← Back

Netapp

netapp

2,507 CVEs • 371 products

Products (371)

Click to collapse
Toggle
Oncommand Insight
oncommand_insight
971 CVEs
Active Iq Unified Manager
active_iq_unified_manager
848 CVEs
Oncommand Workflow Automation
oncommand_workflow_automation
743 CVEs
Snapcenter
snapcenter
575 CVEs
Cloud Backup
cloud_backup
345 CVEs
H700s Firmware
h700s_firmware
290 CVEs
H300s Firmware
h300s_firmware
289 CVEs
H500s Firmware
h500s_firmware
289 CVEs
H410s Firmware
h410s_firmware
289 CVEs
E Series Santricity Os Controller
e-series_santricity_os_controller
242 CVEs
H410c Firmware
h410c_firmware
237 CVEs
Steelstore Cloud Integrated Storage
steelstore_cloud_integrated_storage
211 CVEs
Solidfire
solidfire
192 CVEs
Clustered Data Ontap
clustered_data_ontap
187 CVEs
Hci Management Node
hci_management_node
182 CVEs
Snapmanager
snapmanager
180 CVEs
Ontap Select Deploy Administration Utility
ontap_select_deploy_administration_utility
179 CVEs
Oncommand Unified Manager
oncommand_unified_manager
169 CVEs
H700e Firmware
h700e_firmware
149 CVEs
H300e Firmware
h300e_firmware
148 CVEs
H500e Firmware
h500e_firmware
148 CVEs
E Series Santricity Storage Manager
e-series_santricity_storage_manager
140 CVEs
Storage Automation Store
storage_automation_store
113 CVEs
Solidfire & Hci Management Node
solidfire_&_hci_management_node
103 CVEs
Element Software
element_software
100 CVEs
E Series Santricity Web Services
e-series_santricity_web_services
99 CVEs
Oncommand Balance
oncommand_balance
83 CVEs
Santricity Unified Manager
santricity_unified_manager
77 CVEs
7 Mode Transition Tool
7-mode_transition_tool
75 CVEs
Oncommand Performance Manager
oncommand_performance_manager
73 CVEs
Storagegrid
storagegrid
72 CVEs
Virtual Storage Console
virtual_storage_console
70 CVEs
Solidfire Baseboard Management Controller Firmware
solidfire_baseboard_management_controller_firmware
70 CVEs
Vasa Provider For Clustered Data Ontap
vasa_provider_for_clustered_data_ontap
69 CVEs
Plug In For Symantec Netbackup
plug-in_for_symantec_netbackup
69 CVEs
Oncommand Shift
oncommand_shift
64 CVEs
Storage Replication Adapter For Clustered Data Ontap
storage_replication_adapter_for_clustered_data_ontap
63 CVEs
H610s Firmware
h610s_firmware
62 CVEs
E Series Performance Analyzer
e-series_performance_analyzer
61 CVEs
Data Availability Services
data_availability_services
61 CVEs
Cloud Secure Agent
cloud_secure_agent
57 CVEs
Bootstrap Os
bootstrap_os
56 CVEs
Cloud Insights Acquisition Unit
cloud_insights_acquisition_unit
53 CVEs
Hci Compute Node
hci_compute_node
49 CVEs
Solidfire, Enterprise Sds & Hci Storage Node
solidfire,_enterprise_sds_&_hci_storage_node
43 CVEs
Data Ontap
data_ontap
42 CVEs
Snap Creator Framework
snap_creator_framework
42 CVEs
H610c Firmware
h610c_firmware
38 CVEs
E Series Santricity Web Services Proxy
e-series_santricity_web_services_proxy
35 CVEs
Hci Compute Node Firmware
hci_compute_node_firmware
35 CVEs
H615c Firmware
h615c_firmware
35 CVEs
Hci Baseboard Management Controller
hci_baseboard_management_controller
34 CVEs
A700s Firmware
a700s_firmware
32 CVEs
Solidfire Baseboard Management Controller
solidfire_baseboard_management_controller
