Vulnerabilities > Netapp > Clustered Data Ontap > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-10-02 | CVE-2020-7069 | Inadequate Encryption Strength vulnerability in multiple products In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. | 6.5 |
2020-09-04 | CVE-2020-24977 | Out-of-bounds Read vulnerability in multiple products GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. | 6.5 |
2020-09-02 | CVE-2020-8576 | Incorrect Authorization vulnerability in Netapp Clustered Data Ontap 9.3/9.5/9.6 Clustered Data ONTAP versions prior to 9.3P19, 9.5P14, 9.6P9 and 9.7 are susceptible to a vulnerability which when successfully exploited could lead to addition or modification of data or disclosure of sensitive information. | 5.5 |
2020-06-15 | CVE-2020-14155 | Integer Overflow or Wraparound vulnerability in multiple products libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring. | 5.3 |
2020-06-04 | CVE-2020-13817 | Use of Insufficiently Random Values vulnerability in multiple products ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. | 5.8 |
2020-04-17 | CVE-2020-11868 | Origin Validation Error vulnerability in multiple products ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packet lacks a valid origin timestamp. | 5.0 |
2019-10-25 | CVE-2019-5508 | Unspecified vulnerability in Netapp Clustered Data Ontap 9.2/9.3/9.4 Clustered Data ONTAP versions 9.2 through 9.4 are susceptible to a vulnerability which allows an attacker to use l2ping to cause a Denial of Service (DoS). | 5.0 |
2019-10-09 | CVE-2019-5506 | Improper Certificate Validation vulnerability in Netapp Clustered Data Ontap Clustered Data ONTAP versions 9.0 and higher do not enforce hostname verification under certain circumstances making them susceptible to impersonation via man-in-the-middle attacks. | 4.3 |
2019-09-26 | CVE-2019-10092 | Cross-site Scripting vulnerability in multiple products In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. | 6.1 |
2019-07-01 | CVE-2019-13118 | Type Confusion vulnerability in multiple products In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data. | 5.3 |