Vulnerabilities > Netapp > Clustered Data Ontap > Low

DATE CVE VULNERABILITY TITLE RISK
2023-05-26 CVE-2023-28322 An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback.
network
high complexity
haxx fedoraproject apple netapp
3.7
2022-09-23 CVE-2022-35252 When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses.
network
high complexity
haxx netapp apple debian splunk
3.7
2021-10-19 CVE-2021-27001 Unspecified vulnerability in Netapp Clustered Data Ontap
Clustered Data ONTAP versions 9.x prior to 9.5P18, 9.6P16, 9.7P16, 9.8P7 and 9.9.1P2 are susceptible to a vulnerability which could allow an authenticated privileged local attacker to arbitrarily modify Compliance-mode WORM data prior to the end of the retention period.
local
low complexity
netapp
2.1
2021-08-05 CVE-2021-22924 Use of Incorrectly-Resolved Name or Reference vulnerability in multiple products
libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths *case insensitively*,which could lead to libcurl reusing wrong connections.File paths are, or can be, case sensitive on many systems but not all, and caneven vary depending on used file systems.The comparison also didn't include the 'issuer cert' which a transfer can setto qualify how to verify the server certificate.
3.7
2021-02-08 CVE-2020-8578 Unspecified vulnerability in Netapp Clustered Data Ontap
Clustered Data ONTAP versions prior to 9.3P20 are susceptible to a vulnerability which could allow an attacker to discover node names via AutoSupport bundles even when the –remove-private-data parameter is set to true.
local
low complexity
netapp
2.1
2021-02-08 CVE-2020-8590 Unspecified vulnerability in Netapp Clustered Data Ontap
Clustered Data ONTAP versions prior to 9.1P18 and 9.3P12 are susceptible to a vulnerability which could allow an attacker to discover node names via AutoSupport bundles even when the –remove-private-data parameter is set to true.
local
low complexity
netapp
2.1
2021-02-03 CVE-2020-8588 Unspecified vulnerability in Netapp Clustered Data Ontap
Clustered Data ONTAP versions prior to 9.3P20 and 9.5P15 are susceptible to a vulnerability which could allow unauthorized tenant users to discover the existence of data on other Storage Virtual Machines (SVMs).
low complexity
netapp
2.7
2021-02-03 CVE-2020-8589 Unspecified vulnerability in Netapp Clustered Data Ontap
Clustered Data ONTAP versions prior to 9.3P20 and 9.5P15 are susceptible to a vulnerability which could allow unauthorized tenant users to discover the names of other Storage Virtual Machines (SVMs) and filenames on those SVMs.
low complexity
netapp
2.7
2021-01-19 CVE-2020-8581 Incorrect Authorization vulnerability in Netapp Clustered Data Ontap
Clustered Data ONTAP versions prior to 9.3P20 and 9.5 are susceptible to a vulnerability which could allow an authenticated but unauthorized attacker to overwrite arbitrary data when VMware vStorage support is enabled.
network
netapp CWE-863
3.5
2020-12-14 CVE-2020-8284 A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions. 3.7