Vulnerabilities > Netapp > Critical

DATE CVE VULNERABILITY TITLE RISK
2021-01-19 CVE-2021-3177 Classic Buffer Overflow vulnerability in multiple products
Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param.
network
low complexity
python fedoraproject netapp debian oracle CWE-120
critical
 9.8
9.8
2021-01-14 CVE-2021-23926 XML Entity Expansion vulnerability in multiple products
The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user from malicious XML input.
network
low complexity
apache netapp debian oracle CWE-776
critical
 9.1
9.1
2021-01-08 CVE-2020-8584 Code Injection vulnerability in Netapp products
Element OS versions prior to 1.8P1 and 12.2 are susceptible to a vulnerability that could allow an unauthenticated remote attacker to perform arbitrary code execution.
network
low complexity
netapp CWE-94
critical
 10.0
10
2020-11-12 CVE-2020-8752 Out-of-bounds Write vulnerability in multiple products
Out-of-bounds write in IPv6 subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 14.0.45 may allow an unauthenticated user to potentially enable escalation of privileges via network access.
network
low complexity
intel netapp CWE-787
critical
 9.8
9.8
2020-11-12 CVE-2020-8747 Out-of-bounds Read vulnerability in multiple products
Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information disclosure and/or denial of service via network access.
network
low complexity
intel netapp CWE-125
critical
 9.1
9.1
2020-10-22 CVE-2019-17006 Insufficient Verification of Data Authenticity vulnerability in multiple products
In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks.
network
low complexity
siemens mozilla netapp CWE-345
critical
 10.0
10
2020-09-10 CVE-2020-8758 Improper buffer restrictions in network subsystem in provisioned Intel(R) AMT and Intel(R) ISM versions before 11.8.79, 11.12.79, 11.22.79, 12.0.68 and 14.0.39 may allow an unauthenticated user to potentially enable escalation of privilege via network access.
network
low complexity
intel netapp
critical
 9.8
9.8
2020-08-07 CVE-2020-11984 Classic Buffer Overflow vulnerability in multiple products
Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE
network
low complexity
apache netapp canonical debian fedoraproject opensuse oracle CWE-120
critical
 9.8
9.8
2020-07-30 CVE-2020-7699 This affects the package express-fileupload before 1.1.8.
network
low complexity
express-fileupload-project netapp
critical
 9.8
9.8
2020-07-24 CVE-2020-8174 Integer Underflow (Wrap or Wraparound) vulnerability in multiple products
napi_get_value_string_*() allows various kinds of memory corruption in node < 10.21.0, 12.18.0, and < 14.4.0.
network
nodejs oracle netapp CWE-191
critical
 9.3
9.3