Vulnerabilities (CVE)

Filtered by vendor Netapp Subscribe
Total 1879 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-1619 5 Apple, Debian, Fedoraproject and 2 more 6 Macos, Debian Linux, Fedora and 3 more 2022-11-24 6.8 MEDIUM 7.8 HIGH
Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899. This vulnerabilities are capable of crashing software, modify memory, and possible remote execution
CVE-2022-34526 3 Fedoraproject, Libtiff, Netapp 4 Fedora, Libtiff, Active Iq Unified Manager and 1 more 2022-11-23 N/A 6.5 MEDIUM
A stack overflow was discovered in the _TIFFVGetField function of Tiffsplit v4.4.0. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted TIFF file parsed by the "tiffsplit" or "tiffcrop" utilities.
CVE-2021-45346 2 Netapp, Sqlite 2 Ontap Select Deploy Administration Utility, Sqlite 2022-11-23 4.0 MEDIUM 4.3 MEDIUM
** DISPUTED ** A Memory Leak vulnerability exists in SQLite Project SQLite3 3.35.1 and 3.37.0 via maliciously crafted SQL Queries (made via editing the Database File), it is possible to query a record, and leak subsequent bytes of memory that extend beyond the record, which could let a malicious user obtain sensitive information. NOTE: The developer disputes this as a vulnerability stating that If you give SQLite a corrupted database file and submit a query against the database, it might read parts of the database that you did not intend or expect.
CVE-2022-31097 2 Grafana, Netapp 2 Grafana, E-series Performance Analyzer 2022-11-23 N/A 8.7 HIGH
Grafana is an open-source platform for monitoring and observability. Versions on the 8.x and 9.x branch prior to 9.0.3, 8.5.9, 8.4.10, and 8.3.10 are vulnerable to stored cross-site scripting via the Unified Alerting feature of Grafana. An attacker can exploit this vulnerability to escalate privilege from editor to admin by tricking an authenticated admin to click on a link. Versions 9.0.3, 8.5.9, 8.4.10, and 8.3.10 contain a patch. As a workaround, it is possible to disable alerting or use legacy alerting.
CVE-2018-25032 7 Apple, Debian, Fedoraproject and 4 more 23 Mac Os X, Macos, Debian Linux and 20 more 2022-11-21 5.0 MEDIUM 7.5 HIGH
zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
CVE-2020-36518 4 Debian, Fasterxml, Netapp and 1 more 36 Debian Linux, Jackson-databind, Active Iq Unified Manager and 33 more 2022-11-21 5.0 MEDIUM 7.5 HIGH
jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.
CVE-2015-20107 3 Fedoraproject, Netapp, Python 5 Fedora, Active Iq Unified Manager, Ontap Select Deploy Administration Utility and 2 more 2022-11-21 8.0 HIGH 7.6 HIGH
In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments). The fix is also back-ported to 3.7, 3.8, 3.9
CVE-2021-28660 4 Debian, Fedoraproject, Linux and 1 more 20 Debian Linux, Fedora, Linux Kernel and 17 more 2022-11-21 8.3 HIGH 8.8 HIGH
rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel through 5.11.6 allows writing beyond the end of the ->ssid[] array. NOTE: from the perspective of kernel.org releases, CVE IDs are not normally used for drivers/staging/* (unfinished work); however, system integrators may have situations in which a drivers/staging issue is relevant to their own customer base.
CVE-2021-3999 3 Debian, Gnu, Netapp 15 Debian Linux, Glibc, E-series Performance Analyzer and 12 more 2022-11-21 N/A 7.8 HIGH
A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system.
CVE-2022-31160 3 Drupal, Jqueryui, Netapp 13 Jquery Ui Checkboxradio, Jquery Ui, H300s and 10 more 2022-11-21 N/A 6.1 MEDIUM
jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. Versions prior to 1.13.2 are potentially vulnerable to cross-site scripting. Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents considered as the input label. Calling `.checkboxradio( "refresh" )` on such a widget and the initial HTML contained encoded HTML entities will make them erroneously get decoded. This can lead to potentially executing JavaScript code. The bug has been patched in jQuery UI 1.13.2. To remediate the issue, someone who can change the initial HTML can wrap all the non-input contents of the `label` in a `span`.
CVE-2020-14356 6 Canonical, Debian, Linux and 3 more 11 Ubuntu Linux, Debian Linux, Linux Kernel and 8 more 2022-11-18 7.2 HIGH 7.8 HIGH
A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found in the way when reboot the system. A local user could use this flaw to crash the system or escalate their privileges on the system.
CVE-2022-31676 6 Debian, Fedoraproject, Linux and 3 more 6 Debian Linux, Fedora, Linux Kernel and 3 more 2022-11-16 N/A 7.8 HIGH
VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege escalation vulnerability. A malicious actor with local non-administrative access to the Guest OS can escalate privileges as a root user in the virtual machine.
CVE-2022-35737 2 Netapp, Sqlite 2 Ontap Select Deploy Administration Utility, Sqlite 2022-11-16 N/A 7.5 HIGH
SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.
CVE-2022-1210 2 Libtiff, Netapp 2 Libtiff, Ontap Select Deploy Administration Utility 2022-11-16 4.3 MEDIUM 6.5 MEDIUM
A vulnerability classified as problematic was found in LibTIFF 4.3.0. Affected by this vulnerability is the TIFF File Handler of tiff2ps. Opening a malicious file leads to a denial of service. The attack can be launched remotely but requires user interaction. The exploit has been disclosed to the public and may be used.
CVE-2021-25220 4 Fedoraproject, Isc, Netapp and 1 more 19 Fedora, Bind, Baseboard Management Controller H300e and 16 more 2022-11-16 5.0 MEDIUM 8.6 HIGH
BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as they are EOL. The cache could become poisoned with incorrect records leading to queries being made to the wrong servers, which might also result in false information being returned to clients.
CVE-2022-0396 4 Fedoraproject, Isc, Netapp and 1 more 19 Fedora, Bind, Baseboard Management Controller H300e and 16 more 2022-11-16 4.3 MEDIUM 5.3 MEDIUM
BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported Preview Edition. Specifically crafted TCP streams can cause connections to BIND to remain in CLOSE_WAIT status for an indefinite period of time, even after the client has terminated the connection.
CVE-2022-0924 4 Debian, Fedoraproject, Libtiff and 1 more 4 Debian Linux, Fedora, Libtiff and 1 more 2022-11-16 4.3 MEDIUM 5.5 MEDIUM
Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 408976c4.
CVE-2022-0562 4 Debian, Fedoraproject, Libtiff and 1 more 4 Debian Linux, Fedora, Libtiff and 1 more 2022-11-16 4.3 MEDIUM 5.5 MEDIUM
Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dirread.c in libtiff versions from 4.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, a fix is available with commit 561599c.
CVE-2022-0561 5 Debian, Fedoraproject, Libtiff and 2 more 5 Debian Linux, Fedora, Libtiff and 2 more 2022-11-16 4.3 MEDIUM 5.5 MEDIUM
Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in tif_dirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, the fix is available with commit eecb0712.
CVE-2022-22844 3 Debian, Libtiff, Netapp 3 Debian Linux, Libtiff, Ontap Select Deploy Administration Utility 2022-11-16 4.3 MEDIUM 5.5 MEDIUM
LibTIFF 4.3.0 has an out-of-bounds read in _TIFFmemcpy in tif_unix.c in certain situations involving a custom tag and 0x0200 as the second word of the DE field.