Vulnerabilities > Netapp > Cloud Backup > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-04-29 CVE-2020-12465 Classic Buffer Overflow vulnerability in multiple products
An array overflow was discovered in mt76_add_fragment in drivers/net/wireless/mediatek/mt76/dma.c in the Linux kernel before 5.5.10, aka CID-b102f0c522cf.
local
low complexity
linux netapp CWE-120
6.7
2020-04-29 CVE-2020-12464 Use After Free vulnerability in multiple products
usb_sg_cancel in drivers/usb/core/message.c in the Linux kernel before 5.6.8 has a use-after-free because a transfer occurs without a reference, aka CID-056ad39ee925.
local
low complexity
linux netapp CWE-416
6.7
2020-04-23 CVE-2020-5865 Cleartext Transmission of Sensitive Information vulnerability in multiple products
In versions prior to 3.3.0, the NGINX Controller is configured to communicate with its Postgres database server over unencrypted channels, making the communicated data vulnerable to interception via man-in-the-middle (MiTM) attacks.
network
high complexity
f5 netapp CWE-319
4.8
2020-04-15 CVE-2020-2830 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). 5.3
2020-04-15 CVE-2020-2800 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Lightweight HTTP Server). 4.8
2020-04-15 CVE-2020-2781 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). 5.3
2020-04-15 CVE-2020-2767 Vulnerability in the Java SE product of Oracle Java SE (component: JSSE).
network
high complexity
oracle netapp debian canonical opensuse
4.8
2020-04-13 CVE-2020-1730 NULL Pointer Dereference vulnerability in multiple products
A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR (or DES ciphers if enabled) ciphers.
5.3
2020-04-10 CVE-2020-8832 Information Exposure vulnerability in multiple products
The fix for the Linux kernel in Ubuntu 18.04 LTS for CVE-2019-14615 ("The Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors.") was discovered to be incomplete, meaning that in versions of the kernel before 4.15.0-91.92, an attacker could use this vulnerability to expose sensitive information.
local
low complexity
canonical netapp CWE-200
5.5
2020-04-08 CVE-2019-20636 Out-of-bounds Write vulnerability in multiple products
In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bounds writes via a crafted keycode table, as demonstrated by input_set_keycode, aka CID-cb222aed03d7.
local
low complexity
linux netapp CWE-787
6.7