Vulnerabilities > Netapp > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-10-12 CVE-2021-27003 Improper Restriction of Rendered UI Layers or Frames vulnerability in Netapp Clustered Data Ontap
Clustered Data ONTAP versions prior to 9.5P18, 9.6P15, 9.7P14, 9.8P5 and 9.9.1 are missing an X-Frame-Options header which could allow a clickjacking attack.
network
netapp CWE-1021
4.3
2021-10-12 CVE-2021-3671 NULL Pointer Dereference vulnerability in multiple products
A null pointer de-reference was found in the way samba kerberos server handled missing sname in TGS-REQ (Ticket Granting Server - Request).
network
low complexity
samba debian netapp CWE-476
6.5
2021-10-11 CVE-2021-42252 An issue was discovered in aspeed_lpc_ctrl_mmap in drivers/soc/aspeed/aspeed-lpc-ctrl.c in the Linux kernel before 5.14.6.
local
low complexity
linux netapp
4.6
2021-10-11 CVE-2021-27002 Unspecified vulnerability in Netapp Cloud Manager
NetApp Cloud Manager versions prior to 3.9.10 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to retrieve sensitive data via the web proxy.
network
low complexity
netapp
5.0
2021-10-04 CVE-2021-32672 Out-of-bounds Read vulnerability in multiple products
Redis is an open source, in-memory database that persists on disk.
4.3
2021-10-04 CVE-2021-21704 Out-of-bounds Write vulnerability in multiple products
In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using Firebird PDO driver extension, a malicious database server could cause crashes in various database functions, such as getAttribute(), execute(), fetch() and others by returning invalid response data that is not parsed correctly by the driver.
network
high complexity
php netapp CWE-787
5.9
2021-10-04 CVE-2021-21705 Improper Input Validation vulnerability in multiple products
In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using URL validation functionality via filter_var() function with FILTER_VALIDATE_URL parameter, an URL with invalid password field can be accepted as valid.
network
low complexity
php netapp oracle CWE-20
5.3
2021-09-29 CVE-2021-22947 Insufficient Verification of Data Authenticity vulnerability in multiple products
When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches.
5.9
2021-09-15 CVE-2016-20012 OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct.
network
low complexity
openbsd netapp
5.3
2021-09-09 CVE-2020-19144 Out-of-bounds Write vulnerability in multiple products
Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the 'in _TIFFmemcpy' funtion in the component 'tif_unix.c'.
4.3