Vulnerabilities > Netapp > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-11-28 CVE-2020-27218 In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that is received entirely but not consumed by the application, then a subsequent request on the same connection will see that body prepended to its body.
network
high complexity
eclipse netapp oracle apache debian
4.8
2020-11-23 CVE-2020-15436 Use After Free vulnerability in multiple products
Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field.
local
low complexity
linux broadcom netapp CWE-416
6.7
2020-11-13 CVE-2020-8582 Unspecified vulnerability in Netapp Element OS and HCI
Element Software versions prior to 12.2 and HCI versions prior to 1.8P1 are susceptible to a vulnerability which could allow an authenticated user to view sensitive information.
network
low complexity
netapp
6.5
2020-11-12 CVE-2020-8764 Improper access control in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.
local
low complexity
intel netapp
6.7
2020-11-12 CVE-2020-8757 Out-of-bounds Read vulnerability in multiple products
Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow a privileged user to potentially enable escalation of privilege via local access.
local
low complexity
intel netapp CWE-125
6.7
2020-11-12 CVE-2020-8746 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
low complexity
intel netapp CWE-190
6.5
2020-11-12 CVE-2020-8740 Out-of-bounds Write vulnerability in multiple products
Out of bounds write in Intel BIOS platform sample code for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.
local
low complexity
intel netapp CWE-787
6.7
2020-11-12 CVE-2020-8738 Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products
Improper conditions check in Intel BIOS platform sample code for some Intel(R) Processors before may allow a privileged user to potentially enable escalation of privilege via local access.
local
low complexity
intel netapp CWE-754
6.7
2020-11-12 CVE-2020-8698 Exposure of Resource to Wrong Sphere vulnerability in multiple products
Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
5.5
2020-11-12 CVE-2020-8696 Improper Cross-boundary Removal of Sensitive Data vulnerability in multiple products
Improper removal of sensitive information before storage or transfer in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
local
low complexity
intel netapp fedoraproject debian CWE-212
5.5