Clustered Data Ontap

clustered_data_ontap

Vendor: Netapp • 187 CVEs

CVEs (187)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-7070 7Canonical DebianFedoraproject+4 more 7Clustered Data Ontap Debian LinuxFedora+4 more Nov 21, 2024 Oct 2, 2020 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like __Host conf...Show more In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like __Host confused with cookies that decode to such prefix, thus leading to an attacker being able to forge cookie which is supposed to be secure. See also CVE-2020-8184 for more information.Show less
CVE-2020-7069 8Canonical DebianFedoraproject+5 more 8Clustered Data Ontap Communications Diameter Signaling RouterDebian Linux+5 more Nov 21, 2024 Oct 2, 2020 N/A· v4 6.5 MEDIUM· v3 6.4 MEDIUM· v2 In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to b...Show more In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data.Show less
CVE-2020-24718 4Freebsd NetappOmniosce+1 more 4Clustered Data Ontap FreebsdOmnios+1 more Nov 21, 2024 Sep 25, 2020 N/A· v4 8.2 HIGH· v3 7.2 HIGH· v2 bhyve, as used in FreeBSD through 12.1 and illumos (e.g., OmniOS CE through r151034 and OpenIndiana through Hipster 2020.04), does not properly restrict VMCS and VMCB read/write operations, as demonstrated by a root user...Show more bhyve, as used in FreeBSD through 12.1 and illumos (e.g., OmniOS CE through r151034 and OpenIndiana through Hipster 2020.04), does not properly restrict VMCS and VMCB read/write operations, as demonstrated by a root user in a container on an Intel system, who can gain privileges by modifying VMCS_HOST_RIP.Show less
CVE-2020-24977 6Debian FedoraprojectNetapp+3 more 18Active Iq Unified Manager Clustered Data OntapClustered Data Ontap Antivirus Connector+15 more Nov 21, 2024 Sep 4, 2020 N/A· v4 6.5 MEDIUM· v3 6.4 MEDIUM· v2 GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e.
CVE-2020-8576 1Netapp 1Clustered Data Ontap Nov 21, 2024 Sep 2, 2020 N/A· v4 5.4 MEDIUM· v3 5.5 MEDIUM· v2 Clustered Data ONTAP versions prior to 9.3P19, 9.5P14, 9.6P9 and 9.7 are susceptible to a vulnerability which when successfully exploited could lead to addition or modification of data or disclosure of sensitive informat...Show more Clustered Data ONTAP versions prior to 9.3P19, 9.5P14, 9.6P9 and 9.7 are susceptible to a vulnerability which when successfully exploited could lead to addition or modification of data or disclosure of sensitive information.Show less
CVE-2020-11993 7Apache CanonicalDebian+4 more 13Clustered Data Ontap Communications Element ManagerCommunications Session Report Manager+10 more May 1, 2025 Aug 7, 2020 N/A· v4 7.5 HIGH· v3 4.3 MEDIUM· v2 Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory...Show more Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of mod_http2 above "info" will mitigate this vulnerability for unpatched servers.Show less
CVE-2020-11984 7Apache CanonicalDebian+4 more 13Clustered Data Ontap Communications Element ManagerCommunications Session Report Manager+10 more Nov 21, 2024 Aug 7, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE
CVE-2020-14155 6Apple GitlabNetapp+3 more 15Active Iq Unified Manager Cloud BackupClustered Data Ontap+12 more Nov 21, 2024 Jun 15, 2020 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.
CVE-2020-7456 2Freebsd Netapp 2Clustered Data Ontap Freebsd Nov 21, 2024 Jun 9, 2020 N/A· v4 6.8 MEDIUM· v3 7.2 HIGH· v2 In FreeBSD 12.1-STABLE before r361918, 12.1-RELEASE before p6, 11.4-STABLE before r361919, 11.3-RELEASE before p10, and 11.4-RC2 before p1, an invalid memory location may be used for HID items if the push/pop level is no...Show more In FreeBSD 12.1-STABLE before r361918, 12.1-RELEASE before p6, 11.4-STABLE before r361919, 11.3-RELEASE before p10, and 11.4-RC2 before p1, an invalid memory location may be used for HID items if the push/pop level is not restored within the processing of that HID item allowing an attacker with physical access to a USB port to be able to use a specially crafted USB device to gain kernel or user-space code execution.Show less
CVE-2020-13817 4Fujitsu NetappNtp+1 more 25Cloud Backup Clustered Data OntapData Ontap+22 more May 5, 2025 Jun 4, 2020 N/A· v4 7.4 HIGH· v3 5.8 MEDIUM· v2 ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must...Show more ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim's ntpd instance.Show less
