Vulnerabilities > Netapp > Critical

DATE CVE VULNERABILITY TITLE RISK
2021-03-23 CVE-2021-21345 OS Command Injection vulnerability in multiple products
XStream is a Java library to serialize objects to XML and back again.
network
low complexity
netapp apache xstream debian fedoraproject oracle CWE-78
critical
 9.9
9.9
2021-03-23 CVE-2021-21344 Unrestricted Upload of File with Dangerous Type vulnerability in multiple products
XStream is a Java library to serialize objects to XML and back again.
network
low complexity
netapp apache xstream debian fedoraproject oracle CWE-434
critical
 9.8
9.8
2021-03-23 CVE-2021-21342 Deserialization of Untrusted Data vulnerability in multiple products
XStream is a Java library to serialize objects to XML and back again.
network
low complexity
netapp apache xstream debian fedoraproject oracle CWE-502
critical
 9.1
9.1
2021-03-19 CVE-2021-26990 Missing Authorization vulnerability in Netapp Cloud Manager
Cloud Manager versions prior to 3.9.4 are susceptible to a vulnerability that could allow a remote attacker to overwrite arbitrary system files.
network
low complexity
netapp CWE-862
critical
 9.1
9.1
2021-03-15 CVE-2021-26987 Element Plug-in for vCenter Server incorporates SpringBoot Framework.
network
low complexity
vmware netapp
critical
 9.8
9.8
2021-03-12 CVE-2021-20231 A flaw was found in gnutls.
network
low complexity
gnu redhat fedoraproject netapp
critical
 9.8
9.8
2021-01-25 CVE-2021-23901 XXE vulnerability in multiple products
An XML external entity (XXE) injection vulnerability was discovered in the Nutch DmozParser and is known to affect Nutch versions < 1.18.
network
low complexity
apache netapp CWE-611
critical
 9.1
9.1
2021-01-19 CVE-2021-3177 Classic Buffer Overflow vulnerability in multiple products
Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param.
network
low complexity
python fedoraproject netapp debian oracle CWE-120
critical
 9.8
9.8
2021-01-14 CVE-2021-23926 XML Entity Expansion vulnerability in multiple products
The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user from malicious XML input.
network
low complexity
apache netapp debian oracle CWE-776
critical
 9.1
9.1
2021-01-08 CVE-2020-8584 Unspecified vulnerability in Netapp products
Element OS versions prior to 1.8P1 and 12.2 are susceptible to a vulnerability that could allow an unauthenticated remote attacker to perform arbitrary code execution.
network
low complexity
netapp
critical
 9.8
9.8