Vulnerabilities > Netapp > High

DATE CVE VULNERABILITY TITLE RISK
2021-03-19 CVE-2020-25097 HTTP Request Smuggling vulnerability in multiple products
An issue was discovered in Squid through 4.13 and 5.x through 5.0.4.
network
low complexity
squid-cache debian fedoraproject netapp CWE-444
8.6
2021-03-17 CVE-2021-28660 Out-of-bounds Write vulnerability in multiple products
rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel through 5.11.6 allows writing beyond the end of the ->ssid[] array.
8.8
2021-03-15 CVE-2021-26987 Element Plug-in for vCenter Server incorporates SpringBoot Framework.
network
low complexity
vmware netapp
7.5
2021-03-15 CVE-2021-28375 Missing Authorization vulnerability in multiple products
An issue was discovered in the Linux kernel through 5.11.6.
local
low complexity
linux fedoraproject netapp CWE-862
7.8
2021-03-11 CVE-2020-5025 Classic Buffer Overflow vulnerability in multiple products
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 db2fm is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges.
local
low complexity
ibm netapp CWE-120
7.2
2021-03-09 CVE-2020-35524 Out-of-bounds Write vulnerability in multiple products
A heap-based buffer overflow flaw was found in libtiff in the handling of TIFF images in libtiff's TIFF2PDF tool.
7.8
2021-03-09 CVE-2020-35523 Integer Overflow or Wraparound vulnerability in multiple products
An integer overflow flaw was found in libtiff that exists in the tif_getimage.c file.
local
low complexity
libtiff debian netapp redhat CWE-190
7.8
2021-03-05 CVE-2021-28041 Double Free vulnerability in multiple products
ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host.
network
high complexity
openbsd fedoraproject netapp oracle CWE-415
7.1
2021-03-03 CVE-2021-22884 Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes “localhost6”.
network
high complexity
nodejs fedoraproject netapp oracle siemens
7.5
2021-03-03 CVE-2021-22883 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection attempts with an 'unknownProtocol' are established.
network
low complexity
nodejs fedoraproject netapp oracle siemens CWE-772
7.5