Vulnerabilities > Netapp > Cloud Backup > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-12-09 CVE-2020-16593 NULL Pointer Dereference vulnerability in multiple products
A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in scan_unit_for_symbols, as demonstrated in addr2line, that can cause a denial of service via a crafted file.
local
low complexity
gnu netapp CWE-476
5.5
2020-11-23 CVE-2020-15436 Use After Free vulnerability in multiple products
Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field.
local
low complexity
linux broadcom netapp CWE-416
6.7
2020-11-12 CVE-2020-8757 Out-of-bounds Read vulnerability in multiple products
Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow a privileged user to potentially enable escalation of privilege via local access.
local
low complexity
intel netapp CWE-125
6.7
2020-11-12 CVE-2020-8746 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
low complexity
intel netapp CWE-190
6.5
2020-11-12 CVE-2020-8738 Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products
Improper conditions check in Intel BIOS platform sample code for some Intel(R) Processors before may allow a privileged user to potentially enable escalation of privilege via local access.
local
low complexity
intel netapp CWE-754
6.7
2020-11-12 CVE-2020-12356 Out-of-bounds Read vulnerability in multiple products
Out-of-bounds read in subsystem in Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow a privileged user to potentially enable information disclosure via local access.
local
low complexity
intel netapp CWE-125
4.4
2020-06-24 CVE-2020-15025 Memory Leak vulnerability in multiple products
ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service (memory consumption) by sending packets, because memory is not freed in situations where a CMAC key is used and associated with a CMAC algorithm in the ntp.keys file.
network
low complexity
ntp opensuse netapp oracle CWE-401
4.9
2020-06-15 CVE-2020-14155 Integer Overflow or Wraparound vulnerability in multiple products
libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.
network
low complexity
pcre apple gitlab oracle netapp splunk CWE-190
5.3
2020-05-28 CVE-2020-13645 Improper Certificate Validation vulnerability in multiple products
In GNOME glib-networking through 2.64.2, the implementation of GTlsClientConnection skips hostname verification of the server's TLS certificate if the application fails to specify the expected server identity.
6.5
2020-05-27 CVE-2020-13632 NULL Pointer Dereference vulnerability in multiple products
ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query.
5.5