Vulnerabilities > Netapp > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-09-15 | CVE-2019-14540 | Deserialization of Untrusted Data vulnerability in multiple products A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. | 9.8 |
2019-08-30 | CVE-2019-5608 | Out-of-bounds Write vulnerability in multiple products In FreeBSD 12.0-STABLE before r350648, 12.0-RELEASE before 12.0-RELEASE-p9, 11.3-STABLE before r350650, 11.3-RELEASE before 11.3-RELEASE-p2, and 11.2-RELEASE before 11.2-RELEASE-p13, the ICMPv6 input path incorrectly handles cases where an MLDv2 listener query packet is internally fragmented across multiple mbufs. | 9.8 |
2019-08-09 | CVE-2019-12255 | Classic Buffer Overflow vulnerability in multiple products Wind River VxWorks has a Buffer Overflow in the TCP component (issue 1 of 4). | 9.8 |
2019-07-29 | CVE-2019-14379 | SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution. | 9.8 |
2019-07-26 | CVE-2019-13990 | XXE vulnerability in multiple products initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description. | 9.8 |
2019-07-26 | CVE-2019-10744 | Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. | 9.1 |
2019-07-10 | CVE-2017-12652 | Improper Input Validation vulnerability in multiple products libpng before 1.6.32 does not properly check the length of chunks against the user limit. | 9.8 |
2019-06-14 | CVE-2019-10126 | Heap-based Buffer Overflow vulnerability in multiple products A flaw was found in the Linux kernel. | 9.8 |
2019-06-07 | CVE-2019-10160 | Encoding Error vulnerability in multiple products A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. | 9.8 |
2019-05-08 | CVE-2019-11815 | Race Condition vulnerability in multiple products An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8. | 9.3 |