Vulnerabilities > Netapp > Clustered Data Ontap

DATE CVE VULNERABILITY TITLE RISK
2019-08-30 CVE-2019-5611 Improper Input Validation vulnerability in multiple products
In FreeBSD 12.0-STABLE before r350828, 12.0-RELEASE before 12.0-RELEASE-p10, 11.3-STABLE before r350829, 11.3-RELEASE before 11.3-RELEASE-p3, and 11.2-RELEASE before 11.2-RELEASE-p14, a missing check in the function to arrange data in a chain of mbufs could cause data returned not to be contiguous.
network
low complexity
freebsd netapp CWE-20
7.5
2019-08-30 CVE-2019-5610 Out-of-bounds Read vulnerability in multiple products
In FreeBSD 12.0-STABLE before r350637, 12.0-RELEASE before 12.0-RELEASE-p9, 11.3-STABLE before r350638, 11.3-RELEASE before 11.3-RELEASE-p2, and 11.2-RELEASE before 11.2-RELEASE-p13, the bsnmp library is not properly validating the submitted length from a type-length-value encoding.
network
low complexity
freebsd netapp CWE-125
7.5
2019-08-30 CVE-2019-5608 Out-of-bounds Write vulnerability in multiple products
In FreeBSD 12.0-STABLE before r350648, 12.0-RELEASE before 12.0-RELEASE-p9, 11.3-STABLE before r350650, 11.3-RELEASE before 11.3-RELEASE-p2, and 11.2-RELEASE before 11.2-RELEASE-p13, the ICMPv6 input path incorrectly handles cases where an MLDv2 listener query packet is internally fragmented across multiple mbufs.
network
low complexity
freebsd netapp CWE-787
critical
9.8
2019-08-13 CVE-2019-9517 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service.
7.5
2019-07-01 CVE-2019-5497 Insecure Default Initialization of Resource vulnerability in Netapp AFF A700S Firmware and Clustered Data Ontap
NetApp AFF A700s Baseboard Management Controller (BMC) firmware versions 1.22 and higher were shipped with a default account enabled that could allow unauthorized arbitrary command execution.
network
low complexity
netapp CWE-1188
7.5
2019-07-01 CVE-2019-13118 Type Confusion vulnerability in multiple products
In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data.
5.3
2019-05-15 CVE-2019-8936 NULL Pointer Dereference vulnerability in multiple products
NTP through 4.2.8p12 has a NULL Pointer Dereference.
network
low complexity
netapp fedoraproject opensuse hpe ntp CWE-476
7.5
2019-04-08 CVE-2019-0217 Race Condition vulnerability in multiple products
In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.
7.5
2019-03-21 CVE-2019-5490 Insecure Default Initialization of Resource vulnerability in Netapp Service Processor
Certain versions between 2.x to 5.x (refer to advisory) of the NetApp Service Processor firmware were shipped with a default account enabled that could allow unauthorized arbitrary command execution.
network
low complexity
netapp CWE-1188
critical
10.0
2019-02-27 CVE-2019-5491 Unspecified vulnerability in Netapp Clustered Data Ontap 9.0/9.1/9.3
Clustered Data ONTAP versions prior to 9.1P15 and 9.3 prior to 9.3P7 are susceptible to a vulnerability which discloses sensitive information to an unauthenticated user.
network
low complexity
netapp
5.0