Vulnerabilities > Netapp > High

DATE CVE VULNERABILITY TITLE RISK
2020-12-27 CVE-2020-35728 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).
network
high complexity
fasterxml debian netapp oracle CWE-502
8.1
2020-12-15 CVE-2020-29569 Use After Free vulnerability in multiple products
An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x.
local
low complexity
xen linux netapp debian CWE-416
8.8
2020-12-14 CVE-2020-8286 Improper Certificate Validation vulnerability in multiple products
curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response.
7.5
2020-12-14 CVE-2020-8285 Uncontrolled Recursion vulnerability in multiple products
curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing.
7.5
2020-12-11 CVE-2020-27730 Path Traversal vulnerability in multiple products
In versions 3.0.0-3.9.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller Agent does not use absolute paths when calling system utilities.
network
low complexity
f5 netapp CWE-22
7.5
2020-12-11 CVE-2020-27786 Use After Free vulnerability in multiple products
A flaw was found in the Linux kernel’s implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue.
local
low complexity
linux redhat netapp CWE-416
7.8
2020-12-09 CVE-2020-29661 Improper Locking vulnerability in multiple products
A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.
7.8
2020-12-08 CVE-2020-25692 NULL Pointer Dereference vulnerability in multiple products
A NULL pointer dereference was found in OpenLDAP server and was fixed in openldap 2.4.55, during a request for renaming RDNs.
network
low complexity
openldap redhat netapp CWE-476
7.5
2020-12-06 CVE-2020-29573 Out-of-bounds Write vulnerability in multiple products
sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern, as seen when passing a \x00\x04\x00\x00\x00\x00\x00\x00\x00\x04 value to sprintf.
network
low complexity
gnu redhat netapp CWE-787
7.5
2020-12-03 CVE-2020-17527 Information Exposure vulnerability in multiple products
While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream.
network
low complexity
apache netapp debian oracle CWE-200
7.5