Vulnerabilities > Netapp > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-13 | CVE-2020-1730 | NULL Pointer Dereference vulnerability in multiple products A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR (or DES ciphers if enabled) ciphers. | 5.3 |
| 2020-04-10 | CVE-2020-8832 | Information Exposure vulnerability in multiple products The fix for the Linux kernel in Ubuntu 18.04 LTS for CVE-2019-14615 ("The Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors.") was discovered to be incomplete, meaning that in versions of the kernel before 4.15.0-91.92, an attacker could use this vulnerability to expose sensitive information. | 5.5 |
| 2020-04-08 | CVE-2019-20636 | Out-of-bounds Write vulnerability in multiple products In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bounds writes via a crafted keycode table, as demonstrated by input_set_keycode, aka CID-cb222aed03d7. | 6.7 |
| 2020-04-02 | CVE-2020-1927 | Open Redirect vulnerability in multiple products In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL. | 6.1 |
| 2020-04-01 | CVE-2020-1954 | Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. | 5.3 |
| 2020-03-24 | CVE-2019-17276 | Cross-site Scripting vulnerability in Netapp Oncommand System Manager 9.3/9.4 OnCommand System Manager versions 9.3 prior to 9.3P18 and 9.4 prior to 9.4P2 are susceptible to a cross site scripting vulnerability that could allow an authenticated attacker to inject arbitrary scripts into the SNMP Community Names label field. | 5.4 |
| 2020-03-04 | CVE-2020-10029 | Out-of-bounds Write vulnerability in multiple products The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets. | 5.5 |
| 2020-02-25 | CVE-2020-9391 | Out-of-bounds Write vulnerability in multiple products An issue was discovered in the Linux kernel 5.4 and 5.5 through 5.5.6 on the AArch64 architecture. | 5.5 |
| 2020-02-24 | CVE-2020-1935 | HTTP Request Smuggling vulnerability in multiple products In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. | 4.8 |
| 2020-02-24 | CVE-2019-17569 | HTTP Request Smuggling vulnerability in multiple products The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. | 4.8 |