Vulnerabilities > Netapp > High

DATE CVE VULNERABILITY TITLE RISK
2021-05-28 CVE-2021-29505 Deserialization of Untrusted Data vulnerability in multiple products
XStream is software for serializing Java objects to XML and back again.
8.8
2021-05-28 CVE-2021-33587 The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure that attribute parsing has Linear Time Complexity relative to the size of the input.
network
low complexity
css-what-project netapp
7.5
2021-05-28 CVE-2021-33623 Resource Exhaustion vulnerability in multiple products
The trim-newlines package before 3.0.1 and 4.x before 4.0.1 for Node.js has an issue related to regular expression denial-of-service (ReDoS) for the .end() method.
network
low complexity
trim-newlines-project netapp debian CWE-400
7.5
2021-05-27 CVE-2021-22118 Exposure of Resource to Wrong Sphere vulnerability in multiple products
In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFlux application, or overwrite arbitrary files with multipart request data.
local
low complexity
vmware oracle netapp CWE-668
7.8
2021-05-27 CVE-2021-33200 Out-of-bounds Write vulnerability in multiple products
kernel/bpf/verifier.c in the Linux kernel through 5.12.7 enforces incorrect limits for pointer arithmetic operations, aka CID-bb01a1bba579.
local
low complexity
linux fedoraproject netapp CWE-787
7.8
2021-05-27 CVE-2021-28651 Memory Leak vulnerability in multiple products
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6.
network
low complexity
squid-cache debian fedoraproject netapp CWE-401
7.5
2021-05-26 CVE-2021-25217 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
In ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16, ISC DHCP 4.4.0 -> 4.4.2 (Other branches of ISC DHCP (i.e., releases in the 4.0.x series or lower and releases in the 4.3.x series) are beyond their End-of-Life (EOL) and no longer supported by ISC.
7.4
2021-05-26 CVE-2020-27815 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A flaw was found in the JFS filesystem code in the Linux Kernel which allows a local attacker with the ability to set extended attributes to panic the system, causing memory corruption or escalating privileges.
local
low complexity
linux debian netapp CWE-119
7.8
2021-05-26 CVE-2020-25668 Improper Synchronization vulnerability in multiple products
A flaw was found in Linux Kernel because access to the global variable fg_console is not properly synchronized leading to a use after free in con_font_op.
local
high complexity
linux debian netapp CWE-662
7.0
2021-05-26 CVE-2020-25669 Use After Free vulnerability in multiple products
A vulnerability was found in the Linux Kernel where the function sunkbd_reinit having been scheduled by sunkbd_interrupt before sunkbd being freed.
local
low complexity
linux debian netapp CWE-416
7.8