← Back

Netapp

netapp

2,507 CVEs • 371 products

Products (371)

Click to collapse
Toggle
Oncommand Insight
oncommand_insight
971 CVEs
Active Iq Unified Manager
active_iq_unified_manager
848 CVEs
Oncommand Workflow Automation
oncommand_workflow_automation
743 CVEs
Snapcenter
snapcenter
575 CVEs
Cloud Backup
cloud_backup
345 CVEs
H700s Firmware
h700s_firmware
290 CVEs
H300s Firmware
h300s_firmware
289 CVEs
H500s Firmware
h500s_firmware
289 CVEs
H410s Firmware
h410s_firmware
289 CVEs
E Series Santricity Os Controller
e-series_santricity_os_controller
242 CVEs
H410c Firmware
h410c_firmware
237 CVEs
Steelstore Cloud Integrated Storage
steelstore_cloud_integrated_storage
211 CVEs
Solidfire
solidfire
192 CVEs
Clustered Data Ontap
clustered_data_ontap
187 CVEs
Hci Management Node
hci_management_node
182 CVEs
Snapmanager
snapmanager
180 CVEs
Ontap Select Deploy Administration Utility
ontap_select_deploy_administration_utility
179 CVEs
Oncommand Unified Manager
oncommand_unified_manager
169 CVEs
H700e Firmware
h700e_firmware
149 CVEs
H300e Firmware
h300e_firmware
148 CVEs
H500e Firmware
h500e_firmware
148 CVEs
E Series Santricity Storage Manager
e-series_santricity_storage_manager
140 CVEs
Storage Automation Store
storage_automation_store
113 CVEs
Solidfire & Hci Management Node
solidfire_&_hci_management_node
103 CVEs
Element Software
element_software
100 CVEs
E Series Santricity Web Services
e-series_santricity_web_services
99 CVEs
Oncommand Balance
oncommand_balance
83 CVEs
Santricity Unified Manager
santricity_unified_manager
77 CVEs
7 Mode Transition Tool
7-mode_transition_tool
75 CVEs
Oncommand Performance Manager
oncommand_performance_manager
73 CVEs
Storagegrid
storagegrid
72 CVEs
Virtual Storage Console
virtual_storage_console
70 CVEs
Solidfire Baseboard Management Controller Firmware
solidfire_baseboard_management_controller_firmware
70 CVEs
Vasa Provider For Clustered Data Ontap
vasa_provider_for_clustered_data_ontap
69 CVEs
Plug In For Symantec Netbackup
plug-in_for_symantec_netbackup
69 CVEs
Oncommand Shift
oncommand_shift
64 CVEs
Storage Replication Adapter For Clustered Data Ontap
storage_replication_adapter_for_clustered_data_ontap
63 CVEs
H610s Firmware
h610s_firmware
62 CVEs
E Series Performance Analyzer
e-series_performance_analyzer
61 CVEs
Data Availability Services
data_availability_services
61 CVEs
Cloud Secure Agent
cloud_secure_agent
57 CVEs
Bootstrap Os
bootstrap_os
56 CVEs
Cloud Insights Acquisition Unit
cloud_insights_acquisition_unit
53 CVEs
Hci Compute Node
hci_compute_node
49 CVEs
Solidfire, Enterprise Sds & Hci Storage Node
solidfire,_enterprise_sds_&_hci_storage_node
43 CVEs
Data Ontap
data_ontap
42 CVEs
Snap Creator Framework
snap_creator_framework
42 CVEs
H610c Firmware
h610c_firmware
38 CVEs
E Series Santricity Web Services Proxy
e-series_santricity_web_services_proxy
35 CVEs
Hci Compute Node Firmware
hci_compute_node_firmware
35 CVEs
H615c Firmware
h615c_firmware
35 CVEs
Hci Baseboard Management Controller
hci_baseboard_management_controller
34 CVEs
A700s Firmware
a700s_firmware
32 CVEs
Solidfire Baseboard Management Controller
solidfire_baseboard_management_controller
32 CVEs
E Series Santricity Unified Manager
e-series_santricity_unified_manager
30 CVEs
Service Level Manager
service_level_manager
29 CVEs
Ontap Tools
ontap_tools
29 CVEs
E Series Santricity Management Plug Ins
e-series_santricity_management_plug-ins
28 CVEs
Hci Storage Node
hci_storage_node
27 CVEs
Oncommand System Manager
oncommand_system_manager
27 CVEs
Santricity Cloud Connector
santricity_cloud_connector
27 CVEs
Hci Bootstrap Os
hci_bootstrap_os
27 CVEs
Management Services For Element Software
management_services_for_element_software
27 CVEs
Solidfire & Hci Storage Node
solidfire_&_hci_storage_node
26 CVEs
H300s
h300s
26 CVEs
H500s
h500s
26 CVEs
H700s
h700s
26 CVEs
H410s
h410s
26 CVEs
Ontap
ontap
24 CVEs
Clustered Data Ontap Antivirus Connector
clustered_data_ontap_antivirus_connector
23 CVEs
Data Ontap Edge
data_ontap_edge
23 CVEs
Snapcenter Server
snapcenter_server
23 CVEs
Cloud Insights Storage Workload Security Agent
cloud_insights_storage_workload_security_agent
23 CVEs
Santricity Storage Plugin
santricity_storage_plugin
23 CVEs
Cn1610 Firmware
cn1610_firmware
22 CVEs
Fas/aff Bios
fas/aff_bios
22 CVEs
Aff A400 Firmware
aff_a400_firmware
21 CVEs
Hci Compute Node Bios
hci_compute_node_bios
21 CVEs
A250 Firmware
a250_firmware
21 CVEs
Smi S Provider
smi-s_provider
19 CVEs
Oncommand Api Services
oncommand_api_services
19 CVEs
Cloud Manager
cloud_manager
19 CVEs
Snapdrive
snapdrive
18 CVEs
Snapprotect
snapprotect
18 CVEs
Aff A700s Firmware
aff_a700s_firmware
18 CVEs
A400 Firmware
a400_firmware
17 CVEs
Management Services For Netapp Hci
management_services_for_netapp_hci
17 CVEs
Hci
hci
16 CVEs
8300 Firmware
8300_firmware
16 CVEs
8700 Firmware
8700_firmware
16 CVEs
Management Services For Element Software And Netapp Hci
management_services_for_element_software_and_netapp_hci
16 CVEs
Solidfire Bios
solidfire_bios
16 CVEs
Active Iq Performance Analytics Services
active_iq_performance_analytics_services
15 CVEs
Aff Baseboard Management Controller
aff_baseboard_management_controller
15 CVEs
Manageability Software Development Kit
manageability_software_development_kit
15 CVEs
Fas/aff Baseboard Management Controller
fas/aff_baseboard_management_controller
14 CVEs
Hci Storage Node Bios
hci_storage_node_bios
14 CVEs
Aff 500f Firmware
aff_500f_firmware
14 CVEs
Data Infrastructure Insights Storage Workload Security Agent
data_infrastructure_insights_storage_workload_security_agent
14 CVEs
Service Processor
service_processor
13 CVEs

