Vulnerabilities > Netapp > High

DATE CVE VULNERABILITY TITLE RISK
2020-01-17 CVE-2020-5398 Download of Code Without Integrity Check vulnerability in multiple products
In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a "Content-Disposition" header in the response where the filename attribute is derived from user supplied input.
network
high complexity
vmware oracle netapp CWE-494
7.5
2020-01-15 CVE-2020-2604 Deserialization of Untrusted Data vulnerability in multiple products
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization).
8.1
2019-12-24 CVE-2019-19956 Memory Leak vulnerability in multiple products
xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs.
7.5
2019-12-23 CVE-2019-12418 When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user names and passwords used to access the JMX interface.
local
high complexity
apache debian oracle canonical opensuse netapp
7.0
2019-12-17 CVE-2019-19816 Out-of-bounds Write vulnerability in multiple products
In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image and performing some operations can cause slab-out-of-bounds write access in __btrfs_map_block in fs/btrfs/volumes.c, because a value of 1 for the number of data stripes is mishandled.
local
low complexity
linux canonical debian netapp CWE-787
7.8
2019-12-17 CVE-2019-19813 Use After Free vulnerability in multiple products
In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in __mutex_lock in kernel/locking/mutex.c.
7.1
2019-12-09 CVE-2019-19646 Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products
pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns.
network
low complexity
sqlite siemens tenable oracle netapp CWE-754
7.5
2019-12-09 CVE-2019-19603 SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash.
network
low complexity
sqlite oracle siemens apache netapp
7.5
2019-12-08 CVE-2019-19448 Use After Free vulnerability in multiple products
In the Linux kernel 5.0.21 and 5.3.11, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in try_merge_free_space in fs/btrfs/free-space-cache.c because the pointer to a left data structure can be the same as the pointer to a right data structure.
local
low complexity
linux debian canonical netapp CWE-416
7.8
2019-12-08 CVE-2019-19447 Use After Free vulnerability in multiple products
In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c, related to dump_orphan_list in fs/ext4/super.c.
local
low complexity
linux netapp CWE-416
7.8