Vulnerabilities > Netapp > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-12-17 | CVE-2020-35491 | Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource. | 8.1 |
2020-12-17 | CVE-2020-35490 | Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource. | 8.1 |
2020-12-15 | CVE-2020-29569 | Use After Free vulnerability in multiple products An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. | 8.8 |
2020-12-14 | CVE-2020-8286 | Improper Certificate Validation vulnerability in multiple products curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response. | 7.5 |
2020-12-14 | CVE-2020-8285 | Uncontrolled Recursion vulnerability in multiple products curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing. | 7.5 |
2020-12-11 | CVE-2020-27786 | Use After Free vulnerability in multiple products A flaw was found in the Linux kernel’s implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. | 7.8 |
2020-12-09 | CVE-2020-29661 | Improper Locking vulnerability in multiple products A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. | 7.8 |
2020-12-08 | CVE-2020-25692 | NULL Pointer Dereference vulnerability in multiple products A NULL pointer dereference was found in OpenLDAP server and was fixed in openldap 2.4.55, during a request for renaming RDNs. | 7.5 |
2020-12-06 | CVE-2020-29573 | Out-of-bounds Write vulnerability in multiple products sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern, as seen when passing a \x00\x04\x00\x00\x00\x00\x00\x00\x00\x04 value to sprintf. | 7.5 |
2020-12-03 | CVE-2020-17527 | Information Exposure vulnerability in multiple products While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. | 7.5 |