Vulnerabilities > Netapp
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-19 | CVE-2020-8581 | Unspecified vulnerability in Netapp Clustered Data Ontap Clustered Data ONTAP versions prior to 9.3P20 and 9.5 are susceptible to a vulnerability which could allow an authenticated but unauthorized attacker to overwrite arbitrary data when VMware vStorage support is enabled. | 6.5 |
| 2021-01-19 | CVE-2021-20190 | A flaw was found in jackson-databind before 2.9.10.7. | 8.1 |
| 2021-01-19 | CVE-2021-3177 | Classic Buffer Overflow vulnerability in multiple products Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. | 9.8 |
| 2021-01-14 | CVE-2021-23926 | XML Entity Expansion vulnerability in multiple products The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user from malicious XML input. | 9.1 |
| 2021-01-13 | CVE-2021-21252 | The jQuery Validation Plugin provides drop-in validation for your existing forms. | 7.5 |
| 2021-01-12 | CVE-2021-23240 | Link Following vulnerability in multiple products selinux_edit_copy_tfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary file target. | 7.8 |
| 2021-01-12 | CVE-2021-23239 | Link Following vulnerability in multiple products The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path. | 2.5 |
| 2021-01-08 | CVE-2020-8584 | Unspecified vulnerability in Netapp products Element OS versions prior to 1.8P1 and 12.2 are susceptible to a vulnerability that could allow an unauthenticated remote attacker to perform arbitrary code execution. | 9.8 |
| 2021-01-07 | CVE-2020-36183 | Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool. | 8.1 |
| 2021-01-07 | CVE-2020-36182 | Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS. | 8.1 |