Netapp

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-8622 8Canonical DebianFedoraproject+5 more 8Bind Communications Diameter Signaling RouterDebian Linux+5 more Jun 17, 2026 Aug 21, 2020 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating the serve...Show more In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a truncated response to that request, triggering an assertion failure, causing the server to exit. Alternately, an off-path attacker would have to correctly guess when a TSIG-signed request was sent, along with other characteristics of the packet and message, and spoof a truncated response to trigger an assertion failure, causing the server to exit.Show less
CVE-2020-8621 5Canonical IscNetapp+2 more 5Bind Dns ServerLeap+2 more Jun 17, 2026 Aug 21, 2020 N/A· v4 7.5 HIGH· v3 4.3 MEDIUM· v2 In BIND 9.14.0 -> 9.16.5, 9.17.0 -> 9.17.3, If a server is configured with both QNAME minimization and 'forward first' then an attacker who can send queries to it may be able to trigger the condition that will cause the...Show more In BIND 9.14.0 -> 9.16.5, 9.17.0 -> 9.17.3, If a server is configured with both QNAME minimization and 'forward first' then an attacker who can send queries to it may be able to trigger the condition that will cause the server to crash. Servers that 'forward only' are not affected.Show less
CVE-2020-8620 4Canonical IscNetapp+1 more 4Bind LeapSteelstore Cloud Integrated Storage+1 more Jun 17, 2026 Aug 21, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In BIND 9.15.6 -> 9.16.5, 9.17.0 -> 9.17.3, An attacker who can establish a TCP connection with the server and send data on that connection can exploit this to trigger the assertion failure, causing the server to exit.
CVE-2020-15862 3Canonical Net SnmpNetapp 6Cloud Backup Hci Management NodeNet Snmp+3 more Jun 17, 2026 Aug 20, 2020 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 Net-SNMP through 5.8 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability to run arbitrary commands as root.
CVE-2020-15861 3Canonical Net SnmpNetapp 5Cloud Backup Net SnmpSmi S Provider+2 more Jun 17, 2026 Aug 20, 2020 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 Net-SNMP through 5.7.3 allows Escalation of Privileges because of UNIX symbolic link (symlink) following.
CVE-2020-14356 6Canonical DebianLinux+3 more 10Active Iq Unified Manager Cloud BackupDebian Linux+7 more Jun 17, 2026 Aug 19, 2020 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found in the way when reboot the system. A local user could use this flaw to crash the system or escalate their privile...Show more A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found in the way when reboot the system. A local user could use this flaw to crash the system or escalate their privileges on the system.Show less
CVE-2020-11993 7Apache CanonicalDebian+4 more 13Clustered Data Ontap Communications Element ManagerCommunications Session Report Manager+10 more Jun 17, 2026 Aug 7, 2020 N/A· v4 7.5 HIGH· v3 4.3 MEDIUM· v2 Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory...Show more Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of mod_http2 above "info" will mitigate this vulnerability for unpatched servers.Show less
CVE-2020-11984 7Apache CanonicalDebian+4 more 13Clustered Data Ontap Communications Element ManagerCommunications Session Report Manager+10 more Jun 17, 2026 Aug 7, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE
CVE-2020-8575 1Netapp 1Active Iq Unified Manager Jun 17, 2026 Aug 3, 2020 N/A· v4 4.4 MEDIUM· v3 2.1 LOW· v2 Active IQ Unified Manager for VMware vSphere and Windows versions prior to 9.5 are susceptible to a vulnerability which allows administrative users to cause Denial of Service (DoS).
CVE-2020-8574 1Netapp 1Active Iq Unified Manager Jun 17, 2026 Aug 3, 2020 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Active IQ Unified Manager for Linux versions prior to 9.6 ship with the Java Management Extension Remote Method Invocation (JMX RMI) service enabled allowing unauthorized code execution to local users.
