Vulnerabilities > Netapp > Clustered Data Ontap

DATE CVE VULNERABILITY TITLE RISK
2020-04-29 CVE-2019-5614 Improper Input Validation vulnerability in multiple products
In FreeBSD 12.1-STABLE before r356035, 12.1-RELEASE before 12.1-RELEASE-p4, 11.3-STABLE before r356036, and 11.3-RELEASE before 11.3-RELEASE-p8, incomplete packet data validation may result in accessing out-of-bounds memory leading to a kernel panic or other unpredictable results.
network
low complexity
freebsd netapp CWE-20
7.5
2020-04-29 CVE-2019-15874 Use After Free vulnerability in multiple products
In FreeBSD 12.1-STABLE before r356035, 12.1-RELEASE before 12.1-RELEASE-p4, 11.3-STABLE before r356036, and 11.3-RELEASE before 11.3-RELEASE-p8, incomplete packet data validation may result in memory access after it has been freed leading to a kernel panic or other unpredictable results.
network
low complexity
freebsd netapp CWE-416
7.5
2020-04-17 CVE-2020-11868 Origin Validation Error vulnerability in multiple products
ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packet lacks a valid origin timestamp.
network
low complexity
ntp redhat netapp debian opensuse CWE-346
5.0
2020-01-21 CVE-2020-7595 Infinite Loop vulnerability in multiple products
xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.
7.5
2020-01-21 CVE-2019-20388 Memory Leak vulnerability in multiple products
xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.
7.5
2019-12-24 CVE-2019-19956 Memory Leak vulnerability in multiple products
xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs.
7.5
2019-10-25 CVE-2019-5508 Unspecified vulnerability in Netapp Clustered Data Ontap 9.2/9.3/9.4
Clustered Data ONTAP versions 9.2 through 9.4 are susceptible to a vulnerability which allows an attacker to use l2ping to cause a Denial of Service (DoS).
network
low complexity
netapp
5.0
2019-10-09 CVE-2019-5506 Improper Certificate Validation vulnerability in Netapp Clustered Data Ontap
Clustered Data ONTAP versions 9.0 and higher do not enforce hostname verification under certain circumstances making them susceptible to impersonation via man-in-the-middle attacks.
network
netapp CWE-295
4.3
2019-09-26 CVE-2019-10092 Cross-site Scripting vulnerability in multiple products
In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page.
6.1
2019-08-30 CVE-2019-5612 Race Condition vulnerability in multiple products
In FreeBSD 12.0-STABLE before r351264, 12.0-RELEASE before 12.0-RELEASE-p10, 11.3-STABLE before r351265, 11.3-RELEASE before 11.3-RELEASE-p3, and 11.2-RELEASE before 11.2-RELEASE-p14, the kernel driver for /dev/midistat implements a read handler that is not thread-safe.
network
low complexity
freebsd netapp CWE-362
7.5