Vulnerabilities > Netapp > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-01-04 CVE-2020-35507 NULL Pointer Dereference vulnerability in multiple products
There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference.
local
low complexity
gnu redhat netapp broadcom CWE-476
5.5
2021-01-04 CVE-2020-35496 NULL Pointer Dereference vulnerability in multiple products
There's a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference.
local
low complexity
gnu fedoraproject netapp broadcom CWE-476
5.5
2021-01-04 CVE-2020-35495 NULL Pointer Dereference vulnerability in multiple products
There's a flaw in binutils /bfd/pef.c.
local
low complexity
gnu fedoraproject netapp broadcom CWE-476
5.5
2021-01-04 CVE-2020-35494 Use of Uninitialized Resource vulnerability in multiple products
There's a flaw in binutils /opcodes/tic4x-dis.c.
local
low complexity
gnu fedoraproject netapp broadcom CWE-908
6.1
2021-01-04 CVE-2020-35493 Improper Input Validation vulnerability in multiple products
A flaw exists in binutils in bfd/pef.c.
local
low complexity
gnu fedoraproject netapp broadcom CWE-20
5.5
2020-12-17 CVE-2020-35491 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.
6.8
2020-12-17 CVE-2020-35490 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.
6.8
2020-12-14 CVE-2020-29511 The encoding/xml package in Go (all versions) does not correctly preserve the semantics of element namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications.
network
high complexity
golang netapp
5.6
2020-12-14 CVE-2020-29510 The encoding/xml package in Go versions 1.15 and earlier does not correctly preserve the semantics of directives during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications.
network
golang netapp
6.8
2020-12-14 CVE-2020-29509 The encoding/xml package in Go (all versions) does not correctly preserve the semantics of attribute namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications.
network
high complexity
golang netapp
5.6