Vulnerabilities > Netapp

DATE CVE VULNERABILITY TITLE RISK
2020-11-28 CVE-2020-27218 In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that is received entirely but not consumed by the application, then a subsequent request on the same connection will see that body prepended to its body.
network
high complexity
eclipse netapp oracle apache debian
4.8
2020-11-23 CVE-2020-15436 Use After Free vulnerability in multiple products
Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field.
local
low complexity
linux broadcom netapp CWE-416
6.7
2020-11-18 CVE-2020-28366 Code Injection vulnerability in multiple products
Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file.
network
high complexity
golang fedoraproject netapp CWE-94
7.5
2020-11-18 CVE-2020-28362 Improper Certificate Validation vulnerability in multiple products
Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service.
network
low complexity
golang fedoraproject netapp CWE-295
7.5
2020-11-16 CVE-2020-26217 OS Command Injection vulnerability in multiple products
XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream.
network
low complexity
xstream-project debian netapp apache oracle CWE-78
8.8
2020-11-13 CVE-2020-8583 Unspecified vulnerability in Netapp Element OS and HCI
Element Software versions prior to 12.2 and HCI versions prior to 1.8P1 are susceptible to a vulnerability which could allow an attacker to discover sensitive information by intercepting its transmission within an https session.
network
low complexity
netapp
5.0
2020-11-13 CVE-2020-8582 Unspecified vulnerability in Netapp Element OS and HCI
Element Software versions prior to 12.2 and HCI versions prior to 1.8P1 are susceptible to a vulnerability which could allow an authenticated user to view sensitive information.
network
low complexity
netapp
4.0
2020-11-12 CVE-2020-8764 Improper access control in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.
local
low complexity
intel netapp
4.6
2020-11-12 CVE-2020-8760 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 14.0.45 may allow a privileged user to potentially enable escalation of privilege via local access.
local
low complexity
intel netapp CWE-190
7.8
2020-11-12 CVE-2020-8757 Out-of-bounds Read vulnerability in multiple products
Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow a privileged user to potentially enable escalation of privilege via local access.
local
low complexity
intel netapp CWE-125
6.7