Vulnerabilities > Netapp > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-19 | CVE-2020-4135 | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow an unauthenticated user to send specially crafted packets to cause a denial of service from excessive memory usage. | 5.0 |
| 2020-02-14 | CVE-2020-8992 | Excessive Iteration vulnerability in multiple products ext4_protect_reserved_inode in fs/ext4/block_validity.c in the Linux kernel through 5.5.3 allows attackers to cause a denial of service (soft lockup) via a crafted journal size. | 4.9 |
| 2020-02-13 | CVE-2019-14598 | Improper Authentication vulnerability in multiple products Improper Authentication in subsystem in Intel(R) CSME versions 12.0 through 12.0.48 (IOT only: 12.0.56), versions 13.0 through 13.0.20, versions 14.0 through 14.0.10 may allow a privileged user to potentially enable escalation of privilege, denial of service or information disclosure via local access. | 4.6 |
| 2020-02-02 | CVE-2019-20446 | Resource Exhaustion vulnerability in multiple products In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. | 6.5 |
| 2020-01-29 | CVE-2013-3321 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Netapp Oncommand System Manager 2.0.2/2.1 NetApp OnCommand System Manager 2.1 and earlier allows remote attackers to include arbitrary files through specially crafted requests to the "diagnostic" page using the SnapMirror log path parameter. | 6.0 |
| 2020-01-29 | CVE-2013-3320 | Cross-site Scripting vulnerability in Netapp Oncommand System Manager 2.0.2/2.1 Cross-site Scripting (XSS) vulnerability in NetApp OnCommand System Manager before 2.2 allows remote attackers to inject arbitrary web script or HTML via the 'full-name' and 'comment' fields. | 4.3 |
| 2020-01-23 | CVE-2019-14888 | A vulnerability was found in the Undertow HTTP server in versions before 2.0.28.SP1 when listening on HTTPS. | 5.0 |
| 2020-01-16 | CVE-2019-18282 | Use of Insufficiently Random Values vulnerability in multiple products The flow_dissector feature in the Linux kernel 4.3 through 5.x before 5.3.10 has a device tracking vulnerability, aka CID-55667441c84f. | 5.0 |
| 2020-01-15 | CVE-2020-2686 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 4.0 |
| 2020-01-15 | CVE-2020-2679 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 4.0 |