Vulnerabilities > Netapp > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-08-06 CVE-2021-26998 Information Exposure Through Log Files vulnerability in Netapp Cloud Manager
NetApp Cloud Manager versions prior to 3.9.9 log sensitive information that is available only to authenticated users.
network
low complexity
netapp CWE-532
4.3
2021-08-06 CVE-2021-26999 Information Exposure Through Log Files vulnerability in Netapp Cloud Manager
NetApp Cloud Manager versions prior to 3.9.9 log sensitive information when an Active Directory connection fails.
network
low complexity
netapp CWE-532
4.3
2021-08-05 CVE-2021-22922 Improper Handling of Exceptional Conditions vulnerability in multiple products
When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the client how to get the same contentfrom a set of different URLs, potentially hosted by different servers and theclient can then download the file from one or several of them.
6.5
2021-08-05 CVE-2021-22923 Insufficiently Protected Credentials vulnerability in multiple products
When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to each of the servers from which curl will download or try to download the contents from.
5.3
2021-08-05 CVE-2021-22925 Use of Uninitialized Resource vulnerability in multiple products
curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl.
5.3
2021-07-30 CVE-2021-37600 Integer Overflow or Wraparound vulnerability in multiple products
An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system resources in a way that leads to a large number in the /proc/sysvipc/sem file.
local
low complexity
kernel netapp CWE-190
5.5
2021-07-20 CVE-2021-33910 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash.
5.5
2021-07-19 CVE-2021-35043 Cross-site Scripting vulnerability in multiple products
OWASP AntiSamy before 1.6.4 allows XSS via HTML attributes when using the HTML output serializer (XHTML is not affected).
network
low complexity
antisamy-project oracle netapp CWE-79
6.1
2021-07-15 CVE-2021-34429 For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints.
network
low complexity
eclipse netapp oracle
5.3
2021-07-15 CVE-2021-34558 Improper Certificate Validation vulnerability in multiple products
The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic.
network
low complexity
golang fedoraproject netapp oracle CWE-295
6.5