-27003 affects NetApp Clustered Data ONTAP. Affected products/versions: Clustered Data ONTAP earlier than 9.5P18, 9.6P15, 9.7P14, 9.8P5, and 9.9.1. Root cause: missing X-Frame-Options header could enable clickjacking. Impact stated in sources: exposure to clickjacking if served pages are ...

4.7CVSS4.7AI score0.00599EPSS
CVE
CVE
added 2017/11/09 7:0 p.m.53 views

CVE-2017-5201

NetApp Clustered Data ONTAP exposes an information-disclosure vulnerability (CVE-2017-5201) affecting versions prior to 8.3.2P8 and 9.0 prior to P2. The issue allows remote authenticated users to obtain sensitive cluster and tenant information via unspecified vectors. Root cause and exact exploit...

5.7CVSS5.5AI score0.01258EPSS
CVE
CVE
added 2021/06/04 10:56 a.m.51 views

CVE-2021-26994

NetApp Clustered Data ONTAP (Clustered Data ONTAP) vulnerable versions: 9.7P13 and 9.8P3 and earlier. A single workload could cause a Denial of Service on a cluster node. Root cause and exploit details are not disclosed in the provided documents. Remediation is to update to fixed versions (9.7P13...

6.5CVSS6.3AI score0.00832EPSS