Vulnerabilities > Netapp > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-05-04 | CVE-2021-23383 | The package handlebars before 4.7.7 are vulnerable to Prototype Pollution when selecting certain compiling options to compile templates coming from an untrusted source. | 9.8 |
2021-04-29 | CVE-2021-25216 | Out-of-bounds Read vulnerability in multiple products In BIND 9.5.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.11.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch, BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. | 9.8 |
2021-03-19 | CVE-2021-26990 | Missing Authorization vulnerability in Netapp Cloud Manager Cloud Manager versions prior to 3.9.4 are susceptible to a vulnerability that could allow a remote attacker to overwrite arbitrary system files. | 9.1 |
2021-03-15 | CVE-2021-26987 | Element Plug-in for vCenter Server incorporates SpringBoot Framework. | 9.8 |
2021-03-12 | CVE-2021-20231 | A flaw was found in gnutls. | 9.8 |
2021-01-25 | CVE-2021-23901 | XXE vulnerability in multiple products An XML external entity (XXE) injection vulnerability was discovered in the Nutch DmozParser and is known to affect Nutch versions < 1.18. | 9.1 |
2021-01-19 | CVE-2021-3177 | Classic Buffer Overflow vulnerability in multiple products Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. | 9.8 |
2021-01-14 | CVE-2021-23926 | XML Entity Expansion vulnerability in multiple products The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user from malicious XML input. | 9.1 |
2021-01-08 | CVE-2020-8584 | Unspecified vulnerability in Netapp products Element OS versions prior to 1.8P1 and 12.2 are susceptible to a vulnerability that could allow an unauthenticated remote attacker to perform arbitrary code execution. | 9.8 |
2020-12-11 | CVE-2020-27730 | Path Traversal vulnerability in multiple products In versions 3.0.0-3.9.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller Agent does not use absolute paths when calling system utilities. | 9.8 |