Cloud Backup

cloud_backup

Vendor: Netapp • 345 CVEs

CVEs (345)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-2773 7Canonical DebianFedoraproject+4 more 217 Mode Transition Tool Active Iq Unified ManagerCloud Backup+18 more Nov 21, 2024 Apr 15, 2020 N/A· v4 3.7 LOW· v3 4.3 MEDIUM· v2 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit...Show more Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).Show less
CVE-2020-2767 5Canonical DebianNetapp+2 more 207 Mode Transition Tool Active Iq Unified ManagerCloud Backup+17 more Nov 21, 2024 Apr 15, 2020 N/A· v4 4.8 MEDIUM· v3 5.8 MEDIUM· v2 Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network a...Show more Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).Show less
CVE-2020-2757 7Canonical DebianFedoraproject+4 more 217 Mode Transition Tool Active Iq Unified ManagerCloud Backup+18 more Nov 21, 2024 Apr 15, 2020 N/A· v4 3.7 LOW· v3 4.3 MEDIUM· v2 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to ex...Show more Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).Show less
CVE-2020-2756 7Canonical DebianFedoraproject+4 more 207 Mode Transition Tool Active Iq Unified ManagerCloud Backup+17 more Nov 21, 2024 Apr 15, 2020 N/A· v4 3.7 LOW· v3 4.3 MEDIUM· v2 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to ex...Show more Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).Show less
CVE-2020-2755 7Canonical DebianFedoraproject+4 more 207 Mode Transition Tool Active Iq Unified ManagerCloud Backup+17 more Nov 21, 2024 Apr 15, 2020 N/A· v4 3.7 LOW· v3 4.3 MEDIUM· v2 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulne...Show more Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).Show less
CVE-2020-1730 6Canonical FedoraprojectLibssh+3 more 6Cloud Backup Enterprise LinuxFedora+3 more Nov 21, 2024 Apr 13, 2020 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR (or DES ciphers if enabled) ciphers. The server or client could crash when the connection hasn't been fully initialized and...Show more A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR (or DES ciphers if enabled) ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to cleanup the ciphers when closing the connection. The biggest threat from this vulnerability is system availability.Show less
CVE-2020-8832 2Canonical Netapp 32Aff 8300 Firmware Aff 8700 FirmwareAff A220 Firmware+29 more Nov 21, 2024 Apr 10, 2020 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 The fix for the Linux kernel in Ubuntu 18.04 LTS for CVE-2019-14615 ("The Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors.") was discovered to be incomplete,...Show more The fix for the Linux kernel in Ubuntu 18.04 LTS for CVE-2019-14615 ("The Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors.") was discovered to be incomplete, meaning that in versions of the kernel before 4.15.0-91.92, an attacker could use this vulnerability to expose sensitive information.Show less
CVE-2019-20636 2Linux Netapp 18Cloud Backup Fas 8300Fas 8700+15 more Nov 21, 2024 Apr 8, 2020 N/A· v4 6.7 MEDIUM· v3 7.2 HIGH· v2 In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bounds writes via a crafted keycode table, as demonstrated by input_set_keycode, aka CID-cb222aed03d7.
CVE-2020-8835 4Canonical FedoraprojectLinux+1 more 278300 Firmware 8700 FirmwareA220 Firmware+24 more Nov 21, 2024 Apr 2, 2020 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 In the Linux kernel 5.5.0 and newer, the bpf verifier (kernel/bpf/verifier.c) did not properly restrict the register bounds for 32-bit operations, leading to out-of-bounds reads and writes in kernel memory. The vulnerabi...Show more In the Linux kernel 5.5.0 and newer, the bpf verifier (kernel/bpf/verifier.c) did not properly restrict the register bounds for 32-bit operations, leading to out-of-bounds reads and writes in kernel memory. The vulnerability also affects the Linux 5.4 stable series, starting with v5.4.7, as the introducing commit was backported to that branch. This vulnerability was fixed in 5.6.1, 5.5.14, and 5.4.29. (issue is aka ZDI-CAN-10780)Show less
CVE-2020-5863 2F5 Netapp 2Cloud Backup Nginx Controller Nov 21, 2024 Mar 27, 2020 N/A· v4 8.6 HIGH· v3 7.5 HIGH· v2 In NGINX Controller versions prior to 3.2.0, an unauthenticated attacker with network access to the Controller API can create unprivileged user accounts. The user which is created is only able to upload a new license to...Show more In NGINX Controller versions prior to 3.2.0, an unauthenticated attacker with network access to the Controller API can create unprivileged user accounts. The user which is created is only able to upload a new license to the system but cannot view or modify any other components of the system.Show less
