Vulnerabilities > Netapp > High

DATE CVE VULNERABILITY TITLE RISK
2020-03-13 CVE-2020-8571 Unspecified vulnerability in Netapp Storagegrid
StorageGRID (formerly StorageGRID Webscale) versions 10.0.0 through 11.3 prior to 11.2.0.8 and 11.3.0.4 are susceptible to a vulnerability which allows an unauthenticated remote attacker to cause a Denial of Service (DoS).
network
low complexity
netapp
7.5
2020-03-05 CVE-2020-9402 SQL Injection vulnerability in multiple products
Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allows SQL Injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle.
8.8
2020-02-26 CVE-2019-17274 Insecure Default Initialization of Resource vulnerability in Netapp products
NetApp FAS 8300/8700 and AFF A400 Baseboard Management Controller (BMC) firmware versions 13.x prior to 13.1P1 were shipped with a default account enabled that could allow unauthorized arbitrary command execution via local access.
local
low complexity
netapp CWE-1188
7.8
2020-02-25 CVE-2020-9383 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in the Linux kernel 3.16 through 5.5.6.
local
low complexity
linux debian opensuse canonical netapp CWE-125
7.1
2020-02-21 CVE-2020-9327 NULL Pointer Dereference vulnerability in multiple products
In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations.
network
low complexity
sqlite netapp canonical siemens oracle CWE-476
7.5
2020-02-19 CVE-2020-4135 IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow an unauthenticated user to send specially crafted packets to cause a denial of service from excessive memory usage.
network
low complexity
ibm netapp
7.5
2020-02-06 CVE-2020-8648 Use After Free vulnerability in multiple products
There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common function in drivers/tty/n_tty.c.
7.1
2020-02-04 CVE-2019-9674 Resource Exhaustion vulnerability in multiple products
Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb.
network
low complexity
python canonical netapp CWE-400
7.5
2020-01-31 CVE-2013-3322 OS Command Injection vulnerability in Netapp Oncommand System Manager 2.0.2/2.1
NetApp OnCommand System Manager 2.1 and earlier allows remote attackers to inject arbitrary commands in the Halt/Reboot interface.
network
low complexity
netapp CWE-78
7.2
2020-01-29 CVE-2013-3321 Inclusion of Functionality from Untrusted Control Sphere vulnerability in Netapp Oncommand System Manager 2.0.2/2.1
NetApp OnCommand System Manager 2.1 and earlier allows remote attackers to include arbitrary files through specially crafted requests to the "diagnostic" page using the SnapMirror log path parameter.
network
high complexity
netapp CWE-829
7.5