Vulnerabilities > Netapp

DATE CVE VULNERABILITY TITLE RISK
2021-10-19 CVE-2021-37137 Resource Exhaustion vulnerability in multiple products
The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage.
network
low complexity
netty oracle quarkus netapp debian CWE-400
7.5
2021-10-19 CVE-2021-27001 Unspecified vulnerability in Netapp Clustered Data Ontap
Clustered Data ONTAP versions 9.x prior to 9.5P18, 9.6P16, 9.7P16, 9.8P7 and 9.9.1P2 are susceptible to a vulnerability which could allow an authenticated privileged local attacker to arbitrarily modify Compliance-mode WORM data prior to the end of the retention period.
local
low complexity
netapp
5.5
2021-10-15 CVE-2020-4951 Information Exposure vulnerability in multiple products
IBM Cognos Analytics 11.1.7 and 11.2.0 contains locally cached browser data, that could allow a local attacker to obtain sensitive information.
local
low complexity
ibm netapp CWE-200
3.3
2021-10-15 CVE-2021-29679 Code Injection vulnerability in multiple products
IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated user to execute code remotely due to incorrectly neutralizaing user-contrlled input that could be interpreted a a server-side include (SSI) directive.
network
low complexity
ibm netapp CWE-94
8.8
2021-10-15 CVE-2021-29745 IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to priviledge escalation where a lower evel user could have access to the 'New Job' page to which they should not have access to.
network
low complexity
ibm netapp
8.8
2021-10-14 CVE-2021-42340 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak.
network
low complexity
apache netapp debian oracle CWE-772
7.5
2021-10-12 CVE-2021-27003 Improper Restriction of Rendered UI Layers or Frames vulnerability in Netapp Clustered Data Ontap
Clustered Data ONTAP versions prior to 9.5P18, 9.6P15, 9.7P14, 9.8P5 and 9.9.1 are missing an X-Frame-Options header which could allow a clickjacking attack.
network
low complexity
netapp CWE-1021
4.7
2021-10-12 CVE-2021-3671 NULL Pointer Dereference vulnerability in multiple products
A null pointer de-reference was found in the way samba kerberos server handled missing sname in TGS-REQ (Ticket Granting Server - Request).
network
low complexity
samba debian netapp CWE-476
6.5
2021-10-11 CVE-2021-42252 An issue was discovered in aspeed_lpc_ctrl_mmap in drivers/soc/aspeed/aspeed-lpc-ctrl.c in the Linux kernel before 5.14.6.
local
low complexity
linux netapp
7.8
2021-10-11 CVE-2021-27002 Unspecified vulnerability in Netapp Cloud Manager
NetApp Cloud Manager versions prior to 3.9.10 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to retrieve sensitive data via the web proxy.
network
low complexity
netapp
7.5