Vulnerabilities (CVE)

Filtered by vendor Netapp Subscribe
Total 2054 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-3626 3 Debian, Libtiff, Netapp 3 Debian Linux, Libtiff, Active Iq Unified Manager 2023-03-31 N/A 6.5 MEDIUM
LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c:340 when called from processCropSelections, tools/tiffcrop.c:7619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.
CVE-2022-3598 3 Debian, Libtiff, Netapp 3 Debian Linux, Libtiff, Active Iq Unified Manager 2023-03-31 N/A 6.5 MEDIUM
LibTIFF 4.4.0 has an out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c:3604, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit cfbb883b.
CVE-2019-5481 6 Debian, Fedoraproject, Haxx and 3 more 13 Debian Linux, Fedora, Curl and 10 more 2023-03-29 7.5 HIGH 9.8 CRITICAL
Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.
CVE-2022-32207 5 Apple, Debian, Fedoraproject and 2 more 18 Macos, Debian Linux, Fedora and 15 more 2023-03-28 7.5 HIGH 9.8 CRITICAL
When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended.
CVE-2022-44793 3 Debian, Net-snmp, Netapp 10 Debian Linux, Net-snmp, H300s and 7 more 2023-03-28 N/A 6.5 MEDIUM
handle_ipv6IpForwarding in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.4.3 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.
CVE-2022-44792 3 Debian, Net-snmp, Netapp 10 Debian Linux, Net-snmp, H300s and 7 more 2023-03-28 N/A 6.5 MEDIUM
handle_ipDefaultTTL in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.8 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker (who has write access) to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.
CVE-2019-11068 7 Canonical, Debian, Fedoraproject and 4 more 22 Ubuntu Linux, Debian Linux, Fedora and 19 more 2023-03-24 7.5 HIGH 9.8 CRITICAL
libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.
CVE-2019-16168 8 Canonical, Debian, Fedoraproject and 5 more 20 Ubuntu Linux, Debian Linux, Fedora and 17 more 2023-03-23 4.3 MEDIUM 6.5 MEDIUM
In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner."
CVE-2022-1587 4 Fedoraproject, Netapp, Pcre and 1 more 17 Fedora, Active Iq Unified Manager, H300s and 14 more 2023-03-16 6.4 MEDIUM 9.1 CRITICAL
An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers.
CVE-2022-1586 4 Fedoraproject, Netapp, Pcre and 1 more 17 Fedora, Active Iq Unified Manager, H300s and 14 more 2023-03-16 6.4 MEDIUM 9.1 CRITICAL
An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.
CVE-2022-37967 3 Fedoraproject, Microsoft, Netapp 8 Fedora, Windows Server 2008, Windows Server 2012 and 5 more 2023-03-10 N/A 7.2 HIGH
Windows Kerberos Elevation of Privilege Vulnerability
CVE-2022-38023 3 Fedoraproject, Microsoft, Netapp 8 Fedora, Windows Server 2008, Windows Server 2012 and 5 more 2023-03-10 N/A 8.1 HIGH
Netlogon RPC Elevation of Privilege Vulnerability
CVE-2022-37966 3 Fedoraproject, Microsoft, Netapp 8 Fedora, Windows Server 2008, Windows Server 2012 and 5 more 2023-03-10 N/A 8.1 HIGH
Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability
CVE-2022-23239 1 Netapp 1 Active Iq Unified Manager 2023-03-10 N/A 4.8 MEDIUM
Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.11P1 are susceptible to a vulnerability which allows administrative users to perform a Stored Cross-Site Scripting (XSS) attack.
CVE-2022-23240 1 Netapp 1 Active Iq Unified Manager 2023-03-10 N/A 6.5 MEDIUM
Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.11P1 are susceptible to a vulnerability which allows unauthorized users to update EMS Subscriptions via unspecified vectors.
CVE-2022-38734 1 Netapp 1 Storagegrid 2023-03-10 N/A 7.5 HIGH
StorageGRID (formerly StorageGRID Webscale) versions prior to 11.6.0.8 are susceptible to a Denial of Service (DoS) vulnerability. A successful exploit could lead to to a crash of the Local Distribution Router (LDR) service.
CVE-2022-43945 2 Linux, Netapp 12 Linux Kernel, Active Iq Unified Manager, H300s and 9 more 2023-03-08 N/A 7.5 HIGH
The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC message with garbage data is still correctly formed according to the specification and is passed forward to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the allocated buffer space. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2019-15098 5 Canonical, Debian, Linux and 2 more 8 Ubuntu Linux, Debian Linux, Linux Kernel and 5 more 2023-03-03 4.9 MEDIUM 4.6 MEDIUM
drivers/net/wireless/ath/ath6kl/usb.c in the Linux kernel through 5.2.9 has a NULL pointer dereference via an incomplete address in an endpoint descriptor.
CVE-2019-15212 5 Canonical, Debian, Linux and 2 more 10 Ubuntu Linux, Debian Linux, Linux Kernel and 7 more 2023-03-03 4.9 MEDIUM 4.6 MEDIUM
An issue was discovered in the Linux kernel before 5.1.8. There is a double-free caused by a malicious USB device in the drivers/usb/misc/rio500.c driver.
CVE-2019-13990 4 Apache, Netapp, Oracle and 1 more 30 Tomee, Active Iq Unified Manager, Cloud Secure Agent and 27 more 2023-03-03 7.5 HIGH 9.8 CRITICAL
initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description.