Netapp

Clustered Data Ontap

45 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
3.5

CVE-2020-8589

  • EPSS 0.09%
  • Veröffentlicht 03.02.2021 18:15:16
  • Zuletzt bearbeitet 21.11.2024 05:39:05

Clustered Data ONTAP versions prior to 9.3P20 and 9.5P15 are susceptible to a vulnerability which could allow unauthorized tenant users to discover the names of other Storage Virtual Machines (SVMs) and filenames on those SVMs.

7.5

CVE-2020-11868

  • EPSS 0.9%
  • Veröffentlicht 17.04.2020 04:15:10
  • Zuletzt bearbeitet 05.05.2025 17:15:57

ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packet lacks a vali...

7.5

CVE-2019-5508

  • EPSS 0.54%
  • Veröffentlicht 25.10.2019 19:15:14
  • Zuletzt bearbeitet 21.11.2024 04:45:04

Clustered Data ONTAP versions 9.2 through 9.4 are susceptible to a vulnerability which allows an attacker to use l2ping to cause a Denial of Service (DoS).

5.9

CVE-2019-5506

  • EPSS 0.2%
  • Veröffentlicht 09.10.2019 19:15:14
  • Zuletzt bearbeitet 21.11.2024 04:45:04

Clustered Data ONTAP versions 9.0 and higher do not enforce hostname verification under certain circumstances making them susceptible to impersonation via man-in-the-middle attacks.

6.1

CVE-2019-10092

Exploit
  • EPSS 82.38%
  • Veröffentlicht 26.09.2019 16:15:10
  • Zuletzt bearbeitet 21.11.2024 04:18:23

In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only ...

9.8

CVE-2019-5497

  • EPSS 0.96%
  • Veröffentlicht 01.07.2019 21:15:11
  • Zuletzt bearbeitet 21.11.2024 04:45:03

NetApp AFF A700s Baseboard Management Controller (BMC) firmware versions 1.22 and higher were shipped with a default account enabled that could allow unauthorized arbitrary command execution.

7.5

CVE-2019-8936

Exploit
  • EPSS 8.16%
  • Veröffentlicht 15.05.2019 16:29:01
  • Zuletzt bearbeitet 21.11.2024 04:50:41

NTP through 4.2.8p12 has a NULL Pointer Dereference.

7.5

CVE-2019-0217

  • EPSS 34.78%
  • Veröffentlicht 08.04.2019 21:29:00
  • Zuletzt bearbeitet 21.11.2024 04:16:30

In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictio...

7.5

CVE-2019-3823

Exploit
  • EPSS 2.1%
  • Veröffentlicht 06.02.2019 20:29:00
  • Zuletzt bearbeitet 21.11.2024 04:42:37

libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to `smtp_endofresp()` isn't NUL terminated and contains no character ending the parsed n...

7.5

CVE-2018-16890

  • EPSS 1.42%
  • Veröffentlicht 06.02.2019 20:29:00
  • Zuletzt bearbeitet 21.11.2024 03:53:32

libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subjec...