Vulnerabilities > Netapp > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-06-09 CVE-2020-8670 Race Condition vulnerability in multiple products
Race condition in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.
local
high complexity
intel siemens netapp CWE-362
6.4
2021-06-09 CVE-2020-8700 Improper Input Validation vulnerability in multiple products
Improper input validation in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.
local
low complexity
intel netapp CWE-20
6.7
2021-06-09 CVE-2020-8703 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Improper buffer restrictions in a subsystem in the Intel(R) CSME versions before 11.8.86, 11.12.86, 11.22.86, 12.0.81, 13.0.47, 13.30.17, 14.1.53, 14.5.32 and 15.0.22 may allow a privileged user to potentially enable escalation of privilege via local access.
local
low complexity
intel netapp siemens CWE-119
6.7
2021-06-09 CVE-2021-28169 For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory.
network
low complexity
eclipse debian oracle netapp
5.3
2021-06-08 CVE-2021-31807 Integer Overflow or Wraparound vulnerability in multiple products
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6.
network
low complexity
squid-cache fedoraproject netapp CWE-190
6.5
2021-06-04 CVE-2021-26994 Unspecified vulnerability in Netapp Clustered Data Ontap
Clustered Data ONTAP versions prior to 9.7P13 and 9.8P3 are susceptible to a vulnerability which could allow single workloads to cause a Denial of Service (DoS) on a cluster node.
network
low complexity
netapp
6.5
2021-06-02 CVE-2021-3522 Out-of-bounds Read vulnerability in multiple products
GStreamer before 1.18.4 may perform an out-of-bounds read when handling certain ID3v2 tags.
local
low complexity
gstreamer-project netapp oracle CWE-125
5.5
2021-06-01 CVE-2019-4471 Missing Encryption of Sensitive Data vulnerability in multiple products
IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for a sensitive cookie in an HTTPS session.
network
low complexity
ibm netapp CWE-311
6.5
2021-06-01 CVE-2019-4653 Cross-site Scripting vulnerability in multiple products
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting.
network
low complexity
ibm netapp CWE-79
5.4
2021-06-01 CVE-2019-4722 Improper Handling of Exceptional Conditions vulnerability in multiple products
IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information via a stack trace due to mishandling of certain error conditions.
network
low complexity
ibm netapp CWE-755
4.3