32 CVEs
E Series Santricity Unified Manager
e-series_santricity_unified_manager
30 CVEs
Service Level Manager
service_level_manager
29 CVEs
Ontap Tools
ontap_tools
29 CVEs
E Series Santricity Management Plug Ins
e-series_santricity_management_plug-ins
28 CVEs
Hci Storage Node
hci_storage_node
27 CVEs
Oncommand System Manager
oncommand_system_manager
27 CVEs
Santricity Cloud Connector
santricity_cloud_connector
27 CVEs
Hci Bootstrap Os
hci_bootstrap_os
27 CVEs
Management Services For Element Software
management_services_for_element_software
27 CVEs
Solidfire & Hci Storage Node
solidfire_&_hci_storage_node
26 CVEs
H300s
h300s
26 CVEs
H500s
h500s
26 CVEs
H700s
h700s
26 CVEs
H410s
h410s
26 CVEs
Ontap
ontap
24 CVEs
Clustered Data Ontap Antivirus Connector
clustered_data_ontap_antivirus_connector
23 CVEs
Data Ontap Edge
data_ontap_edge
23 CVEs
Snapcenter Server
snapcenter_server
23 CVEs
Cloud Insights Storage Workload Security Agent
cloud_insights_storage_workload_security_agent
23 CVEs
Santricity Storage Plugin
santricity_storage_plugin
23 CVEs
Cn1610 Firmware
cn1610_firmware
22 CVEs
Fas/aff Bios
fas/aff_bios
22 CVEs
Aff A400 Firmware
aff_a400_firmware
21 CVEs
Hci Compute Node Bios
hci_compute_node_bios
21 CVEs
A250 Firmware
a250_firmware
21 CVEs
Smi S Provider
smi-s_provider
19 CVEs
Oncommand Api Services
oncommand_api_services
19 CVEs
Cloud Manager
cloud_manager
19 CVEs
Snapdrive
snapdrive
18 CVEs
Snapprotect
snapprotect
18 CVEs
Aff A700s Firmware
aff_a700s_firmware
18 CVEs
A400 Firmware
a400_firmware
17 CVEs
Management Services For Netapp Hci
management_services_for_netapp_hci
17 CVEs
Hci
hci
16 CVEs
8300 Firmware
8300_firmware
16 CVEs
8700 Firmware
8700_firmware
16 CVEs
Management Services For Element Software And Netapp Hci
management_services_for_element_software_and_netapp_hci
16 CVEs
Solidfire Bios
solidfire_bios
16 CVEs
Active Iq Performance Analytics Services
active_iq_performance_analytics_services
15 CVEs
Aff Baseboard Management Controller
aff_baseboard_management_controller
15 CVEs
Manageability Software Development Kit
manageability_software_development_kit
15 CVEs
Fas/aff Baseboard Management Controller
fas/aff_baseboard_management_controller
14 CVEs
Hci Storage Node Bios
hci_storage_node_bios
14 CVEs
Aff 500f Firmware
aff_500f_firmware
14 CVEs
Data Infrastructure Insights Storage Workload Security Agent
data_infrastructure_insights_storage_workload_security_agent
14 CVEs
Service Processor
service_processor
13 CVEs

CVEs (2,507)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2020-13630
9Apple
BrocadeCanonical+6 more
19Cloud Backup
Communications Network Charging And ControlDebian Linux+16 more
Nov 21, 2024
May 27, 2020
N/A· v4
7.0 HIGH· v3
4.4 MEDIUM· v2
ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.
CVE-2020-10719
2Netapp
Redhat
8Active Iq Unified Manager
FuseJboss Enterprise Application Platform+5 more
Nov 21, 2024
May 26, 2020
N/A· v4
6.5 MEDIUM· v3
6.4 MEDIUM· v2
A flaw was found in Undertow in versions before 2.1.1.Final, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw allows an attacker to take advantage of HTTP request smuggling.