CVE-2020-16166 7Canonical DebianFedoraproject+4 more 15Active Iq Unified Manager Cloud Volumes Ontap MediatorDebian Linux+12 more Jun 17, 2026 Jul 30, 2020 N/A· v4 3.7 LOW· v3 4.3 MEDIUM· v2 The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is related to drivers/char/ra...Show more The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is related to drivers/char/random.c and kernel/time/timer.c.Show less
CVE-2020-7699 2Express Fileupload Project Netapp 2Express Fileupload Max Data Jun 17, 2026 Jul 30, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 This affects the package express-fileupload before 1.1.8. If the parseNested option is enabled, sending a corrupt HTTP request can lead to denial of service or arbitrary code execution.
CVE-2020-15707 8Canonical DebianGnu+5 more 15Active Iq Unified Manager Debian LinuxEnterprise Linux+12 more Jun 17, 2026 Jul 29, 2020 N/A· v4 6.4 MEDIUM· v3 4.4 MEDIUM· v2 Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream),...Show more Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. These could be triggered by an extremely large number of arguments to the initrd command on 32-bit architectures, or a crafted filesystem with very large files on any architecture. An attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. This issue affects GRUB2 version 2.04 and prior versions.Show less
CVE-2020-11110 2Grafana Netapp 2E Series Performance Analyzer Grafana Jun 17, 2026 Jul 27, 2020 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Grafana through 6.7.1 allows stored XSS due to insufficient input protection in the originalUrl field, which allows an attacker to inject JavaScript code that will be executed after clicking on Open Original Dashboard af...Show more Grafana through 6.7.1 allows stored XSS due to insufficient input protection in the originalUrl field, which allows an attacker to inject JavaScript code that will be executed after clicking on Open Original Dashboard after visiting the snapshot.Show less
CVE-2020-8174 3Netapp NodejsOracle 9Active Iq Unified Manager Banking Extensibility WorkbenchBlockchain Platform+6 more Jun 17, 2026 Jul 24, 2020 N/A· v4 8.1 HIGH· v3 9.3 HIGH· v2 napi_get_value_string_*() allows various kinds of memory corruption in node < 10.21.0, 12.18.0, and < 14.4.0.
CVE-2020-14725 2Netapp Oracle 2Active Iq Unified Manager Mysql Jun 17, 2026 Jul 24, 2020 N/A· v4 4.9 MEDIUM· v3 4.0 MEDIUM· v2 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with n...Show more Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).Show less
CVE-2020-15778 3Broadcom NetappOpenbsd 9A700s Firmware Active Iq Unified ManagerFabric Operating System+6 more Jun 17, 2026 Jul 24, 2020 N/A· v4 7.4 HIGH· v3 6.8 MEDIUM· v2 scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omi...Show more scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a great chance of breaking existing workflows."Show less
CVE-2020-15852 3Linux NetappXen 5Cloud Backup Linux KernelSolidfire Baseboard Management Controller+2 more Jun 17, 2026 Jul 20, 2020 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 An issue was discovered in the Linux kernel 5.5 through 5.7.9, as used in Xen through 4.13.x for x86 PV guests. An attacker may be granted the I/O port permissions of an unrelated task. This occurs because tss_invalidate...Show more An issue was discovered in the Linux kernel 5.5 through 5.7.9, as used in Xen through 4.13.x for x86 PV guests. An attacker may be granted the I/O port permissions of an unrelated task. This occurs because tss_invalidate_io_bitmap mishandling causes a loss of synchronization between the I/O bitmaps of TSS and Xen, aka CID-cadfad870154.Show less
CVE-2020-15801 2Netapp Python 2Max Data Python Jun 17, 2026 Jul 17, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 In Python 3.8.4, sys.path restrictions specified in a python38._pth file are ignored, allowing code to be loaded from arbitrary locations. The <executable-name>._pth file (e.g., the python._pth file) is not affected.
CVE-2020-14702 3Canonical NetappOracle 6Active Iq Unified Manager MysqlOncommand Insight+3 more Jun 17, 2026 Jul 15, 2020 N/A· v4 4.9 MEDIUM· v3 4.0 MEDIUM· v2 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged atta...Show more Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).Show less

Previous 1...798081...126 Next