Vulnerabilities > Netapp > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-02-10 CVE-2020-8840 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.
network
low complexity
fasterxml debian netapp huawei oracle CWE-502
critical
 9.8
9.8
2020-01-03 CVE-2019-20330 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking.
network
low complexity
fasterxml oracle debian netapp CWE-502
critical
 9.8
9.8
2019-12-20 CVE-2019-17571 Deserialization of Untrusted Data vulnerability in multiple products
Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data.
network
low complexity
apache debian canonical opensuse netapp oracle CWE-502
critical
 9.8
9.8
2019-12-09 CVE-2019-19646 Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products
pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns.
network
low complexity
sqlite siemens tenable oracle netapp CWE-754
critical
 9.8
9.8
2019-12-05 CVE-2019-19317 Incorrect Conversion between Numeric Types vulnerability in multiple products
lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service or possibly have unspecified other impact.
network
low complexity
sqlite netapp oracle siemens CWE-681
critical
 9.8
9.8
2019-11-21 CVE-2019-5509 Code Injection vulnerability in Netapp Ontap Select Deploy Administration Utility
ONTAP Select Deploy administration utility versions 2.11.2 through 2.12.2 are susceptible to a code injection vulnerability which when successfully exploited could allow an unauthenticated remote attacker to enable and use a privileged user account.
network
low complexity
netapp CWE-94
critical
 9.8
9.8
2019-11-07 CVE-2019-18805 Integer Overflow or Wraparound vulnerability in multiple products
An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before 5.0.11.
network
low complexity
linux opensuse redhat netapp broadcom CWE-190
critical
 9.8
9.8
2019-10-12 CVE-2019-17531 Deserialization of Untrusted Data vulnerability in multiple products
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10.
network
low complexity
fasterxml debian redhat oracle netapp CWE-502
critical
 9.8
9.8
2019-10-07 CVE-2019-17267 Deserialization of Untrusted Data vulnerability in multiple products
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10.
network
low complexity
fasterxml netapp debian redhat oracle CWE-502
critical
 9.8
9.8
2019-10-02 CVE-2019-10212 Information Exposure Through Log Files vulnerability in multiple products
A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security.
network
low complexity
redhat netapp CWE-532
critical
 9.8
9.8