Vulnerabilities > Netapp > Clustered Data Ontap

DATE CVE VULNERABILITY TITLE RISK
2021-06-04 CVE-2020-7469 Use After Free vulnerability in multiple products
In FreeBSD 12.2-STABLE before r367402, 11.4-STABLE before r368202, 12.2-RELEASE before p1, 12.1-RELEASE before p11 and 11.4-RELEASE before p5 the handler for a routing option caches a pointer into the packet buffer holding the ICMPv6 message.
network
low complexity
freebsd netapp CWE-416
7.5
2021-06-04 CVE-2021-26994 Unspecified vulnerability in Netapp Clustered Data Ontap
Clustered Data ONTAP versions prior to 9.7P13 and 9.8P3 are susceptible to a vulnerability which could allow single workloads to cause a Denial of Service (DoS) on a cluster node.
network
low complexity
netapp
6.5
2021-06-01 CVE-2021-3516 Use After Free vulnerability in multiple products
There's a flaw in libxml2's xmllint in versions before 2.9.11.
7.8
2021-05-19 CVE-2021-3517 Out-of-bounds Write vulnerability in multiple products
There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11.
8.6
2021-05-18 CVE-2021-3518 Use After Free vulnerability in multiple products
There's a flaw in libxml2 in versions before 2.9.11.
8.8
2021-05-14 CVE-2021-3537 NULL Pointer Dereference vulnerability in multiple products
A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference.
5.9
2021-02-15 CVE-2021-21702 NULL Pointer Dereference vulnerability in multiple products
In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to connect to a SOAP server, a malicious SOAP server could return malformed XML data as a response that would cause PHP to access a null pointer and thus cause a crash.
network
low complexity
php debian netapp oracle CWE-476
7.5
2021-02-15 CVE-2020-7071 Improper Input Validation vulnerability in multiple products
In PHP versions 7.3.x below 7.3.26, 7.4.x below 7.4.14 and 8.0.0, when validating URL with functions like filter_var($url, FILTER_VALIDATE_URL), PHP will accept an URL with invalid password as valid URL.
network
low complexity
php debian netapp CWE-20
5.3
2021-02-08 CVE-2020-8590 Unspecified vulnerability in Netapp Clustered Data Ontap
Clustered Data ONTAP versions prior to 9.1P18 and 9.3P12 are susceptible to a vulnerability which could allow an attacker to discover node names via AutoSupport bundles even when the –remove-private-data parameter is set to true.
local
low complexity
netapp
3.3
2021-02-08 CVE-2020-8578 Unspecified vulnerability in Netapp Clustered Data Ontap
Clustered Data ONTAP versions prior to 9.3P20 are susceptible to a vulnerability which could allow an attacker to discover node names via AutoSupport bundles even when the –remove-private-data parameter is set to true.
local
low complexity
netapp
3.3