Vulnerabilities (CVE)

Filtered by vendor Netapp Subscribe
Filtered by product Cloud Backup
Total 342 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-8752 2 Intel, Netapp 3 Active Management Technology Firmware, Standard Manageability, Cloud Backup 2024-11-21 7.5 HIGH 9.8 CRITICAL
Out-of-bounds write in IPv6 subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 14.0.45 may allow an unauthenticated user to potentially enable escalation of privileges via network access.
CVE-2020-8749 2 Intel, Netapp 2 Active Management Technology Firmware, Cloud Backup 2024-11-21 5.8 MEDIUM 8.8 HIGH
Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.
CVE-2020-8747 2 Intel, Netapp 2 Active Management Technology Firmware, Cloud Backup 2024-11-21 6.4 MEDIUM 9.1 CRITICAL
Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information disclosure and/or denial of service via network access.
CVE-2020-8746 2 Intel, Netapp 2 Active Management Technology Firmware, Cloud Backup 2024-11-21 3.3 LOW 6.5 MEDIUM
Integer overflow in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2020-8738 2 Intel, Netapp 345 Atom C3308, Atom C3336, Atom C3338 and 342 more 2024-11-21 4.6 MEDIUM 6.7 MEDIUM
Improper conditions check in Intel BIOS platform sample code for some Intel(R) Processors before may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2020-8703 3 Intel, Netapp, Siemens 368 B150, B250, B360 and 365 more 2024-11-21 4.6 MEDIUM 6.7 MEDIUM
Improper buffer restrictions in a subsystem in the Intel(R) CSME versions before 11.8.86, 11.12.86, 11.22.86, 12.0.81, 13.0.47, 13.30.17, 14.1.53, 14.5.32 and 15.0.22 may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2020-8700 2 Intel, Netapp 546 Bios, Core I3-l13g4, Core I5-l16g7 and 543 more 2024-11-21 4.6 MEDIUM 6.7 MEDIUM
Improper input validation in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2020-8670 3 Intel, Netapp, Siemens 567 Bios, Core I3-l13g4, Core I5-l16g7 and 564 more 2024-11-21 4.4 MEDIUM 6.4 MEDIUM
Race condition in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2020-8648 6 Broadcom, Canonical, Debian and 3 more 9 Brocade Fabric Operating System Firmware, Ubuntu Linux, Debian Linux and 6 more 2024-11-21 3.6 LOW 7.1 HIGH
There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common function in drivers/tty/n_tty.c.
CVE-2020-8625 5 Debian, Fedoraproject, Isc and 2 more 9 Debian Linux, Fedora, Bind and 6 more 2024-11-21 6.8 MEDIUM 8.1 HIGH
BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND's default settings the vulnerable code path is not exposed, but a server can be rendered vulnerable by explicitly setting valid values for the tkey-gssapi-keytab or tkey-gssapi-credentialconfiguration options. Although the default configuration is not vulnerable, GSS-TSIG is frequently used in networks where BIND is integrated with Samba, as well as in mixed-server environments that combine BIND servers with Active Directory domain controllers. The most likely outcome of a successful exploitation of the vulnerability is a crash of the named process. However, remote code execution, while unproven, is theoretically possible. Affects: BIND 9.5.0 -> 9.11.27, 9.12.0 -> 9.16.11, and versions BIND 9.11.3-S1 -> 9.11.27-S1 and 9.16.8-S1 -> 9.16.11-S1 of BIND Supported Preview Edition. Also release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch
CVE-2020-7656 4 Jquery, Juniper, Netapp and 1 more 7 Jquery, Junos, Active Iq Unified Manager and 4 more 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "<script>" HTML tags that contain a whitespace character, i.e: "</script >", which results in the enclosed script logic to be executed.
CVE-2020-5867 2 F5, Netapp 2 Nginx Controller, Cloud Backup 2024-11-21 6.8 MEDIUM 8.1 HIGH
In versions prior to 3.3.0, the NGINX Controller Agent installer script 'install.sh' uses HTTP instead of HTTPS to check and install packages
CVE-2020-5865 2 F5, Netapp 2 Nginx Controller, Cloud Backup 2024-11-21 5.8 MEDIUM 4.8 MEDIUM
In versions prior to 3.3.0, the NGINX Controller is configured to communicate with its Postgres database server over unencrypted channels, making the communicated data vulnerable to interception via man-in-the-middle (MiTM) attacks.
CVE-2020-5863 2 F5, Netapp 2 Nginx Controller, Cloud Backup 2024-11-21 7.5 HIGH 8.6 HIGH
In NGINX Controller versions prior to 3.2.0, an unauthenticated attacker with network access to the Controller API can create unprivileged user accounts. The user which is created is only able to upload a new license to the system but cannot view or modify any other components of the system.
CVE-2020-36189 4 Debian, Fasterxml, Netapp and 1 more 40 Debian Linux, Jackson-databind, Cloud Backup and 37 more 2024-11-21 6.8 MEDIUM 8.1 HIGH
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.
CVE-2020-36188 4 Debian, Fasterxml, Netapp and 1 more 45 Debian Linux, Jackson-databind, Cloud Backup and 42 more 2024-11-21 6.8 MEDIUM 8.1 HIGH
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource.
CVE-2020-36187 4 Debian, Fasterxml, Netapp and 1 more 45 Debian Linux, Jackson-databind, Cloud Backup and 42 more 2024-11-21 6.8 MEDIUM 8.1 HIGH
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.
CVE-2020-36186 4 Debian, Fasterxml, Netapp and 1 more 45 Debian Linux, Jackson-databind, Cloud Backup and 42 more 2024-11-21 6.8 MEDIUM 8.1 HIGH
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource.
CVE-2020-36185 4 Debian, Fasterxml, Netapp and 1 more 45 Debian Linux, Jackson-databind, Cloud Backup and 42 more 2024-11-21 6.8 MEDIUM 8.1 HIGH
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource.
CVE-2020-36184 4 Debian, Fasterxml, Netapp and 1 more 45 Debian Linux, Jackson-databind, Cloud Backup and 42 more 2024-11-21 6.8 MEDIUM 8.1 HIGH
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.