CVE-2020-10029 6Canonical DebianFedoraproject+3 more 11Active Iq Unified Manager Cloud BackupDebian Linux+8 more Nov 21, 2024 Mar 4, 2020 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d41...Show more The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets. This is related to sysdeps/ieee754/ldbl-96/e_rem_pio2l.c.Show less
CVE-2020-9391 3Fedoraproject LinuxNetapp 9Active Iq Unified Manager Cloud BackupData Availability Services+6 more Nov 21, 2024 Feb 25, 2020 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 An issue was discovered in the Linux kernel 5.4 and 5.5 through 5.5.6 on the AArch64 architecture. It ignores the top byte in the address passed to the brk system call, potentially moving the memory break downwards when...Show more An issue was discovered in the Linux kernel 5.4 and 5.5 through 5.5.6 on the AArch64 architecture. It ignores the top byte in the address passed to the brk system call, potentially moving the memory break downwards when the application expects it to move upwards, aka CID-dcde237319e6. This has been observed to cause heap corruption with the GNU C Library malloc implementation.Show less
CVE-2020-9383 5Canonical DebianLinux+2 more 12Active Iq Unified Manager Cloud BackupData Availability Services+9 more Nov 21, 2024 Feb 25, 2020 N/A· v4 7.1 HIGH· v3 3.6 LOW· v2 An issue was discovered in the Linux kernel 3.16 through 5.5.6. set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it, aka CID-...Show more An issue was discovered in the Linux kernel 3.16 through 5.5.6. set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it, aka CID-2e90ca68b0d2.Show less
CVE-2020-9327 5Canonical NetappOracle+2 more 11Cloud Backup Communications Messaging ServerCommunications Network Charging And Control+8 more Nov 21, 2024 Feb 21, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations.
CVE-2020-8992 4Canonical LinuxNetapp+1 more 10Active Iq Unified Manager Cloud BackupData Availability Services+7 more Nov 21, 2024 Feb 14, 2020 N/A· v4 5.5 MEDIUM· v3 4.9 MEDIUM· v2 ext4_protect_reserved_inode in fs/ext4/block_validity.c in the Linux kernel through 5.5.3 allows attackers to cause a denial of service (soft lockup) via a crafted journal size.
CVE-2020-8648 6Broadcom CanonicalDebian+3 more 9Active Iq Unified Manager Brocade Fabric Operating System FirmwareCloud Backup+6 more Nov 21, 2024 Feb 6, 2020 N/A· v4 7.1 HIGH· v3 3.6 LOW· v2 There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common function in drivers/tty/n_tty.c.
CVE-2019-20388 6Debian FedoraprojectNetapp+3 more 24Cloud Backup Clustered Data OntapCommunications Cloud Native Core Network Function Cloud Native Environment+21 more Dec 17, 2025 Jan 21, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.
CVE-2019-20386 5Canonical FedoraprojectNetapp+2 more 7Active Iq Unified Manager Cloud BackupFedora+4 more Jun 9, 2025 Jan 21, 2020 N/A· v4 2.4 LOW· v3 2.1 LOW· v2 An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur.
CVE-2019-18282 3Debian LinuxNetapp 148300 Firmware 8700 FirmwareA400 Firmware+11 more Nov 21, 2024 Jan 16, 2020 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 The flow_dissector feature in the Linux kernel 4.3 through 5.x before 5.3.10 has a device tracking vulnerability, aka CID-55667441c84f. This occurs because the auto flowlabel of a UDP IPv6 packet relies on a 32-bit hashr...Show more The flow_dissector feature in the Linux kernel 4.3 through 5.x before 5.3.10 has a device tracking vulnerability, aka CID-55667441c84f. This occurs because the auto flowlabel of a UDP IPv6 packet relies on a 32-bit hashrnd value as a secret, and because jhash (instead of siphash) is used. The hashrnd value remains the same starting from boot time, and can be inferred by an attacker. This affects net/core/flow_dissector.c and related code.Show less
CVE-2020-2585 2Netapp Oracle 14Active Iq Unified Manager Cloud BackupE Series Performance Analyzer+11 more Nov 21, 2024 Jan 15, 2020 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 Vulnerability in the Java SE product of Oracle Java SE (component: JavaFX). The supported version that is affected is Java SE: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access...Show more Vulnerability in the Java SE product of Oracle Java SE (component: JavaFX). The supported version that is affected is Java SE: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).Show less

Previous 1...101112...18 Next