Vulnerabilities > Netapp > High

DATE CVE VULNERABILITY TITLE RISK
2020-12-03 CVE-2020-25649 XXE vulnerability in multiple products
A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly.
7.5
2020-12-02 CVE-2020-14305 Out-of-bounds Write vulnerability in multiple products
An out-of-bounds memory write flaw was found in how the Linux kernel’s Voice Over IP H.323 connection tracking functionality handled connections on ipv6 port 1720.
network
high complexity
linux netapp CWE-787
8.1
2020-11-28 CVE-2020-29370 Race Condition vulnerability in multiple products
An issue was discovered in kmem_cache_alloc_bulk in mm/slub.c in the Linux kernel before 5.5.11.
local
high complexity
linux netapp CWE-362
7.0
2020-11-28 CVE-2020-29369 Race Condition vulnerability in multiple products
An issue was discovered in mm/mmap.c in the Linux kernel before 5.7.11.
local
high complexity
linux netapp CWE-362
7.0
2020-11-28 CVE-2020-29368 Race Condition vulnerability in multiple products
An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5.
local
high complexity
linux netapp CWE-362
7.0
2020-11-18 CVE-2020-28366 Code Injection vulnerability in multiple products
Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file.
network
high complexity
golang fedoraproject netapp CWE-94
7.5
2020-11-18 CVE-2020-28362 Improper Certificate Validation vulnerability in multiple products
Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service.
network
low complexity
golang fedoraproject netapp CWE-295
7.5
2020-11-16 CVE-2020-26217 OS Command Injection vulnerability in multiple products
XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream.
network
low complexity
xstream-project debian netapp apache oracle CWE-78
8.8
2020-11-12 CVE-2020-8760 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 14.0.45 may allow a privileged user to potentially enable escalation of privilege via local access.
local
low complexity
intel netapp CWE-190
7.8
2020-11-12 CVE-2020-8754 Out-of-bounds Read vulnerability in multiple products
Out-of-bounds read in subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information disclosure via network access.
network
low complexity
intel netapp CWE-125
7.5