CVE-2020-8572
1Netapp
2Element Healthtools
Element Os
Nov 21, 2024
May 21, 2020
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
Element OS prior to version 12.0 and Element HealthTools prior to version 2020.04.01.04 are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information.
CVE-2020-7656
4Jquery
JuniperNetapp+1 more
7Active Iq Unified Manager
Cloud BackupJquery+4 more
Nov 21, 2024
May 19, 2020
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "<script>" HTML tags that contain a whitespace character, i.e: "</script >", which results in t...Show more
jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "<script>" HTML tags that contain a whitespace character, i.e: "</script >", which results in the enclosed script logic to be executed.Show less
CVE-2020-13143
5Canonical
DebianLinux+2 more
24A700s Firmware
Active Iq Unified ManagerBootstrap Os+21 more
Nov 21, 2024
May 18, 2020
N/A· v4
6.5 MEDIUM· v3
4.3 MEDIUM· v2
gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux kernel 3.16 through 5.6.13 relies on kstrdup without considering the possibility of an internal '\0' value, which allows attackers to trigger an out...Show more
gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux kernel 3.16 through 5.6.13 relies on kstrdup without considering the possibility of an internal '\0' value, which allows attackers to trigger an out-of-bounds read, aka CID-15753588bcd4.Show less
CVE-2020-12888
6Canonical
DebianFedoraproject+3 more
25A700s Firmware
Active Iq Unified ManagerBootstrap Os+22 more
Nov 21, 2024
May 15, 2020
N/A· v4
5.3 MEDIUM· v3
4.7 MEDIUM· v2
The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space.
CVE-2019-5500
1Netapp
7Aff A200 Firmware
Aff A220 FirmwareAff A300 Firmware+4 more
Nov 21, 2024
May 11, 2020
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
Certain versions of the NetApp Service Processor and Baseboard Management Controller firmware allow a remote unauthenticated attacker to cause a Denial of Service (DoS).
CVE-2018-1285
4Apache
FedoraprojectNetapp+1 more
7Application Testing Suite
FedoraHospitality Opera 5+4 more
Nov 21, 2024
May 11, 2020
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files. This allows for XXE-based attacks in applications that accept attacker-controlled log4net configuration...Show more
Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files. This allows for XXE-based attacks in applications that accept attacker-controlled log4net configuration files.Show less
CVE-2020-12771
6Canonical
DebianLinux+3 more
24A700s Firmware
Active Iq Unified ManagerCloud Backup+21 more
Nov 21, 2024
May 9, 2020
N/A· v4
5.5 MEDIUM· v3
4.9 MEDIUM· v2
An issue was discovered in the Linux kernel through 5.6.11. btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails.
CVE-2020-12770
5Canonical
DebianFedoraproject+2 more
23A700s Firmware
Active Iq Unified ManagerBootstrap Os+20 more
Nov 21, 2024
May 9, 2020
N/A· v4
6.7 MEDIUM· v3
4.6 MEDIUM· v2
An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040.
CVE-2020-12769
5Canonical
DebianLinux+2 more
23A700s Firmware
Active Iq Unified ManagerCloud Backup+20 more
Nov 21, 2024
May 9, 2020
N/A· v4
5.5 MEDIUM· v3
4.9 MEDIUM· v2
An issue was discovered in the Linux kernel before 5.4.17. drivers/spi/spi-dw.c allows attackers to cause a panic via concurrent calls to dw_spi_irq and dw_spi_transfer_one, aka CID-19b61392c5a8.
