Vulnerabilities > Netapp > Snapcenter > High

DATE CVE VULNERABILITY TITLE RISK
2020-07-24 CVE-2020-8174 Integer Underflow (Wrap or Wraparound) vulnerability in multiple products
napi_get_value_string_*() allows various kinds of memory corruption in node < 10.21.0, 12.18.0, and < 14.4.0.
network
high complexity
nodejs oracle netapp CWE-191
8.1
2020-07-15 CVE-2020-14697 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges).
network
low complexity
oracle netapp canonical
7.2
2020-07-15 CVE-2020-14678 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges).
network
low complexity
netapp canonical oracle
7.2
2020-07-15 CVE-2020-14663 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges).
network
low complexity
netapp canonical oracle
7.2
2020-07-04 CVE-2020-15523 Use of Uninitialized Resource vulnerability in multiple products
In Python 3.6 through 3.6.10, 3.7 through 3.7.8, 3.8 through 3.8.4rc1, and 3.9 through 3.9.0b4 on Windows, a Trojan horse python3.dll might be used in cases where CPython is embedded in a native application.
local
low complexity
python netapp CWE-908
7.8
2020-04-21 CVE-2020-1967 NULL Pointer Dereference vulnerability in multiple products
Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension.
7.5
2020-01-17 CVE-2020-5398 Download of Code Without Integrity Check vulnerability in multiple products
In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a "Content-Disposition" header in the response where the filename attribute is derived from user supplied input.
network
high complexity
vmware oracle netapp CWE-494
7.5
2019-07-02 CVE-2019-5443 Uncontrolled Search Path Element vulnerability in multiple products
A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl <= 7.65.1 automatically run the code (as an openssl "engine") on invocation.
local
low complexity
haxx oracle netapp CWE-427
7.8
2019-01-16 CVE-2019-2534 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication).
network
low complexity
oracle canonical netapp redhat
7.1
2019-01-16 CVE-2019-2435 Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/Python).
network
low complexity
oracle netapp
8.1