Vulnerabilities > Netapp > High

DATE CVE VULNERABILITY TITLE RISK
2020-03-18 CVE-2020-10673 FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).
network
low complexity
fasterxml debian netapp oracle
8.8
2020-03-18 CVE-2020-10672 FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).
network
low complexity
fasterxml debian netapp oracle
8.8
2020-03-16 CVE-2020-7919 Improper Certificate Validation vulnerability in multiple products
Go before 1.12.16 and 1.13.x before 1.13.7 (and the crypto/cryptobyte package before 0.0.0-20200124225646-8b5121be2f68 for Go) allows attacks on clients (resulting in a panic) via a malformed X.509 certificate.
network
low complexity
golang debian fedoraproject netapp CWE-295
7.5
2020-03-05 CVE-2020-9402 SQL Injection vulnerability in multiple products
Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allows SQL Injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle.
8.8
2020-02-26 CVE-2019-17275 Unspecified vulnerability in Netapp Oncommand Cloud Manager
OnCommand Cloud Manager versions prior to 3.8.0 are susceptible to arbitrary code execution by remote attackers.
network
low complexity
netapp
7.5
2020-02-26 CVE-2019-17274 Insecure Default Initialization of Resource vulnerability in Netapp products
NetApp FAS 8300/8700 and AFF A400 Baseboard Management Controller (BMC) firmware versions 13.x prior to 13.1P1 were shipped with a default account enabled that could allow unauthorized arbitrary command execution via local access.
local
low complexity
netapp CWE-1188
7.2
2020-02-25 CVE-2020-9383 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in the Linux kernel 3.16 through 5.5.6.
local
low complexity
linux debian opensuse canonical netapp CWE-125
7.1
2020-02-04 CVE-2019-9674 Resource Exhaustion vulnerability in multiple products
Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb.
network
low complexity
python canonical netapp CWE-400
7.5
2020-01-21 CVE-2020-7595 Infinite Loop vulnerability in multiple products
xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.
7.5
2020-01-21 CVE-2019-20388 Memory Leak vulnerability in multiple products
xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.
7.5