Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2021-01-04	CVE-2020-35507	NULL Pointer Dereference vulnerability in multiple products There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. local low complexity gnu redhat netapp broadcom CWE-476	5.5
2021-01-04	CVE-2020-35496	NULL Pointer Dereference vulnerability in multiple products There's a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. local low complexity gnu fedoraproject netapp broadcom CWE-476	5.5
2021-01-04	CVE-2020-35495	NULL Pointer Dereference vulnerability in multiple products There's a flaw in binutils /bfd/pef.c. local low complexity gnu fedoraproject netapp broadcom CWE-476	5.5
2021-01-04	CVE-2020-35494	Use of Uninitialized Resource vulnerability in multiple products There's a flaw in binutils /opcodes/tic4x-dis.c. local low complexity gnu fedoraproject netapp broadcom CWE-908	6.1
2021-01-04	CVE-2020-35493	Improper Input Validation vulnerability in multiple products A flaw exists in binutils in bfd/pef.c. local low complexity gnu fedoraproject netapp broadcom CWE-20	5.5
2020-12-17	CVE-2020-35491	Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource. network fasterxml netapp debian oracle CWE-502	6.8
2020-12-17	CVE-2020-35490	Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource. network fasterxml netapp debian oracle CWE-502	6.8
2020-12-14	CVE-2020-29511	The encoding/xml package in Go (all versions) does not correctly preserve the semantics of element namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications. network high complexity golang netapp	5.6
2020-12-14	CVE-2020-29510	The encoding/xml package in Go versions 1.15 and earlier does not correctly preserve the semantics of directives during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications. network golang netapp	6.8
2020-12-14	CVE-2020-29509	The encoding/xml package in Go (all versions) does not correctly preserve the semantics of attribute namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications. network high complexity golang netapp	5.6