CVE-2019-5614 2Freebsd Netapp 2Clustered Data Ontap Freebsd Nov 21, 2024 Apr 29, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 In FreeBSD 12.1-STABLE before r356035, 12.1-RELEASE before 12.1-RELEASE-p4, 11.3-STABLE before r356036, and 11.3-RELEASE before 11.3-RELEASE-p8, incomplete packet data validation may result in accessing out-of-bounds mem...Show more In FreeBSD 12.1-STABLE before r356035, 12.1-RELEASE before 12.1-RELEASE-p4, 11.3-STABLE before r356036, and 11.3-RELEASE before 11.3-RELEASE-p8, incomplete packet data validation may result in accessing out-of-bounds memory leading to a kernel panic or other unpredictable results.Show less
CVE-2019-15874 2Freebsd Netapp 2Clustered Data Ontap Freebsd Nov 21, 2024 Apr 29, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 In FreeBSD 12.1-STABLE before r356035, 12.1-RELEASE before 12.1-RELEASE-p4, 11.3-STABLE before r356036, and 11.3-RELEASE before 11.3-RELEASE-p8, incomplete packet data validation may result in memory access after it has...Show more In FreeBSD 12.1-STABLE before r356035, 12.1-RELEASE before 12.1-RELEASE-p4, 11.3-STABLE before r356036, and 11.3-RELEASE before 11.3-RELEASE-p8, incomplete packet data validation may result in memory access after it has been freed leading to a kernel panic or other unpredictable results.Show less
CVE-2020-11868 5Debian NetappNtp+2 more 17All Flash Fabric Attached Storage 8300 Firmware All Flash Fabric Attached Storage 8700 FirmwareAll Flash Fabric Attached Storage A400 Firmware+14 more May 5, 2025 Apr 17, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled e...Show more ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packet lacks a valid origin timestamp.Show less
CVE-2020-7595 7Canonical DebianFedoraproject+4 more 24Clustered Data Ontap Communications Cloud Native Core Network Function Cloud Native EnvironmentDebian Linux+21 more Dec 3, 2025 Jan 21, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.
CVE-2019-20388 6Debian FedoraprojectNetapp+3 more 24Cloud Backup Clustered Data OntapCommunications Cloud Native Core Network Function Cloud Native Environment+21 more Dec 17, 2025 Jan 21, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.
CVE-2019-19956 7Canonical DebianFedoraproject+4 more 12Active Iq Unified Manager Clustered Data OntapClustered Data Ontap Antivirus Connector+9 more Dec 3, 2025 Dec 24, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs.
CVE-2019-5508 1Netapp 1Clustered Data Ontap Nov 21, 2024 Oct 25, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Clustered Data ONTAP versions 9.2 through 9.4 are susceptible to a vulnerability which allows an attacker to use l2ping to cause a Denial of Service (DoS).
CVE-2019-5506 1Netapp 1Clustered Data Ontap Nov 21, 2024 Oct 9, 2019 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 Clustered Data ONTAP versions 9.0 and higher do not enforce hostname verification under certain circumstances making them susceptible to impersonation via man-in-the-middle attacks.
CVE-2019-10092 8Apache CanonicalDebian+5 more 10Clustered Data Ontap Communications Element ManagerDebian Linux+7 more Nov 21, 2024 Sep 26, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of...Show more In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed.Show less
CVE-2019-5612 2Freebsd Netapp 2Clustered Data Ontap Freebsd Nov 21, 2024 Aug 30, 2019 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 In FreeBSD 12.0-STABLE before r351264, 12.0-RELEASE before 12.0-RELEASE-p10, 11.3-STABLE before r351265, 11.3-RELEASE before 11.3-RELEASE-p3, and 11.2-RELEASE before 11.2-RELEASE-p14, the kernel driver for /dev/midistat...Show more In FreeBSD 12.0-STABLE before r351264, 12.0-RELEASE before 12.0-RELEASE-p10, 11.3-STABLE before r351265, 11.3-RELEASE before 11.3-RELEASE-p3, and 11.2-RELEASE before 11.2-RELEASE-p14, the kernel driver for /dev/midistat implements a read handler that is not thread-safe. A multi-threaded program can exploit races in the handler to copy out kernel memory outside the boundaries of midistat's data buffer.Show less

Previous 1...567...10 Next