Vulnerabilities > Netapp > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-12-09 CVE-2020-16592 Use After Free vulnerability in multiple products
A use after free issue exists in the Binary File Descriptor (BFD) library (aka libbfd) in GNU Binutils 2.34 in bfd_hash_lookup, as demonstrated in nm-new, that can cause a denial of service via a crafted file.
local
low complexity
gnu netapp fedoraproject CWE-416
5.5
2020-12-09 CVE-2020-16591 Out-of-bounds Read vulnerability in multiple products
A Denial of Service vulnerability exists in the Binary File Descriptor (BFD) in GNU Binutils 2.35 due to an invalid read in process_symbol_table, as demonstrated in readeif.
local
low complexity
gnu netapp CWE-125
5.5
2020-12-09 CVE-2020-16590 Double Free vulnerability in multiple products
A double free vulnerability exists in the Binary File Descriptor (BFD) (aka libbrd) in GNU Binutils 2.35 in the process_symbol_table, as demonstrated in readelf, via a crafted file.
local
low complexity
gnu netapp CWE-415
5.5
2020-12-09 CVE-2020-29660 Improper Locking vulnerability in multiple products
A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.
4.4
2020-12-08 CVE-2020-1971 NULL Pointer Dereference vulnerability in multiple products
The X.509 GeneralName type is a generic type for representing different types of names.
5.9
2020-12-07 CVE-2020-17521 Apache Groovy provides extension methods to aid with creating temporary directories.
local
low complexity
apache netapp oracle
5.5
2020-12-04 CVE-2020-29562 Reachable Assertion vulnerability in multiple products
The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.
network
high complexity
gnu fedoraproject netapp CWE-617
4.8
2020-12-03 CVE-2020-27783 Cross-site Scripting vulnerability in multiple products
A XSS vulnerability was discovered in python-lxml's clean module.
6.1
2020-12-03 CVE-2020-25711 Missing Authorization vulnerability in multiple products
A flaw was found in infinispan 10 REST API, where authorization permissions are not checked while performing some server management operations.
network
low complexity
infinispan redhat netapp CWE-862
6.5
2020-12-02 CVE-2020-13956 Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.
network
low complexity
apache quarkus oracle netapp
5.3