Vulnerabilities > Netapp
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-08-20 | CVE-2020-15861 | Link Following vulnerability in multiple products Net-SNMP through 5.7.3 allows Escalation of Privileges because of UNIX symbolic link (symlink) following. | 7.8 |
| 2020-08-19 | CVE-2020-14356 | NULL Pointer Dereference vulnerability in multiple products A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found in the way when reboot the system. | 7.8 |
| 2020-08-07 | CVE-2020-11993 | HTTP Request Smuggling vulnerability in multiple products Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. | 7.5 |
| 2020-08-07 | CVE-2020-11984 | Classic Buffer Overflow vulnerability in multiple products Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE | 9.8 |
| 2020-08-03 | CVE-2020-8575 | Unspecified vulnerability in Netapp Active IQ Unified Manager 7.3/9.5/9.6 Active IQ Unified Manager for VMware vSphere and Windows versions prior to 9.5 are susceptible to a vulnerability which allows administrative users to cause Denial of Service (DoS). | 2.1 |
| 2020-08-03 | CVE-2020-8574 | Unspecified vulnerability in Netapp Active IQ Unified Manager Active IQ Unified Manager for Linux versions prior to 9.6 ship with the Java Management Extension Remote Method Invocation (JMX RMI) service enabled allowing unauthorized code execution to local users. | 4.6 |
| 2020-07-30 | CVE-2020-16166 | Use of Insufficiently Random Values vulnerability in multiple products The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. | 3.7 |
| 2020-07-30 | CVE-2020-7699 | This affects the package express-fileupload before 1.1.8. | 9.8 |
| 2020-07-29 | CVE-2020-15707 | Integer Overflow or Wraparound vulnerability in multiple products Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. | 4.4 |
| 2020-07-27 | CVE-2020-11110 | Cross-site Scripting vulnerability in multiple products Grafana through 6.7.1 allows stored XSS due to insufficient input protection in the originalUrl field, which allows an attacker to inject JavaScript code that will be executed after clicking on Open Original Dashboard after visiting the snapshot. | 5.4 |