Vulnerabilities > Netapp

DATE CVE VULNERABILITY TITLE RISK
2020-09-04 CVE-2020-24977 Out-of-bounds Read vulnerability in multiple products
GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c.
6.5
2020-09-02 CVE-2020-8576 Incorrect Authorization vulnerability in Netapp Clustered Data Ontap 9.3/9.5/9.6
Clustered Data ONTAP versions prior to 9.3P19, 9.5P14, 9.6P9 and 9.7 are susceptible to a vulnerability which when successfully exploited could lead to addition or modification of data or disclosure of sensitive information.
network
low complexity
netapp CWE-863
5.5
2020-09-01 CVE-2020-13946 Exposure of Resource to Wrong Sphere vulnerability in multiple products
In Apache Cassandra, all versions prior to 2.1.22, 2.2.18, 3.0.22, 3.11.8 and 4.0-beta2, it is possible for a local attacker without access to the Apache Cassandra process or configuration files to manipulate the RMI registry to perform a man-in-the-middle attack and capture user names and passwords used to access the JMX interface.
network
high complexity
apache netapp CWE-668
5.9
2020-08-25 CVE-2020-24616 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).
network
high complexity
fasterxml netapp oracle debian CWE-502
8.1
2020-08-21 CVE-2020-8624 Improper Privilege Management vulnerability in multiple products
In BIND 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 -> 9.11.21, 9.12.1 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.12-S1 -> 9.9.13-S1, 9.11.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker who has been granted privileges to change a specific subset of the zone's content could abuse these unintended additional privileges to update other contents of the zone.
4.3
2020-08-21 CVE-2020-8623 Reachable Assertion vulnerability in multiple products
In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.10.5-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted query packet can trigger a crash.
7.5
2020-08-21 CVE-2020-8622 Reachable Assertion vulnerability in multiple products
In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a truncated response to that request, triggering an assertion failure, causing the server to exit.
6.5
2020-08-21 CVE-2020-8621 Reachable Assertion vulnerability in multiple products
In BIND 9.14.0 -> 9.16.5, 9.17.0 -> 9.17.3, If a server is configured with both QNAME minimization and 'forward first' then an attacker who can send queries to it may be able to trigger the condition that will cause the server to crash.
4.3
2020-08-21 CVE-2020-8620 Reachable Assertion vulnerability in multiple products
In BIND 9.15.6 -> 9.16.5, 9.17.0 -> 9.17.3, An attacker who can establish a TCP connection with the server and send data on that connection can exploit this to trigger the assertion failure, causing the server to exit.
network
low complexity
isc opensuse netapp canonical CWE-617
5.0
2020-08-20 CVE-2020-15862 Improper Privilege Management vulnerability in multiple products
Net-SNMP through 5.8 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability to run arbitrary commands as root.
local
low complexity
net-snmp canonical netapp CWE-269
7.8