Vulnerabilities > Netapp

DATE CVE VULNERABILITY TITLE RISK
2021-01-28 CVE-2020-8585 Link Following vulnerability in Netapp Oncommand Unified Manager
OnCommand Unified Manager Core Package versions prior to 5.2.5 may disclose sensitive account information to unauthorized users via the use of PuTTY Link (plink).
local
low complexity
netapp CWE-59
2.1
2021-01-27 CVE-2021-3326 Reachable Assertion vulnerability in multiple products
The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.
network
low complexity
gnu netapp oracle fujitsu debian CWE-617
7.5
2021-01-27 CVE-2021-26118 While investigating ARTEMIS-2964 it was found that the creation of advisory messages in the OpenWire protocol head of Apache ActiveMQ Artemis 2.15.0 bypassed policy based access control for the entire session.
network
low complexity
apache netapp
7.5
2021-01-27 CVE-2021-26117 Improper Authentication vulnerability in multiple products
The optional ActiveMQ LDAP login module can be configured to use anonymous access to the LDAP server.
network
low complexity
apache netapp debian oracle CWE-287
7.5
2021-01-26 CVE-2021-3156 Off-by-one Error vulnerability in multiple products
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
7.8
2021-01-26 CVE-2021-3115 Uncontrolled Search Path Element vulnerability in multiple products
Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the "go get" command to fetch modules that make use of cgo (for example, cgo can execute a gcc program from an untrusted download).
network
high complexity
golang fedoraproject netapp CWE-427
7.5
2021-01-26 CVE-2021-3114 Incorrect Calculation vulnerability in multiple products
In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs, related to an underflow of the lowest limb during the final complete reduction in the P-224 field.
network
low complexity
golang fedoraproject debian netapp CWE-682
6.5
2021-01-25 CVE-2021-23901 XXE vulnerability in multiple products
An XML external entity (XXE) injection vulnerability was discovered in the Nutch DmozParser and is known to affect Nutch versions < 1.18.
network
low complexity
apache netapp CWE-611
critical
9.1
2021-01-20 CVE-2021-2122 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL).
network
low complexity
oracle netapp
6.8
2021-01-20 CVE-2021-2088 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML).
local
low complexity
oracle netapp
4.9