Filtered by vendor Netapp
Subscribe
Total
2315 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-8624 | 6 Canonical, Debian, Fedoraproject and 3 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| In BIND 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 -> 9.11.21, 9.12.1 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.12-S1 -> 9.9.13-S1, 9.11.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker who has been granted privileges to change a specific subset of the zone's content could abuse these unintended additional privileges to update other contents of the zone. | |||||
| CVE-2020-8623 | 7 Canonical, Debian, Fedoraproject and 4 more | 7 Ubuntu Linux, Debian Linux, Fedora and 4 more | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
| In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.10.5-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted query packet can trigger a crash. To be vulnerable, the system must: * be running BIND that was built with "--enable-native-pkcs11" * be signing one or more zones with an RSA key * be able to receive queries from a possible attacker | |||||
| CVE-2020-8622 | 8 Canonical, Debian, Fedoraproject and 5 more | 8 Ubuntu Linux, Debian Linux, Fedora and 5 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a truncated response to that request, triggering an assertion failure, causing the server to exit. Alternately, an off-path attacker would have to correctly guess when a TSIG-signed request was sent, along with other characteristics of the packet and message, and spoof a truncated response to trigger an assertion failure, causing the server to exit. | |||||
| CVE-2020-8621 | 5 Canonical, Isc, Netapp and 2 more | 5 Ubuntu Linux, Bind, Steelstore Cloud Integrated Storage and 2 more | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
| In BIND 9.14.0 -> 9.16.5, 9.17.0 -> 9.17.3, If a server is configured with both QNAME minimization and 'forward first' then an attacker who can send queries to it may be able to trigger the condition that will cause the server to crash. Servers that 'forward only' are not affected. | |||||
| CVE-2020-8620 | 4 Canonical, Isc, Netapp and 1 more | 4 Ubuntu Linux, Bind, Steelstore Cloud Integrated Storage and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In BIND 9.15.6 -> 9.16.5, 9.17.0 -> 9.17.3, An attacker who can establish a TCP connection with the server and send data on that connection can exploit this to trigger the assertion failure, causing the server to exit. | |||||
| CVE-2020-8619 | 6 Canonical, Debian, Fedoraproject and 3 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| In ISC BIND9 versions BIND 9.11.14 -> 9.11.19, BIND 9.14.9 -> 9.14.12, BIND 9.16.0 -> 9.16.3, BIND Supported Preview Edition 9.11.14-S1 -> 9.11.19-S1: Unless a nameserver is providing authoritative service for one or more zones and at least one zone contains an empty non-terminal entry containing an asterisk ("*") character, this defect cannot be encountered. A would-be attacker who is allowed to change zone content could theoretically introduce such a record in order to exploit this condition to cause denial of service, though we consider the use of this vector unlikely because any such attack would require a significant privilege level and be easily traceable. | |||||
| CVE-2020-8618 | 4 Canonical, Isc, Netapp and 1 more | 4 Ubuntu Linux, Bind, Steelstore Cloud Integrated Storage and 1 more | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| An attacker who is permitted to send zone data to a server via zone transfer can exploit this to intentionally trigger the assertion failure with a specially constructed zone, denying service to clients. | |||||
| CVE-2020-8590 | 1 Netapp | 1 Clustered Data Ontap | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| Clustered Data ONTAP versions prior to 9.1P18 and 9.3P12 are susceptible to a vulnerability which could allow an attacker to discover node names via AutoSupport bundles even when the –remove-private-data parameter is set to true. | |||||
| CVE-2020-8589 | 1 Netapp | 1 Clustered Data Ontap | 2024-11-21 | 2.7 LOW | 3.5 LOW |
| Clustered Data ONTAP versions prior to 9.3P20 and 9.5P15 are susceptible to a vulnerability which could allow unauthorized tenant users to discover the names of other Storage Virtual Machines (SVMs) and filenames on those SVMs. | |||||
| CVE-2020-8588 | 1 Netapp | 1 Clustered Data Ontap | 2024-11-21 | 2.7 LOW | 3.5 LOW |
| Clustered Data ONTAP versions prior to 9.3P20 and 9.5P15 are susceptible to a vulnerability which could allow unauthorized tenant users to discover the existence of data on other Storage Virtual Machines (SVMs). | |||||
| CVE-2020-8587 | 1 Netapp | 1 Oncommand System Manager | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| OnCommand System Manager 9.x versions prior to 9.3P20 and 9.4 prior to 9.4P3 are susceptible to a vulnerability that could allow HTTP clients to cache sensitive responses making them accessible to an attacker who has access to the system where the client runs. | |||||
| CVE-2020-8585 | 1 Netapp | 1 Oncommand Unified Manager | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| OnCommand Unified Manager Core Package versions prior to 5.2.5 may disclose sensitive account information to unauthorized users via the use of PuTTY Link (plink). | |||||
| CVE-2020-8584 | 1 Netapp | 4 Element Os, Hci Management Node, Hci Storage Node and 1 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Element OS versions prior to 1.8P1 and 12.2 are susceptible to a vulnerability that could allow an unauthenticated remote attacker to perform arbitrary code execution. | |||||
| CVE-2020-8583 | 1 Netapp | 2 Element Os, Hci | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Element Software versions prior to 12.2 and HCI versions prior to 1.8P1 are susceptible to a vulnerability which could allow an attacker to discover sensitive information by intercepting its transmission within an https session. | |||||
| CVE-2020-8582 | 1 Netapp | 2 Element Os, Hci | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Element Software versions prior to 12.2 and HCI versions prior to 1.8P1 are susceptible to a vulnerability which could allow an authenticated user to view sensitive information. | |||||
| CVE-2020-8581 | 1 Netapp | 1 Clustered Data Ontap | 2024-11-21 | 3.5 LOW | 6.5 MEDIUM |
| Clustered Data ONTAP versions prior to 9.3P20 and 9.5 are susceptible to a vulnerability which could allow an authenticated but unauthorized attacker to overwrite arbitrary data when VMware vStorage support is enabled. | |||||
| CVE-2020-8580 | 1 Netapp | 1 E-series Santricity Os Controller | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| SANtricity OS Controller Software versions 11.30 and higher are susceptible to a vulnerability which allows an unauthenticated attacker with access to the system to cause a Denial of Service (DoS). | |||||
| CVE-2020-8579 | 1 Netapp | 1 Clustered Data Ontap | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Clustered Data ONTAP versions 9.7 through 9.7P7 are susceptible to a vulnerability which allows an attacker with access to an intercluster LIF to cause a Denial of Service (DoS). | |||||
| CVE-2020-8578 | 1 Netapp | 1 Clustered Data Ontap | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| Clustered Data ONTAP versions prior to 9.3P20 are susceptible to a vulnerability which could allow an attacker to discover node names via AutoSupport bundles even when the –remove-private-data parameter is set to true. | |||||
| CVE-2020-8577 | 1 Netapp | 1 E-series Santricity Os Controller | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| SANtricity OS Controller Software versions 11.50.1 and higher are susceptible to a vulnerability which could allow an attacker to discover sensitive information by intercepting its transmission within an https session. | |||||