Vulnerabilities > Netapp > Clustered Data Ontap

DATE CVE VULNERABILITY TITLE RISK
2021-02-03 CVE-2020-8589 Unspecified vulnerability in Netapp Clustered Data Ontap
Clustered Data ONTAP versions prior to 9.3P20 and 9.5P15 are susceptible to a vulnerability which could allow unauthorized tenant users to discover the names of other Storage Virtual Machines (SVMs) and filenames on those SVMs.
low complexity
netapp
2.7
2021-02-03 CVE-2020-8588 Unspecified vulnerability in Netapp Clustered Data Ontap
Clustered Data ONTAP versions prior to 9.3P20 and 9.5P15 are susceptible to a vulnerability which could allow unauthorized tenant users to discover the existence of data on other Storage Virtual Machines (SVMs).
low complexity
netapp
2.7
2021-01-19 CVE-2020-8581 Incorrect Authorization vulnerability in Netapp Clustered Data Ontap
Clustered Data ONTAP versions prior to 9.3P20 and 9.5 are susceptible to a vulnerability which could allow an authenticated but unauthorized attacker to overwrite arbitrary data when VMware vStorage support is enabled.
network
netapp CWE-863
3.5
2020-12-14 CVE-2020-8286 Improper Certificate Validation vulnerability in multiple products
curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response.
7.5
2020-12-14 CVE-2020-8285 Uncontrolled Recursion vulnerability in multiple products
curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing.
7.5
2020-12-14 CVE-2020-8284 A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions. 3.7
2020-11-12 CVE-2020-8698 Exposure of Resource to Wrong Sphere vulnerability in multiple products
Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
5.5
2020-11-12 CVE-2020-8696 Improper Cross-boundary Removal of Sensitive Data vulnerability in multiple products
Improper removal of sensitive information before storage or transfer in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
local
low complexity
intel netapp fedoraproject debian CWE-212
5.5
2020-11-12 CVE-2020-0590 Improper Input Validation vulnerability in multiple products
Improper input validation in BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access.
local
low complexity
intel netapp siemens CWE-20
7.8
2020-10-27 CVE-2020-8579 Unspecified vulnerability in Netapp Clustered Data Ontap 9.7
Clustered Data ONTAP versions 9.7 through 9.7P7 are susceptible to a vulnerability which allows an attacker with access to an intercluster LIF to cause a Denial of Service (DoS).
network
low complexity
netapp
5.0