Vulnerabilities > Netapp > Cloud Backup > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-02-25 CVE-2020-9391 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in the Linux kernel 5.4 and 5.5 through 5.5.6 on the AArch64 architecture.
local
low complexity
linux fedoraproject netapp CWE-787
5.5
2020-02-21 CVE-2020-9327 NULL Pointer Dereference vulnerability in multiple products
In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations.
network
low complexity
sqlite netapp canonical siemens oracle CWE-476
5.0
2020-02-14 CVE-2020-8992 Excessive Iteration vulnerability in multiple products
ext4_protect_reserved_inode in fs/ext4/block_validity.c in the Linux kernel through 5.5.3 allows attackers to cause a denial of service (soft lockup) via a crafted journal size.
local
low complexity
linux canonical opensuse netapp CWE-834
4.9
2020-01-16 CVE-2019-18282 Use of Insufficiently Random Values vulnerability in multiple products
The flow_dissector feature in the Linux kernel 4.3 through 5.x before 5.3.10 has a device tracking vulnerability, aka CID-55667441c84f.
network
low complexity
linux debian netapp CWE-330
5.0
2020-01-15 CVE-2020-2585 Vulnerability in the Java SE product of Oracle Java SE (component: JavaFX).
network
high complexity
oracle netapp
5.9
2020-01-09 CVE-2019-20372 HTTP Request Smuggling vulnerability in multiple products
NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer.
4.3
2019-12-30 CVE-2019-20095 Memory Leak vulnerability in multiple products
mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c in the Linux kernel before 5.1.6 has some error-handling cases that did not free allocated hostcmd memory, aka CID-003b686ace82.
local
low complexity
linux opensuse netapp CWE-401
4.9
2019-12-28 CVE-2019-20054 NULL Pointer Dereference vulnerability in multiple products
In the Linux kernel before 5.0.6, there is a NULL pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c, related to put_links, aka CID-23da9588037e.
local
low complexity
linux netapp CWE-476
5.5
2019-12-25 CVE-2019-19966 Use After Free vulnerability in multiple products
In the Linux kernel before 5.1.6, there is a use-after-free in cpia2_exit() in drivers/media/usb/cpia2/cpia2_v4l.c that will cause denial of service, aka CID-dea37a972655.
4.6
2019-12-24 CVE-2019-19925 Unrestricted Upload of File with Dangerous Type vulnerability in multiple products
zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive.
5.0