Vulnerabilities > Netapp > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-01-31 CVE-2013-3322 OS Command Injection vulnerability in Netapp Oncommand System Manager 2.0.2/2.1
NetApp OnCommand System Manager 2.1 and earlier allows remote attackers to inject arbitrary commands in the Halt/Reboot interface.
network
low complexity
netapp CWE-78
critical
 9.0
9.0
2020-01-03 CVE-2019-20330 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking.
network
low complexity
fasterxml oracle debian netapp CWE-502
critical
 9.8
9.8
2019-12-20 CVE-2019-17571 Deserialization of Untrusted Data vulnerability in multiple products
Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data.
network
low complexity
apache debian canonical opensuse netapp oracle CWE-502
critical
 9.8
9.8
2019-10-12 CVE-2019-17531 Deserialization of Untrusted Data vulnerability in multiple products
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10.
network
low complexity
fasterxml debian redhat oracle netapp CWE-502
critical
 9.8
9.8
2019-10-07 CVE-2019-17267 Deserialization of Untrusted Data vulnerability in multiple products
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10.
network
low complexity
fasterxml netapp debian redhat oracle CWE-502
critical
 9.8
9.8
2019-10-01 CVE-2019-16943 Deserialization of Untrusted Data vulnerability in multiple products
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10.
network
low complexity
fasterxml debian fedoraproject redhat oracle netapp CWE-502
critical
 9.8
9.8
2019-10-01 CVE-2019-16942 Deserialization of Untrusted Data vulnerability in multiple products
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10.
network
low complexity
fasterxml debian fedoraproject redhat netapp oracle CWE-502
critical
 9.8
9.8
2019-09-16 CVE-2019-5482 Out-of-bounds Write vulnerability in multiple products
Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.
network
low complexity
haxx fedoraproject opensuse netapp oracle debian CWE-787
critical
 9.8
9.8
2019-09-16 CVE-2019-5481 Double Free vulnerability in multiple products
Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.
network
low complexity
haxx fedoraproject netapp oracle debian opensuse CWE-415
critical
 9.8
9.8
2019-09-15 CVE-2019-16335 Deserialization of Untrusted Data vulnerability in multiple products
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10.
network
low complexity
fasterxml fedoraproject debian netapp redhat oracle CWE-502
critical
 9.8
9.8