Vulnerabilities > Netapp

DATE CVE VULNERABILITY TITLE RISK
2020-03-02 CVE-2020-9546 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).
network
low complexity
fasterxml netapp debian oracle CWE-502
critical
 9.8
9.8
2020-02-26 CVE-2019-17275 Unspecified vulnerability in Netapp Oncommand Cloud Manager
OnCommand Cloud Manager versions prior to 3.8.0 are susceptible to arbitrary code execution by remote attackers.
network
low complexity
netapp
critical
 9.8
9.8
2020-02-26 CVE-2019-17274 Insecure Default Initialization of Resource vulnerability in Netapp products
NetApp FAS 8300/8700 and AFF A400 Baseboard Management Controller (BMC) firmware versions 13.x prior to 13.1P1 were shipped with a default account enabled that could allow unauthorized arbitrary command execution via local access.
local
low complexity
netapp CWE-1188
7.8
7.8
2020-02-25 CVE-2020-9391 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in the Linux kernel 5.4 and 5.5 through 5.5.6 on the AArch64 architecture.
local
low complexity
linux fedoraproject netapp CWE-787
5.5
5.5
2020-02-25 CVE-2020-9383 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in the Linux kernel 3.16 through 5.5.6.
local
low complexity
linux debian opensuse canonical netapp CWE-125
7.1
7.1
2020-02-24 CVE-2020-1938 When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat.
network
low complexity
apache fedoraproject oracle debian opensuse blackberry netapp
critical
 9.8
9.8
2020-02-24 CVE-2020-1935 HTTP Request Smuggling vulnerability in multiple products
In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid.
network
high complexity
apache debian canonical opensuse netapp oracle CWE-444
4.8
4.8
2020-02-24 CVE-2019-17569 HTTP Request Smuggling vulnerability in multiple products
The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression.
network
high complexity
apache opensuse netapp debian oracle CWE-444
4.8
4.8
2020-02-21 CVE-2020-9327 NULL Pointer Dereference vulnerability in multiple products
In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations.
network
low complexity
sqlite netapp canonical siemens oracle CWE-476
7.5
7.5
2020-02-19 CVE-2020-4135 IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow an unauthenticated user to send specially crafted packets to cause a denial of service from excessive memory usage.
network
low complexity
ibm netapp
7.5
7.5