Vulnerabilities > Netapp > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-06-11 CVE-2021-22897 Exposure of Resource to Wrong Sphere vulnerability in multiple products
curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library.
network
low complexity
haxx oracle netapp siemens splunk CWE-668
5.3
2021-06-11 CVE-2021-26993 Unspecified vulnerability in Netapp E-Series Santricity OS Controller
E-Series SANtricity OS Controller Software 11.x versions prior to 11.70.1 are susceptible to a vulnerability which when successfully exploited could allow a remote attacker to cause a partial Denial of Service (DoS) to the web server.
network
low complexity
netapp
5.0
2021-06-11 CVE-2021-26995 Unspecified vulnerability in Netapp E-Series Santricity OS Controller
E-Series SANtricity OS Controller Software 11.x versions prior to 11.70.1 are susceptible to a vulnerability which when successfully exploited could allow privileged attackers to execute arbitrary code.
network
low complexity
netapp
6.5
2021-06-11 CVE-2021-26996 Unspecified vulnerability in Netapp E-Series Santricity OS Controller
E-Series SANtricity OS Controller Software 11.x versions prior to 11.70.1 are susceptible to a vulnerability which when successfully exploited could allow a remote attacker to discover system configuration and application information which may aid in crafting more complex attacks.
network
low complexity
netapp
5.0
2021-06-11 CVE-2021-26997 Information Exposure Through an Error Message vulnerability in Netapp E-Series Santricity OS Controller
E-Series SANtricity OS Controller Software 11.x versions prior to 11.70.1 are susceptible to a vulnerability which when successfully exploited could allow a remote attacker to discover information via error messaging which may aid in crafting more complex attacks.
network
low complexity
netapp CWE-209
4.0
2021-06-10 CVE-2021-20293 Cross-site Scripting vulnerability in multiple products
A reflected Cross-Site Scripting (XSS) flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final, where it did not properly handle URL encoding when calling @javax.ws.rs.PathParam without any @Produces MediaType.
network
redhat netapp CWE-79
4.3
2021-06-10 CVE-2020-13938 Missing Authorization vulnerability in multiple products
Apache HTTP Server versions 2.4.0 to 2.4.46 Unprivileged local users can stop httpd on Windows
local
low complexity
apache mcafee netapp CWE-862
5.5
2021-06-09 CVE-2020-12357 Improper Initialization vulnerability in multiple products
Improper initialization in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.
local
low complexity
intel netapp siemens CWE-665
4.6
2021-06-09 CVE-2020-12359 Insufficient control flow management in the firmware for some Intel(R) Processors may allow an unauthenticated user to potentially enable escalation of privilege via physical access.
local
low complexity
intel netapp
4.6
2021-06-09 CVE-2020-12360 Out-of-bounds Read vulnerability in multiple products
Out of bounds read in the firmware for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access.
local
low complexity
intel netapp siemens CWE-125
4.6