Netapp: Security Vulnerabilities
Wind River VxWorks 6.6 through vx7 has Session Fixation in the TCP component. This is a IPNET security vulnerability: DoS of TCP connection via malformed TCP options.
CVSS Score
7.5
EPSS Score
0.116
Published
2019-08-09
Wind River VxWorks 6.9.4 and vx7 has a Buffer Overflow in the TCP component (issue 4 of 4). There is an IPNET security vulnerability: TCP Urgent Pointer state confusion due to race condition.
CVSS Score
8.1
EPSS Score
0.005
Published
2019-08-09
Wind River VxWorks 6.5, 6.6, 6.7, 6.8, 6.9.3 and 6.9.4 has a Memory Leak in the IGMPv3 client component. There is an IPNET security vulnerability: IGMP Information leak via IGMPv3 specific membership report.
CVSS Score
5.3
EPSS Score
0.165
Published
2019-08-09
OnCommand Insight versions through 7.3.6 may disclose sensitive account information to an authenticated user.
CVSS Score
6.5
EPSS Score
0.003
Published
2019-08-09
Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the IPv4 component. There is an IPNET security vulnerability: Stack overflow in the parsing of IPv4 packets’ IP options.
CVSS Score
9.8
EPSS Score
0.138
Published
2019-08-09
Wind River VxWorks 6.6 through 6.9 has a Buffer Overflow in the DHCP client component. There is an IPNET security vulnerability: Heap overflow in DHCP Offer/ACK parsing inside ipdhcpc.
CVSS Score
8.8
EPSS Score
0.154
Published
2019-08-09
SMB in Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 has weak cryptography which when exploited could lead to information disclosure or addition or modification of data.
CVSS Score
9.1
EPSS Score
0.002
Published
2019-08-05
Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 are susceptible to a vulnerability which discloses information to an unauthenticated attacker. A successful attack requires that multiple non-default options be enabled.
CVSS Score
7.5
EPSS Score
0.005
Published
2019-08-02
Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 may disclose sensitive LDAP account information to unauthenticated remote attackers.
CVSS Score
7.5
EPSS Score
0.006
Published
2019-08-02
A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS server. Any outstanding disk writes to the NFS server will be lost.
CVSS Score
7.5
EPSS Score
0.015
Published
2019-07-30