Vulnerabilities > Netapp > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-15 | CVE-2019-14540 | Deserialization of Untrusted Data vulnerability in multiple products A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. | 9.8 |
| 2019-08-30 | CVE-2019-5608 | Out-of-bounds Write vulnerability in multiple products In FreeBSD 12.0-STABLE before r350648, 12.0-RELEASE before 12.0-RELEASE-p9, 11.3-STABLE before r350650, 11.3-RELEASE before 11.3-RELEASE-p2, and 11.2-RELEASE before 11.2-RELEASE-p13, the ICMPv6 input path incorrectly handles cases where an MLDv2 listener query packet is internally fragmented across multiple mbufs. | 9.8 |
| 2019-08-09 | CVE-2019-12261 | Classic Buffer Overflow vulnerability in multiple products Wind River VxWorks 6.7 though 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 3 of 4). | 9.8 |
| 2019-08-09 | CVE-2019-12260 | Classic Buffer Overflow vulnerability in multiple products Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 2 of 4). | 9.8 |
| 2019-08-09 | CVE-2019-12255 | Classic Buffer Overflow vulnerability in multiple products Wind River VxWorks has a Buffer Overflow in the TCP component (issue 1 of 4). | 9.8 |
| 2019-08-09 | CVE-2019-12256 | Classic Buffer Overflow vulnerability in multiple products Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the IPv4 component. | 9.8 |
| 2019-08-05 | CVE-2019-5502 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Netapp Data Ontap SMB in Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 has weak cryptography which when exploited could lead to information disclosure or addition or modification of data. | 9.1 |
| 2019-07-29 | CVE-2019-14379 | SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution. | 9.8 |
| 2019-07-26 | CVE-2019-13990 | XXE vulnerability in multiple products initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description. | 9.8 |
| 2019-07-26 | CVE-2019-10744 | Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. | 9.1 |