Vulnerabilities > Netapp
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-29 | CVE-2019-5614 | Improper Input Validation vulnerability in multiple products In FreeBSD 12.1-STABLE before r356035, 12.1-RELEASE before 12.1-RELEASE-p4, 11.3-STABLE before r356036, and 11.3-RELEASE before 11.3-RELEASE-p8, incomplete packet data validation may result in accessing out-of-bounds memory leading to a kernel panic or other unpredictable results. | 9.8 |
| 2020-04-29 | CVE-2019-15874 | Use After Free vulnerability in multiple products In FreeBSD 12.1-STABLE before r356035, 12.1-RELEASE before 12.1-RELEASE-p4, 11.3-STABLE before r356036, and 11.3-RELEASE before 11.3-RELEASE-p8, incomplete packet data validation may result in memory access after it has been freed leading to a kernel panic or other unpredictable results. | 9.8 |
| 2020-04-28 | CVE-2020-12243 | Uncontrolled Recursion vulnerability in multiple products In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash). | 7.5 |
| 2020-04-27 | CVE-2019-4729 | Information Exposure Through an Error Message vulnerability in multiple products IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 4.3 |
| 2020-04-23 | CVE-2020-5867 | Download of Code Without Integrity Check vulnerability in multiple products In versions prior to 3.3.0, the NGINX Controller Agent installer script 'install.sh' uses HTTP instead of HTTPS to check and install packages | 8.1 |
| 2020-04-23 | CVE-2020-5865 | Cleartext Transmission of Sensitive Information vulnerability in multiple products In versions prior to 3.3.0, the NGINX Controller is configured to communicate with its Postgres database server over unencrypted channels, making the communicated data vulnerable to interception via man-in-the-middle (MiTM) attacks. | 4.8 |
| 2020-04-21 | CVE-2020-1967 | NULL Pointer Dereference vulnerability in multiple products Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. | 7.5 |
| 2020-04-17 | CVE-2020-11868 | Origin Validation Error vulnerability in multiple products ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packet lacks a valid origin timestamp. | 7.5 |
| 2020-04-15 | CVE-2020-2930 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). | 4.4 |
| 2020-04-15 | CVE-2020-2925 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). | 4.9 |