Vulnerabilities > Netapp

DATE CVE VULNERABILITY TITLE RISK
2020-08-20 CVE-2020-15861 Link Following vulnerability in multiple products
Net-SNMP through 5.7.3 allows Escalation of Privileges because of UNIX symbolic link (symlink) following.
local
low complexity
net-snmp canonical netapp CWE-59
7.8
2020-08-19 CVE-2020-14356 NULL Pointer Dereference vulnerability in multiple products
A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found in the way when reboot the system.
7.8
2020-08-07 CVE-2020-11993 HTTP Request Smuggling vulnerability in multiple products
Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools.
7.5
2020-08-07 CVE-2020-11984 Classic Buffer Overflow vulnerability in multiple products
Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE
network
low complexity
apache netapp canonical debian fedoraproject opensuse oracle CWE-120
critical
9.8
2020-08-03 CVE-2020-8575 Unspecified vulnerability in Netapp Active IQ Unified Manager 7.3/9.5/9.6
Active IQ Unified Manager for VMware vSphere and Windows versions prior to 9.5 are susceptible to a vulnerability which allows administrative users to cause Denial of Service (DoS).
local
low complexity
netapp
2.1
2020-08-03 CVE-2020-8574 Unspecified vulnerability in Netapp Active IQ Unified Manager
Active IQ Unified Manager for Linux versions prior to 9.6 ship with the Java Management Extension Remote Method Invocation (JMX RMI) service enabled allowing unauthorized code execution to local users.
local
low complexity
netapp
4.6
2020-07-30 CVE-2020-16166 Use of Insufficiently Random Values vulnerability in multiple products
The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c.
3.7
2020-07-30 CVE-2020-7699 This affects the package express-fileupload before 1.1.8.
network
low complexity
express-fileupload-project netapp
critical
9.8
2020-07-29 CVE-2020-15707 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow.
4.4
2020-07-27 CVE-2020-11110 Cross-site Scripting vulnerability in multiple products
Grafana through 6.7.1 allows stored XSS due to insufficient input protection in the originalUrl field, which allows an attacker to inject JavaScript code that will be executed after clicking on Open Original Dashboard after visiting the snapshot.
network
low complexity
grafana netapp CWE-79
5.4