Vulnerabilities > Netapp > Clustered Data Ontap > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-07-09 CVE-2021-3541 XML Entity Expansion vulnerability in multiple products
A flaw was found in libxml2.
network
low complexity
xmlsoft redhat oracle netapp CWE-776
4.0
2021-06-04 CVE-2020-7469 Use After Free vulnerability in multiple products
In FreeBSD 12.2-STABLE before r367402, 11.4-STABLE before r368202, 12.2-RELEASE before p1, 12.1-RELEASE before p11 and 11.4-RELEASE before p5 the handler for a routing option caches a pointer into the packet buffer holding the ICMPv6 message.
network
low complexity
freebsd netapp CWE-416
5.0
2021-06-04 CVE-2021-26994 Unspecified vulnerability in Netapp Clustered Data Ontap
Clustered Data ONTAP versions prior to 9.7P13 and 9.8P3 are susceptible to a vulnerability which could allow single workloads to cause a Denial of Service (DoS) on a cluster node.
network
low complexity
netapp
4.0
2021-05-14 CVE-2021-3537 NULL Pointer Dereference vulnerability in multiple products
A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference.
5.9
2021-02-15 CVE-2021-21702 NULL Pointer Dereference vulnerability in multiple products
In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to connect to a SOAP server, a malicious SOAP server could return malformed XML data as a response that would cause PHP to access a null pointer and thus cause a crash.
network
low complexity
php debian netapp oracle CWE-476
5.0
2021-02-15 CVE-2020-7071 Improper Input Validation vulnerability in multiple products
In PHP versions 7.3.x below 7.3.26, 7.4.x below 7.4.14 and 8.0.0, when validating URL with functions like filter_var($url, FILTER_VALIDATE_URL), PHP will accept an URL with invalid password as valid URL.
network
low complexity
php debian netapp CWE-20
5.0
2020-11-12 CVE-2020-8698 Exposure of Resource to Wrong Sphere vulnerability in multiple products
Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
5.5
2020-11-12 CVE-2020-8696 Improper Cross-boundary Removal of Sensitive Data vulnerability in multiple products
Improper removal of sensitive information before storage or transfer in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
local
low complexity
intel netapp fedoraproject debian CWE-212
5.5
2020-10-27 CVE-2020-8579 Unspecified vulnerability in Netapp Clustered Data Ontap 9.7
Clustered Data ONTAP versions 9.7 through 9.7P7 are susceptible to a vulnerability which allows an attacker with access to an intercluster LIF to cause a Denial of Service (DoS).
network
low complexity
netapp
5.0
2020-10-02 CVE-2020-7070 Reliance on Cookies without Validation and Integrity Checking vulnerability in multiple products
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded.
5.3