CVEs (2,507)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2020-14155
6Apple
GitlabNetapp+3 more
15Active Iq Unified Manager
Cloud BackupClustered Data Ontap+12 more
Nov 21, 2024
Jun 15, 2020
N/A· v4
5.3 MEDIUM· v3
5.0 MEDIUM· v2
libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.
CVE-2020-14060
3Fasterxml
NetappOracle
12Active Iq Unified Manager
Agile PlmBanking Digital Experience+9 more
Apr 29, 2026
Jun 14, 2020
N/A· v4
8.1 HIGH· v3
6.8 MEDIUM· v2
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).
CVE-2020-14062
4Debian
FasterxmlNetapp+1 more
13Active Iq Unified Manager
Agile PlmBanking Digital Experience+10 more
Apr 29, 2026
Jun 14, 2020
N/A· v4
8.1 HIGH· v3
6.8 MEDIUM· v2
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).
CVE-2020-14061
4Debian
FasterxmlNetapp+1 more
15Active Iq Unified Manager
Agile PlmAutovue For Agile Product Lifecycle Management+12 more
Aug 27, 2025
Jun 14, 2020
N/A· v4
8.1 HIGH· v3
6.8 MEDIUM· v2
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms....Show more
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).Show less
CVE-2020-10732
4Canonical
LinuxNetapp+1 more
19Active Iq Unified Manager
Aff 8300 FirmwareAff 8700 Firmware+16 more
Nov 21, 2024
Jun 12, 2020
N/A· v4
4.4 MEDIUM· v3
3.6 LOW· v2
A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data.
CVE-2020-10705
2Netapp
Redhat
4Jboss Enterprise Application Platform
Oncommand InsightOpenshift Application Runtimes+1 more
Nov 21, 2024
Jun 10, 2020
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
A flaw was discovered in Undertow in versions before Undertow 2.1.1.Final where certain requests to the "Expect: 100-continue" header may cause an out of memory error. This flaw may potentially lead to a denial of servic...Show more
A flaw was discovered in Undertow in versions before Undertow 2.1.1.Final where certain requests to the "Expect: 100-continue" header may cause an out of memory error. This flaw may potentially lead to a denial of service.Show less
CVE-2020-7456
2Freebsd
Netapp
2Clustered Data Ontap
Freebsd
Nov 21, 2024
Jun 9, 2020
N/A· v4
6.8 MEDIUM· v3
7.2 HIGH· v2
In FreeBSD 12.1-STABLE before r361918, 12.1-RELEASE before p6, 11.4-STABLE before r361919, 11.3-RELEASE before p10, and 11.4-RC2 before p1, an invalid memory location may be used for HID items if the push/pop level is no...Show more
In FreeBSD 12.1-STABLE before r361918, 12.1-RELEASE before p6, 11.4-STABLE before r361919, 11.3-RELEASE before p10, and 11.4-RC2 before p1, an invalid memory location may be used for HID items if the push/pop level is not restored within the processing of that HID item allowing an attacker with physical access to a USB port to be able to use a specially crafted USB device to gain kernel or user-space code execution.Show less
CVE-2020-10757
7Canonical
DebianFedoraproject+4 more
10Active Iq Unified Manager
Cloud BackupDebian Linux+7 more
Nov 21, 2024
Jun 9, 2020
N/A· v4
7.8 HIGH· v3
6.9 MEDIUM· v2
A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system.
CVE-2020-13871
6Debian
FedoraprojectNetapp+3 more
12Cloud Backup
Communications Messaging ServerCommunications Network Charging And Control+9 more
Nov 21, 2024
Jun 6, 2020
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late.
CVE-2020-12723
5Fedoraproject
NetappOpensuse+2 more
16Communications Billing And Revenue Management
Communications Diameter Signaling RouterCommunications Eagle Application Processor+13 more
Nov 21, 2024
Jun 5, 2020
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.
CVE-2020-10878
5Fedoraproject
NetappOpensuse+2 more
17Communications Billing And Revenue Management
Communications Diameter Signaling RouterCommunications Eagle Application Processor+14 more
Nov 21, 2024
Jun 5, 2020
N/A· v4
