Vulnerabilities > Netapp > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-12-03 | CVE-2020-25649 | XXE vulnerability in multiple products A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. | 7.5 |
2020-12-02 | CVE-2020-14305 | Out-of-bounds Write vulnerability in multiple products An out-of-bounds memory write flaw was found in how the Linux kernel’s Voice Over IP H.323 connection tracking functionality handled connections on ipv6 port 1720. | 8.1 |
2020-11-28 | CVE-2020-29370 | Race Condition vulnerability in multiple products An issue was discovered in kmem_cache_alloc_bulk in mm/slub.c in the Linux kernel before 5.5.11. | 7.0 |
2020-11-28 | CVE-2020-29369 | Race Condition vulnerability in multiple products An issue was discovered in mm/mmap.c in the Linux kernel before 5.7.11. | 7.0 |
2020-11-28 | CVE-2020-29368 | Race Condition vulnerability in multiple products An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. | 7.0 |
2020-11-18 | CVE-2020-28366 | Code Injection vulnerability in multiple products Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file. | 7.5 |
2020-11-18 | CVE-2020-28362 | Improper Certificate Validation vulnerability in multiple products Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service. | 7.5 |
2020-11-16 | CVE-2020-26217 | OS Command Injection vulnerability in multiple products XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. | 8.8 |
2020-11-13 | CVE-2020-8583 | Unspecified vulnerability in Netapp Element OS and HCI Element Software versions prior to 12.2 and HCI versions prior to 1.8P1 are susceptible to a vulnerability which could allow an attacker to discover sensitive information by intercepting its transmission within an https session. | 7.5 |
2020-11-12 | CVE-2020-8760 | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 14.0.45 may allow a privileged user to potentially enable escalation of privilege via local access. | 7.8 |