CVE-2020-10690
6Canonical
DebianLinux+3 more
22Active Iq Unified Manager
Debian LinuxElement Software+19 more
Nov 21, 2024
May 8, 2020
N/A· v4
6.4 MEDIUM· v3
4.4 MEDIUM· v2
There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptp_clock and cdev while resource deallocation. When a (high privileged) process allocates a ptp device file (like /d...Show more
There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptp_clock and cdev while resource deallocation. When a (high privileged) process allocates a ptp device file (like /dev/ptpX) and voluntarily goes to sleep. During this time if the underlying device is removed, it can cause an exploitable condition as the process wakes up to terminate and clean all attached files. The system crashes due to the cdev structure being invalid (as already freed) which is pointed to by the inode.Show less
CVE-2020-12659
2Linux
Netapp
8Active Iq Unified Manager
Aff Baseboard Management ControllerCloud Backup+5 more
Nov 21, 2024
May 5, 2020
N/A· v4
6.7 MEDIUM· v3
7.2 HIGH· v2
An issue was discovered in the Linux kernel before 5.6.7. xdp_umem_reg in net/xdp/xdp_umem.c has an out-of-bounds write (by a user with the CAP_NET_ADMIN capability) because of a lack of headroom validation.
CVE-2020-12653
4Debian
LinuxNetapp+1 more
22A700s Firmware
Active Iq Unified ManagerCloud Backup+19 more
Nov 21, 2024
May 5, 2020
N/A· v4
7.8 HIGH· v3
4.6 MEDIUM· v2
An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv() function in drivers/net/wireless/marvell/mwifiex/scan.c allows local users to gain privileges or cause a denial of service because of an...Show more
An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv() function in drivers/net/wireless/marvell/mwifiex/scan.c allows local users to gain privileges or cause a denial of service because of an incorrect memcpy and buffer overflow, aka CID-b70261a288ea.Show less
CVE-2020-10683
5Canonical
Dom4j ProjectNetapp+2 more
38Agile Plm
Application Testing SuiteBanking Platform+35 more
Nov 21, 2024
May 1, 2020
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe,...Show more
dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.Show less
CVE-2020-1752
4Canonical
DebianGnu+1 more
8Active Iq Unified Manager
Debian LinuxGlibc+5 more
Nov 21, 2024
Apr 30, 2020
N/A· v4
7.0 HIGH· v3
3.7 LOW· v2
A use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the tilde expansion was carried out. Directory paths containing an initial tilde followed by a valid username were affected by...Show more
A use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the tilde expansion was carried out. Directory paths containing an initial tilde followed by a valid username were affected by this issue. A local attacker could exploit this flaw by creating a specially crafted path that, when processed by the glob function, would potentially lead to arbitrary code execution. This was fixed in version 2.32.Show less
CVE-2020-11022
8Debian
DrupalFedoraproject+5 more
70Agile Product Lifecycle Management For Process
Agile Product Supplier Collaboration For ProcessApplication Testing Suite+67 more
Apr 13, 2026
Apr 29, 2020
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted co...Show more
In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.Show less
CVE-2020-11023
7Debian
DrupalFedoraproject+4 more
52Active Iq Unified Manager
Application ExpressApplication Testing Suite+49 more
Nov 7, 2025
Apr 29, 2020
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(),...Show more
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.Show less
CVE-2020-12465
2Linux
Netapp
9Active Iq Unified Manager
Aff Baseboard Management ControllerCloud Backup+6 more
Nov 21, 2024
Apr 29, 2020
N/A· v4
6.7 MEDIUM· v3
7.2 HIGH· v2
An array overflow was discovered in mt76_add_fragment in drivers/net/wireless/mediatek/mt76/dma.c in the Linux kernel before 5.5.10, aka CID-b102f0c522cf. An oversized packet with too many rx fragments can corrupt memory...Show more
An array overflow was discovered in mt76_add_fragment in drivers/net/wireless/mediatek/mt76/dma.c in the Linux kernel before 5.5.10, aka CID-b102f0c522cf. An oversized packet with too many rx fragments can corrupt memory of adjacent pages.Show less
CVE-2020-12464
2Linux
Netapp
10Active Iq Unified Manager
Aff A700sCloud Backup+7 more
Nov 21, 2024
Apr 29, 2020
N/A· v4
6.7 MEDIUM· v3
7.2 HIGH· v2
usb_sg_cancel in drivers/usb/core/message.c in the Linux kernel before 5.6.8 has a use-after-free because a transfer occurs without a reference, aka CID-056ad39ee925.