Filtered by vendor Netapp
Subscriptions
Total
2495 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-8585 | 1 Netapp | 1 Oncommand Unified Manager | 2024-11-21 | 5.5 Medium |
| OnCommand Unified Manager Core Package versions prior to 5.2.5 may disclose sensitive account information to unauthorized users via the use of PuTTY Link (plink). | ||||
| CVE-2020-8584 | 1 Netapp | 4 Element Os, Hci Management Node, Hci Storage Node and 1 more | 2024-11-21 | 9.8 Critical |
| Element OS versions prior to 1.8P1 and 12.2 are susceptible to a vulnerability that could allow an unauthenticated remote attacker to perform arbitrary code execution. | ||||
| CVE-2020-8583 | 1 Netapp | 2 Element Os, Hci | 2024-11-21 | 7.5 High |
| Element Software versions prior to 12.2 and HCI versions prior to 1.8P1 are susceptible to a vulnerability which could allow an attacker to discover sensitive information by intercepting its transmission within an https session. | ||||
| CVE-2020-8582 | 1 Netapp | 2 Element Os, Hci | 2024-11-21 | 6.5 Medium |
| Element Software versions prior to 12.2 and HCI versions prior to 1.8P1 are susceptible to a vulnerability which could allow an authenticated user to view sensitive information. | ||||
| CVE-2020-8581 | 1 Netapp | 1 Clustered Data Ontap | 2024-11-21 | 6.5 Medium |
| Clustered Data ONTAP versions prior to 9.3P20 and 9.5 are susceptible to a vulnerability which could allow an authenticated but unauthorized attacker to overwrite arbitrary data when VMware vStorage support is enabled. | ||||
| CVE-2020-8580 | 1 Netapp | 1 E-series Santricity Os Controller | 2024-11-21 | 7.5 High |
| SANtricity OS Controller Software versions 11.30 and higher are susceptible to a vulnerability which allows an unauthenticated attacker with access to the system to cause a Denial of Service (DoS). | ||||
| CVE-2020-8579 | 1 Netapp | 1 Clustered Data Ontap | 2024-11-21 | 7.5 High |
| Clustered Data ONTAP versions 9.7 through 9.7P7 are susceptible to a vulnerability which allows an attacker with access to an intercluster LIF to cause a Denial of Service (DoS). | ||||
| CVE-2020-8578 | 1 Netapp | 1 Clustered Data Ontap | 2024-11-21 | 3.3 Low |
| Clustered Data ONTAP versions prior to 9.3P20 are susceptible to a vulnerability which could allow an attacker to discover node names via AutoSupport bundles even when the –remove-private-data parameter is set to true. | ||||
| CVE-2020-8577 | 1 Netapp | 1 E-series Santricity Os Controller | 2024-11-21 | 5.9 Medium |
| SANtricity OS Controller Software versions 11.50.1 and higher are susceptible to a vulnerability which could allow an attacker to discover sensitive information by intercepting its transmission within an https session. | ||||
| CVE-2020-8576 | 1 Netapp | 1 Clustered Data Ontap | 2024-11-21 | 5.4 Medium |
| Clustered Data ONTAP versions prior to 9.3P19, 9.5P14, 9.6P9 and 9.7 are susceptible to a vulnerability which when successfully exploited could lead to addition or modification of data or disclosure of sensitive information. | ||||
| CVE-2020-8575 | 1 Netapp | 1 Active Iq Unified Manager | 2024-11-21 | 4.4 Medium |
| Active IQ Unified Manager for VMware vSphere and Windows versions prior to 9.5 are susceptible to a vulnerability which allows administrative users to cause Denial of Service (DoS). | ||||
| CVE-2020-8574 | 1 Netapp | 1 Active Iq Unified Manager | 2024-11-21 | 7.8 High |
| Active IQ Unified Manager for Linux versions prior to 9.6 ship with the Java Management Extension Remote Method Invocation (JMX RMI) service enabled allowing unauthorized code execution to local users. | ||||
| CVE-2020-8573 | 1 Netapp | 2 Hci H610s, Hci H610s Firmware | 2024-11-21 | 6.5 Medium |
| The NetApp HCI H610C, H615C and H610S Baseboard Management Controllers (BMC) are shipped with a documented default account and password that should be changed during the initial node setup. During upgrades to Element 11.8 and 12.0 or the Compute Firmware Bundle 12.2.92 the BMC account password on the H610C, H615C and H610S platforms is reset to the default documented value which could allow remote attackers to cause a Denial of Service (DoS). | ||||
| CVE-2020-8572 | 1 Netapp | 2 Element Healthtools, Element Os | 2024-11-21 | 7.5 High |
| Element OS prior to version 12.0 and Element HealthTools prior to version 2020.04.01.04 are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information. | ||||
| CVE-2020-8571 | 1 Netapp | 1 Storagegrid | 2024-11-21 | 7.5 High |
| StorageGRID (formerly StorageGRID Webscale) versions 10.0.0 through 11.3 prior to 11.2.0.8 and 11.3.0.4 are susceptible to a vulnerability which allows an unauthenticated remote attacker to cause a Denial of Service (DoS). | ||||
| CVE-2020-8286 | 9 Apple, Debian, Fedoraproject and 6 more | 22 Mac Os X, Macos, Debian Linux and 19 more | 2024-11-21 | 7.5 High |
| curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response. | ||||
| CVE-2020-8285 | 10 Apple, Debian, Fedoraproject and 7 more | 32 Mac Os X, Macos, Debian Linux and 29 more | 2024-11-21 | 7.5 High |
| curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing. | ||||
| CVE-2020-8284 | 10 Apple, Debian, Fedoraproject and 7 more | 31 Mac Os X, Macos, Debian Linux and 28 more | 2024-11-21 | 3.7 Low |
| A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions. | ||||
| CVE-2020-8174 | 4 Netapp, Nodejs, Oracle and 1 more | 13 Active Iq Unified Manager, Oncommand Insight, Oncommand Workflow Automation and 10 more | 2024-11-21 | 8.1 High |
| napi_get_value_string_*() allows various kinds of memory corruption in node < 10.21.0, 12.18.0, and < 14.4.0. | ||||
| CVE-2020-7919 | 4 Debian, Fedoraproject, Golang and 1 more | 4 Debian Linux, Fedora, Go and 1 more | 2024-11-21 | 7.5 High |
| Go before 1.12.16 and 1.13.x before 1.13.7 (and the crypto/cryptobyte package before 0.0.0-20200124225646-8b5121be2f68 for Go) allows attacks on clients (resulting in a panic) via a malformed X.509 certificate. | ||||