Vulnerabilities > Netapp > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-08-31 CVE-2021-3634 Out-of-bounds Write vulnerability in multiple products
A flaw has been found in libssh in versions prior to 0.9.6.
6.5
2021-08-23 CVE-2021-39140 Infinite Loop vulnerability in multiple products
XStream is a simple library to serialize objects to XML and back again.
6.3
2021-08-16 CVE-2021-22939 Improper Certificate Validation vulnerability in multiple products
If the Node.js https API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error was returned and connections to servers with an expired certificate would have been accepted.
network
low complexity
nodejs oracle netapp siemens debian CWE-295
5.3
2021-08-08 CVE-2021-38202 Out-of-bounds Read vulnerability in multiple products
fs/nfsd/trace.h in the Linux kernel before 5.13.4 might allow remote attackers to cause a denial of service (out-of-bounds read in strlen) by sending NFS traffic when the trace event framework is being used for nfsd.
network
low complexity
linux netapp CWE-125
5.0
2021-08-06 CVE-2021-26998 Information Exposure vulnerability in Netapp Cloud Manager
NetApp Cloud Manager versions prior to 3.9.9 log sensitive information that is available only to authenticated users.
network
low complexity
netapp CWE-200
4.0
2021-08-06 CVE-2021-26999 Information Exposure vulnerability in Netapp Cloud Manager
NetApp Cloud Manager versions prior to 3.9.9 log sensitive information when an Active Directory connection fails.
network
low complexity
netapp CWE-200
4.0
2021-08-05 CVE-2021-22922 Improper Handling of Exceptional Conditions vulnerability in multiple products
When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the client how to get the same contentfrom a set of different URLs, potentially hosted by different servers and theclient can then download the file from one or several of them.
6.5
2021-08-05 CVE-2021-22923 Insufficiently Protected Credentials vulnerability in multiple products
When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to each of the servers from which curl will download or try to download the contents from.
5.3
2021-08-05 CVE-2021-22925 Use of Uninitialized Resource vulnerability in multiple products
curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl.
5.3
2021-07-30 CVE-2021-37600 Integer Overflow or Wraparound vulnerability in multiple products
An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system resources in a way that leads to a large number in the /proc/sysvipc/sem file.
local
low complexity
kernel netapp CWE-190
5.5