Vulnerabilities > Netapp > MAX Data

DATE CVE VULNERABILITY TITLE RISK
2020-07-30 CVE-2020-7699 This affects the package express-fileupload before 1.1.8.
network
low complexity
express-fileupload-project netapp
critical
 9.8
9.8
2020-07-17 CVE-2020-15801 Untrusted Search Path vulnerability in multiple products
In Python 3.8.4, sys.path restrictions specified in a python38._pth file are ignored, allowing code to be loaded from arbitrary locations.
network
low complexity
python netapp CWE-426
critical
 9.8
9.8
2020-06-22 CVE-2020-14968 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
An issue was discovered in the jsrsasign package before 8.0.17 for Node.js.
network
low complexity
jsrsasign-project netapp CWE-119
critical
 9.8
9.8
2020-06-22 CVE-2020-14967 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
An issue was discovered in the jsrsasign package before 8.0.18 for Node.js.
network
low complexity
jsrsasign-project netapp CWE-119
critical
 9.8
9.8
2020-06-22 CVE-2020-14966 Improper Verification of Cryptographic Signature vulnerability in multiple products
An issue was discovered in the jsrsasign package through 8.0.18 for Node.js.
network
low complexity
jsrsasign-project netapp CWE-347
7.5
7.5
2020-04-29 CVE-2020-11022 In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. 6.1
6.1
2020-04-29 CVE-2020-11023 In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. 6.1
6.1