Vulnerabilities (CVE)

Filtered by vendor Netapp Subscribe
Filtered by product Data Ontap
Total 42 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-6495 1 Netapp 1 Data Ontap 2024-11-21 4.3 MEDIUM 5.9 MEDIUM
NetApp Data ONTAP before 8.2.4P5, when operating in 7-Mode, allows remote attackers to obtain information about the volumes configured for HTTP access.
CVE-2016-5374 1 Netapp 1 Data Ontap 2024-11-21 6.5 MEDIUM 8.8 HIGH
NetApp Data ONTAP 9.0 and 9.1 before 9.1P1 allows remote authenticated users that own SMB-hosted data to bypass intended sharing restrictions by leveraging improper handling of the owner_rights ACL entry.
CVE-2016-2518 7 Debian, Freebsd, Netapp and 4 more 18 Debian Linux, Freebsd, Clustered Data Ontap and 15 more 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value.
CVE-2015-8322 1 Netapp 1 Data Ontap 2024-11-21 6.5 MEDIUM 8.8 HIGH
NetApp OnCommand System Manager 8.3.x before 8.3.2 allows remote authenticated users to execute arbitrary code via unspecified vectors.
CVE-2015-7886 1 Netapp 1 Data Ontap 2024-11-21 4.3 MEDIUM 3.7 LOW
NetApp Data ONTAP before 8.2.4P1, when 7-Mode and HTTP access are enabled, allows remote attackers to obtain sensitive volume information via unspecified vectors.
CVE-2008-3349 2 Ibm, Netapp 3 N Series Storage Server, Data Ontap, Fas900 2024-11-21 10.0 HIGH N/A
Multiple unspecified vulnerabilities in NetApp Data ONTAP, as used on NetApp and IBM eServer platforms, allow remote attackers to execute arbitrary commands, cause a denial of service (system crash), or obtain sensitive information, probably related to insufficient access control for HTTP requests. NOTE: this may overlap CVE-2008-3160.
CVE-2020-1971 8 Debian, Fedoraproject, Netapp and 5 more 46 Debian Linux, Fedora, Active Iq Unified Manager and 43 more 2024-06-21 4.3 MEDIUM 5.9 MEDIUM
The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSL's s_server, s_client and verify tools have support for the "-crl_download" option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL's parser will accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w).
CVE-2021-26988 1 Netapp 1 Data Ontap 2024-02-28 2.7 LOW 3.5 LOW
Clustered Data ONTAP versions prior to 9.3P21, 9.5P16, 9.6P12, 9.7P8 and 9.8 are susceptible to a vulnerability which could allow unauthorized tenant users to discover information related to converting a 7-Mode directory to Cluster-mode such as Storage Virtual Machine (SVM) names, volume names, directory paths and Job IDs.
CVE-2021-26989 1 Netapp 1 Data Ontap 2024-02-28 3.5 LOW 6.5 MEDIUM
Clustered Data ONTAP versions prior to 9.3P21, 9.5P16, 9.6P12, 9.7P9 and 9.8 are susceptible to a vulnerability which could allow a remote authenticated attacker to cause a Denial of Service (DoS) on clustered Data ONTAP configured for SMB access.
CVE-2020-13817 4 Fujitsu, Netapp, Ntp and 1 more 40 M10-1, M10-1 Firmware, M10-4 and 37 more 2024-02-28 5.8 MEDIUM 7.4 HIGH
ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim's ntpd instance.
CVE-2020-11868 5 Debian, Netapp, Ntp and 2 more 24 Debian Linux, All Flash Fabric-attached Storage 8300, All Flash Fabric-attached Storage 8300 Firmware and 21 more 2024-02-28 5.0 MEDIUM 7.5 HIGH
ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packet lacks a valid origin timestamp.
CVE-2019-8936 5 Fedoraproject, Hpe, Netapp and 2 more 6 Fedora, Hpux-ntp, Clustered Data Ontap and 3 more 2024-02-28 5.0 MEDIUM 7.5 HIGH
NTP through 4.2.8p12 has a NULL Pointer Dereference.
CVE-2019-5493 1 Netapp 1 Data Ontap 2024-02-28 4.3 MEDIUM 7.5 HIGH
Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 are susceptible to a vulnerability which discloses information to an unauthenticated attacker. A successful attack requires that multiple non-default options be enabled.
CVE-2019-5501 1 Netapp 1 Data Ontap 2024-02-28 5.0 MEDIUM 7.5 HIGH
Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 may disclose sensitive LDAP account information to unauthenticated remote attackers.
CVE-2019-5502 1 Netapp 1 Data Ontap 2024-02-28 6.4 MEDIUM 9.1 CRITICAL
SMB in Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 has weak cryptography which when exploited could lead to information disclosure or addition or modification of data.
CVE-2018-15473 7 Canonical, Debian, Netapp and 4 more 24 Ubuntu Linux, Debian Linux, Aff Baseboard Management Controller and 21 more 2024-02-28 5.0 MEDIUM 5.3 MEDIUM
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.
CVE-2018-18066 2 Net-snmp, Netapp 7 Net-snmp, Cloud Backup, Data Ontap and 4 more 2024-02-28 5.0 MEDIUM 7.5 HIGH
snmp_oid_compare in snmplib/snmp_api.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an unauthenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.
CVE-2018-18065 5 Canonical, Debian, Net-snmp and 2 more 10 Ubuntu Linux, Debian Linux, Net-snmp and 7 more 2024-02-28 4.0 MEDIUM 6.5 MEDIUM
_set_key in agent/helpers/table_container.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.
CVE-2018-18606 3 Debian, Gnu, Netapp 3 Debian Linux, Binutils, Data Ontap 2024-02-28 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in the merge_strings function in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in _bfd_add_merge_section when attempting to merge sections with large alignments. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.
CVE-2018-18605 3 Debian, Gnu, Netapp 3 Debian Linux, Binutils, Data Ontap 2024-02-28 4.3 MEDIUM 5.5 MEDIUM
A heap-based buffer over-read issue was discovered in the function sec_merge_hash_lookup in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, because _bfd_add_merge_section mishandles section merges when size is not a multiple of entsize. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.