8.6 HIGH· v3
7.5 HIGH· v2
Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.
CVE-2020-13692
5Debian
FedoraprojectNetapp+2 more
5Debian Linux
FedoraPostgresql Jdbc Driver+2 more
Nov 21, 2024
Jun 4, 2020
N/A· v4
7.7 HIGH· v3
6.8 MEDIUM· v2
PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE.
CVE-2020-13817
4Fujitsu
NetappNtp+1 more
25Cloud Backup
Clustered Data OntapData Ontap+22 more
May 5, 2025
Jun 4, 2020
N/A· v4
7.4 HIGH· v3
5.8 MEDIUM· v2
ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must...Show more
ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim's ntpd instance.Show less
CVE-2020-13379
4Fedoraproject
GrafanaNetapp+1 more
5Backports Sle
E Series Performance AnalyzerFedora+2 more
Nov 21, 2024
Jun 3, 2020
N/A· v4
8.2 HIGH· v3
6.4 MEDIUM· v2
The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. This vulnerability allows any unauthenticated user/client to make Grafana send HTTP requests to any URL and return its result...Show more
The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. This vulnerability allows any unauthenticated user/client to make Grafana send HTTP requests to any URL and return its result to the user/client. This can be used to gain information about the network that Grafana is running on. Furthermore, passing invalid URL objects could be used for DOS'ing Grafana via SegFault.Show less
CVE-2020-13596
6Canonical
DebianDjangoproject+3 more
7Debian Linux
DjangoFedora+4 more
Nov 21, 2024
Jun 3, 2020
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated by the Django admin ForeignKeyRawIdWidget were not properly URL encoded, leading to a possibility of an XSS attack.
CVE-2020-13254
6Canonical
DebianDjangoproject+3 more
7Debian Linux
DjangoFedora+4 more
Nov 21, 2024
Jun 3, 2020
N/A· v4
5.9 MEDIUM· v3
4.3 MEDIUM· v2
An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential da...Show more
An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage.Show less
CVE-2020-13776
3Fedoraproject
NetappSystemd Project
4Active Iq Unified Manager
FedoraSolidfire & Hci Management Node+1 more
Jun 9, 2025
Jun 3, 2020
N/A· v4
6.7 MEDIUM· v3
6.2 MEDIUM· v2
systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were intended. N...Show more
systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were intended. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000082.Show less
CVE-2020-13645
5Broadcom
CanonicalFedoraproject+2 more
6Balsa
Cloud BackupFabric Operating System+3 more
Nov 21, 2024
May 28, 2020
N/A· v4
6.5 MEDIUM· v3
6.4 MEDIUM· v2
In GNOME glib-networking through 2.64.2, the implementation of GTlsClientConnection skips hostname verification of the server's TLS certificate if the application fails to specify the expected server identity. This is in...Show more
In GNOME glib-networking through 2.64.2, the implementation of GTlsClientConnection skips hostname verification of the server's TLS certificate if the application fails to specify the expected server identity. This is in contrast to its intended documented behavior, to fail the certificate verification. Applications that fail to provide the server identity, including Balsa before 2.5.11 and 2.6.x before 2.6.1, accept a TLS certificate if the certificate is valid for any host.Show less
CVE-2020-13632
8Brocade
CanonicalDebian+5 more
12Cloud Backup
Communications Network Charging And ControlDebian Linux+9 more
Nov 21, 2024
May 27, 2020
N/A· v4
5.5 MEDIUM· v3
2.1 LOW· v2
ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query.
CVE-2020-13631
8Apple
BrocadeCanonical+5 more
18Cloud Backup
Communications Network Charging And ControlFabric Operating System+15 more
Nov 21, 2024
May 27, 2020
N/A· v4
5.5 MEDIUM· v3
2.1 LOW· v2
SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c.