High

DATE	CVE	VULNERABILITY TITLE	RISK
2020-07-13	CVE-2019-20907	Infinite Loop vulnerability in multiple products In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation. network low complexity python opensuse debian fedoraproject canonical netapp oracle CWE-835	7.5
2020-07-04	CVE-2020-15523	Use of Uninitialized Resource vulnerability in multiple products In Python 3.6 through 3.6.10, 3.7 through 3.7.8, 3.8 through 3.8.4rc1, and 3.9 through 3.9.0b4 on Windows, a Trojan horse python3.dll might be used in cases where CPython is embedded in a native application. local low complexity python netapp CWE-908	7.8
2020-06-30	CVE-2020-14058	An issue was discovered in Squid before 4.12 and 5.x before 5.0.3. network low complexity squid-cache fedoraproject netapp	7.5
2020-06-26	CVE-2020-11996	A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. network low complexity apache canonical oracle opensuse debian netapp	7.5
2020-06-22	CVE-2020-14966	Improper Verification of Cryptographic Signature vulnerability in multiple products An issue was discovered in the jsrsasign package through 8.0.18 for Node.js. network low complexity jsrsasign-project netapp CWE-347	7.5
2020-06-16	CVE-2020-14195	Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity). network high complexity fasterxml netapp debian oracle CWE-502	8.1
2020-06-14	CVE-2020-14060	Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill). network high complexity fasterxml netapp oracle CWE-502	8.1
2020-06-14	CVE-2020-14062	Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2). network high complexity fasterxml netapp debian oracle CWE-502	8.1
2020-06-14	CVE-2020-14061	Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms). network high complexity fasterxml netapp debian oracle CWE-502	8.1
2020-06-10	CVE-2020-10705	Allocation of Resources Without Limits or Throttling vulnerability in multiple products A flaw was discovered in Undertow in versions before Undertow 2.1.1.Final where certain requests to the "Expect: 100-continue" header may cause an out of memory error. network low complexity redhat netapp CWE-770	7.5