Vulnerabilities (CVE)

Filtered by vendor Netapp Subscribe
Filtered by product Max Data
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-11022 8 Debian, Drupal, Fedoraproject and 5 more 78 Debian Linux, Drupal, Fedora and 75 more 2024-02-04 4.3 MEDIUM 6.1 MEDIUM
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
CVE-2020-11023 7 Debian, Drupal, Fedoraproject and 4 more 54 Debian Linux, Drupal, Fedora and 51 more 2024-02-04 4.3 MEDIUM 6.1 MEDIUM
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
CVE-2020-7699 2 Express-fileupload Project, Netapp 2 Express-fileupload, Max Data 2024-02-04 7.5 HIGH 9.8 CRITICAL
This affects the package express-fileupload before 1.1.8. If the parseNested option is enabled, sending a corrupt HTTP request can lead to denial of service or arbitrary code execution.
CVE-2020-15801 3 Microsoft, Netapp, Python 3 Windows, Max Data, Python 2024-02-04 7.5 HIGH 9.8 CRITICAL
In Python 3.8.4, sys.path restrictions specified in a python38._pth file are ignored, allowing code to be loaded from arbitrary locations. The <executable-name>._pth file (e.g., the python._pth file) is not affected.