Vulnerabilities > Netapp > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-29 | CVE-2020-14002 | Information Exposure Through Discrepancy vulnerability in multiple products PuTTY 0.68 through 0.73 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. | 5.9 |
| 2020-06-29 | CVE-2020-8573 | Use of Hard-coded Credentials vulnerability in Netapp HCI H610S Firmware The NetApp HCI H610C, H615C and H610S Baseboard Management Controllers (BMC) are shipped with a documented default account and password that should be changed during the initial node setup. | 6.5 |
| 2020-06-26 | CVE-2020-10727 | Insufficiently Protected Credentials vulnerability in multiple products A flaw was found in ActiveMQ Artemis management API from version 2.7.0 up until 2.12.0, where a user inadvertently stores passwords in plaintext in the Artemis shadow file (etc/artemis-users.properties file) when executing the `resetUsers` operation. | 5.5 |
| 2020-06-24 | CVE-2020-15025 | Memory Leak vulnerability in multiple products ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service (memory consumption) by sending packets, because memory is not freed in situations where a CMAC key is used and associated with a CMAC algorithm in the ntp.keys file. | 4.9 |
| 2020-06-17 | CVE-2020-8619 | Improper Resource Shutdown or Release vulnerability in multiple products In ISC BIND9 versions BIND 9.11.14 -> 9.11.19, BIND 9.14.9 -> 9.14.12, BIND 9.16.0 -> 9.16.3, BIND Supported Preview Edition 9.11.14-S1 -> 9.11.19-S1: Unless a nameserver is providing authoritative service for one or more zones and at least one zone contains an empty non-terminal entry containing an asterisk ("*") character, this defect cannot be encountered. | 4.9 |
| 2020-06-17 | CVE-2020-8618 | Reachable Assertion vulnerability in multiple products An attacker who is permitted to send zone data to a server via zone transfer can exploit this to intentionally trigger the assertion failure with a specially constructed zone, denying service to clients. | 4.9 |
| 2020-06-15 | CVE-2020-4051 | Cross-site Scripting vulnerability in multiple products In Dijit before versions 1.11.11, and greater than or equal to 1.12.0 and less than 1.12.9, and greater than or equal to 1.13.0 and less than 1.13.8, and greater than or equal to 1.14.0 and less than 1.14.7, and greater than or equal to 1.15.0 and less than 1.15.4, and greater than or equal to 1.16.0 and less than 1.16.3, there is a cross-site scripting vulnerability in the Editor's LinkDialog plugin. | 5.4 |
| 2020-06-15 | CVE-2020-14155 | Integer Overflow or Wraparound vulnerability in multiple products libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring. | 5.3 |
| 2020-06-12 | CVE-2020-10732 | Use of Uninitialized Resource vulnerability in multiple products A flaw was found in the Linux kernel's implementation of Userspace core dumps. | 4.4 |
| 2020-06-09 | CVE-2020-7456 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products In FreeBSD 12.1-STABLE before r361918, 12.1-RELEASE before p6, 11.4-STABLE before r361919, 11.3-RELEASE before p10, and 11.4-RC2 before p1, an invalid memory location may be used for HID items if the push/pop level is not restored within the processing of that HID item allowing an attacker with physical access to a USB port to be able to use a specially crafted USB device to gain kernel or user-space code execution. | 6.8 |