Vulnerabilities > Netapp > Critical

DATE CVE VULNERABILITY TITLE RISK
2021-01-08 CVE-2020-8584 Unspecified vulnerability in Netapp products
Element OS versions prior to 1.8P1 and 12.2 are susceptible to a vulnerability that could allow an unauthenticated remote attacker to perform arbitrary code execution.
network
low complexity
netapp
critical
 9.8
9.8
2020-12-11 CVE-2020-27730 Path Traversal vulnerability in multiple products
In versions 3.0.0-3.9.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller Agent does not use absolute paths when calling system utilities.
network
low complexity
f5 netapp CWE-22
critical
 9.8
9.8
2020-11-12 CVE-2020-8752 Out-of-bounds Write vulnerability in multiple products
Out-of-bounds write in IPv6 subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 14.0.45 may allow an unauthenticated user to potentially enable escalation of privileges via network access.
network
low complexity
intel netapp CWE-787
critical
 9.8
9.8
2020-11-12 CVE-2020-8747 Out-of-bounds Read vulnerability in multiple products
Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information disclosure and/or denial of service via network access.
network
low complexity
intel netapp CWE-125
critical
 9.1
9.1
2020-11-03 CVE-2020-15999 Out-of-bounds Write vulnerability in multiple products
Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google freetype debian fedoraproject opensuse netapp CWE-787
critical
 9.6
9.6
2020-10-22 CVE-2019-17006 Improper Input Validation vulnerability in multiple products
In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks.
network
low complexity
siemens mozilla netapp CWE-20
critical
 9.8
9.8
2020-09-10 CVE-2020-8758 Improper buffer restrictions in network subsystem in provisioned Intel(R) AMT and Intel(R) ISM versions before 11.8.79, 11.12.79, 11.22.79, 12.0.68 and 14.0.39 may allow an unauthenticated user to potentially enable escalation of privilege via network access.
network
low complexity
intel netapp
critical
 9.8
9.8
2020-08-07 CVE-2020-11984 Classic Buffer Overflow vulnerability in multiple products
Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE
network
low complexity
apache netapp canonical debian fedoraproject opensuse oracle CWE-120
critical
 9.8
9.8
2020-07-30 CVE-2020-7699 This affects the package express-fileupload before 1.1.8.
network
low complexity
express-fileupload-project netapp
critical
 9.8
9.8
2020-07-17 CVE-2020-15801 Untrusted Search Path vulnerability in multiple products
In Python 3.8.4, sys.path restrictions specified in a python38._pth file are ignored, allowing code to be loaded from arbitrary locations.
network
low complexity
python netapp CWE-426
critical
 9.8
9.8