Vulnerabilities > Netapp > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-02-19 CVE-2020-4135 IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow an unauthenticated user to send specially crafted packets to cause a denial of service from excessive memory usage.
network
low complexity
ibm netapp
5.0
2020-02-14 CVE-2020-8992 Excessive Iteration vulnerability in multiple products
ext4_protect_reserved_inode in fs/ext4/block_validity.c in the Linux kernel through 5.5.3 allows attackers to cause a denial of service (soft lockup) via a crafted journal size.
local
low complexity
linux canonical opensuse netapp CWE-834
4.9
2020-02-13 CVE-2019-14598 Improper Authentication vulnerability in multiple products
Improper Authentication in subsystem in Intel(R) CSME versions 12.0 through 12.0.48 (IOT only: 12.0.56), versions 13.0 through 13.0.20, versions 14.0 through 14.0.10 may allow a privileged user to potentially enable escalation of privilege, denial of service or information disclosure via local access.
local
low complexity
intel netapp CWE-287
4.6
2020-02-02 CVE-2019-20446 Resource Exhaustion vulnerability in multiple products
In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing.
6.5
2020-01-29 CVE-2013-3321 Inclusion of Functionality from Untrusted Control Sphere vulnerability in Netapp Oncommand System Manager 2.0.2/2.1
NetApp OnCommand System Manager 2.1 and earlier allows remote attackers to include arbitrary files through specially crafted requests to the "diagnostic" page using the SnapMirror log path parameter.
network
netapp CWE-829
6.0
2020-01-29 CVE-2013-3320 Cross-site Scripting vulnerability in Netapp Oncommand System Manager 2.0.2/2.1
Cross-site Scripting (XSS) vulnerability in NetApp OnCommand System Manager before 2.2 allows remote attackers to inject arbitrary web script or HTML via the 'full-name' and 'comment' fields.
network
netapp CWE-79
4.3
2020-01-23 CVE-2019-14888 A vulnerability was found in the Undertow HTTP server in versions before 2.0.28.SP1 when listening on HTTPS.
network
low complexity
redhat netapp
5.0
2020-01-16 CVE-2019-18282 Use of Insufficiently Random Values vulnerability in multiple products
The flow_dissector feature in the Linux kernel 4.3 through 5.x before 5.3.10 has a device tracking vulnerability, aka CID-55667441c84f.
network
low complexity
linux debian netapp CWE-330
5.0
2020-01-15 CVE-2020-2686 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).
network
low complexity
oracle canonical netapp
4.0
2020-01-15 CVE-2020-2679 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).
network
low complexity
oracle canonical netapp
4.0