Vulnerabilities > Netapp > Data Ontap > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-03-04 CVE-2021-26989 Unspecified vulnerability in Netapp Data Ontap
Clustered Data ONTAP versions prior to 9.3P21, 9.5P16, 9.6P12, 9.7P9 and 9.8 are susceptible to a vulnerability which could allow a remote authenticated attacker to cause a Denial of Service (DoS) on clustered Data ONTAP configured for SMB access.
network
low complexity
netapp
6.5
2020-12-08 CVE-2020-1971 NULL Pointer Dereference vulnerability in multiple products
The X.509 GeneralName type is a generic type for representing different types of names.
5.9
2018-12-04 CVE-2018-5496 Information Exposure vulnerability in Netapp Data Ontap
Data ONTAP operating in 7-Mode versions prior to 8.2.5P2 are susceptible to a vulnerability which discloses sensitive information to an unauthorized user.
local
low complexity
netapp CWE-200
4.4
2018-10-23 CVE-2018-18607 NULL Pointer Dereference vulnerability in multiple products
An issue was discovered in elf_link_input_bfd in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31.
local
low complexity
gnu debian netapp CWE-476
5.5
2018-10-23 CVE-2018-18606 NULL Pointer Dereference vulnerability in multiple products
An issue was discovered in the merge_strings function in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31.
local
low complexity
gnu debian netapp CWE-476
5.5
2018-10-23 CVE-2018-18605 Out-of-bounds Read vulnerability in multiple products
A heap-based buffer over-read issue was discovered in the function sec_merge_hash_lookup in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, because _bfd_add_merge_section mishandles section merges when size is not a multiple of entsize.
local
low complexity
gnu debian netapp CWE-125
5.5
2018-10-08 CVE-2018-18065 NULL Pointer Dereference vulnerability in multiple products
_set_key in agent/helpers/table_container.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.
6.5
2018-08-17 CVE-2018-15473 Race Condition vulnerability in multiple products
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.
5.3
2017-09-01 CVE-2016-1895 Use of Externally-Controlled Format String vulnerability in Netapp Data Ontap
NetApp Data ONTAP before 8.2.5 and 8.3.x before 8.3.2P12 allow remote authenticated users to cause a denial of service via vectors related to unsafe user input string handling.
network
low complexity
netapp CWE-134
6.5
2017-08-18 CVE-2017-12859 Improper Input Validation vulnerability in Netapp Data Ontap
NetApp Data ONTAP before 8.2.5, when operating in 7-Mode in NFS environments, allows remote attackers to cause a denial of service via unspecified vectors.
network
high complexity
netapp CWE-20
5.9