Vulnerabilities > Netapp > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-06-16 CVE-2020-14195 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).
6.8
2020-06-15 CVE-2020-4051 Cross-site Scripting vulnerability in multiple products
In Dijit before versions 1.11.11, and greater than or equal to 1.12.0 and less than 1.12.9, and greater than or equal to 1.13.0 and less than 1.13.8, and greater than or equal to 1.14.0 and less than 1.14.7, and greater than or equal to 1.15.0 and less than 1.15.4, and greater than or equal to 1.16.0 and less than 1.16.3, there is a cross-site scripting vulnerability in the Editor's LinkDialog plugin.
network
low complexity
openjsf debian netapp CWE-79
5.4
2020-06-15 CVE-2020-14155 Integer Overflow or Wraparound vulnerability in multiple products
libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.
network
low complexity
pcre apple gitlab oracle netapp splunk CWE-190
5.3
2020-06-12 CVE-2020-10732 Use of Uninitialized Resource vulnerability in multiple products
A flaw was found in the Linux kernel's implementation of Userspace core dumps.
local
low complexity
linux opensuse canonical netapp CWE-908
4.4
2020-06-10 CVE-2020-10705 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
A flaw was discovered in Undertow in versions before Undertow 2.1.1.Final where certain requests to the "Expect: 100-continue" header may cause an out of memory error.
network
low complexity
redhat netapp CWE-770
5.0
2020-06-04 CVE-2020-13817 Use of Insufficiently Random Values vulnerability in multiple products
ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets.
5.8
2020-06-03 CVE-2020-13596 Cross-site Scripting vulnerability in multiple products
An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7.
6.1
2020-06-03 CVE-2020-13254 Improper Certificate Validation vulnerability in multiple products
An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7.
5.9
2020-06-03 CVE-2020-13776 Improper Privilege Management vulnerability in multiple products
systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were intended.
6.7
2020-05-28 CVE-2020-13645 Improper Certificate Validation vulnerability in multiple products
In GNOME glib-networking through 2.64.2, the implementation of GTlsClientConnection skips hostname verification of the server's TLS certificate if the application fails to specify the expected server identity.
6.5