Vulnerabilities (CVE)

Filtered by vendor Netapp Subscribe
Total 2315 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-1096 1 Netapp 1 Snapcenter 2024-11-21 N/A 9.8 CRITICAL
SnapCenter versions 4.7 prior to 4.7P2 and 4.8 prior to 4.8P1 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to gain access as an admin user.
CVE-2023-1077 3 Debian, Linux, Netapp 22 Debian Linux, Linux Kernel, 8300 and 19 more 2024-11-21 N/A 7.0 HIGH
In the Linux kernel, pick_next_rt_entity() may return a type confused entry, not detected by the BUG_ON condition, as the confused entry will not be NULL, but list_head.The buggy error condition would lead to a type confused entry with the list head,which would then be used as a type confused sched_rt_entity,causing memory corruption.
CVE-2023-0361 5 Debian, Fedoraproject, Gnu and 2 more 7 Debian Linux, Fedora, Gnutls and 4 more 2024-11-21 N/A 7.4 HIGH
A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection.
CVE-2023-0045 3 Debian, Linux, Netapp 13 Debian Linux, Linux Kernel, Active Iq Unified Manager and 10 more 2024-11-21 N/A 4.7 MEDIUM
The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall. The ib_prctl_set  function updates the Thread Information Flags (TIFs) for the task and updates the SPEC_CTRL MSR on the function __speculation_ctrl_update, but the IBPB is only issued on the next schedule, when the TIF bits are checked. This leaves the victim vulnerable to values already injected on the BTB, prior to the prctl syscall.  The patch that added the support for the conditional mitigation via prctl (ib_prctl_set) dates back to the kernel 4.9.176. We recommend upgrading past commit a664ec9158eeddd75121d39c9a0758016097fa96
CVE-2022-4292 2 Netapp, Vim 2 Ontap Select Deploy Administration Utility, Vim 2024-11-21 N/A 7.8 HIGH
Use After Free in GitHub repository vim/vim prior to 9.0.0882.
CVE-2022-48566 3 Debian, Netapp, Python 4 Debian Linux, Active Iq Unified Manager, Converged Systems Advisor Agent and 1 more 2024-11-21 N/A 5.9 MEDIUM
An issue was discovered in compare_digest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.compare_digest.
CVE-2022-48564 2 Netapp, Python 2 Active Iq Unified Manager, Python 2024-11-21 N/A 6.5 MEDIUM
read_ints in plistlib.py in Python through 3.9.1 is vulnerable to a potential DoS attack via CPU and RAM exhaustion when processing malformed Apple Property List files in binary format.
CVE-2022-48502 2 Linux, Netapp 6 Linux Kernel, H300s, H410c and 3 more 2024-11-21 N/A 7.1 HIGH
An issue was discovered in the Linux kernel before 6.2. The ntfs3 subsystem does not properly check for correctness during disk reads, leading to an out-of-bounds read in ntfs_set_ea in fs/ntfs3/xattr.c.
CVE-2022-48065 3 Fedoraproject, Gnu, Netapp 3 Fedora, Binutils, Ontap Select Deploy Administration Utility 2024-11-21 N/A 5.5 MEDIUM
GNU Binutils before 2.40 was discovered to contain a memory leak vulnerability var the function find_abstract_instance in dwarf2.c.
CVE-2022-48064 3 Fedoraproject, Gnu, Netapp 3 Fedora, Binutils, Ontap Select Deploy Administration Utility 2024-11-21 N/A 5.5 MEDIUM
GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack.
CVE-2022-47521 3 Debian, Linux, Netapp 12 Debian Linux, Linux Kernel, H300s and 9 more 2024-11-21 N/A 7.8 HIGH
An issue was discovered in the Linux kernel before 6.0.11. Missing validation of IEEE80211_P2P_ATTR_CHANNEL_LIST in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger a heap-based buffer overflow when parsing the operating channel attribute from Wi-Fi management frames.
CVE-2022-47520 3 Debian, Linux, Netapp 12 Debian Linux, Linux Kernel, H300s and 9 more 2024-11-21 N/A 7.1 HIGH
An issue was discovered in the Linux kernel before 6.0.11. Missing offset validation in drivers/net/wireless/microchip/wilc1000/hif.c in the WILC1000 wireless driver can trigger an out-of-bounds read when parsing a Robust Security Network (RSN) information element from a Netlink packet.
CVE-2022-47519 3 Debian, Linux, Netapp 12 Debian Linux, Linux Kernel, H300s and 9 more 2024-11-21 N/A 7.8 HIGH
An issue was discovered in the Linux kernel before 6.0.11. Missing validation of IEEE80211_P2P_ATTR_OPER_CHANNEL in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger an out-of-bounds write when parsing the channel list attribute from Wi-Fi management frames.
CVE-2022-47518 3 Debian, Linux, Netapp 12 Debian Linux, Linux Kernel, H300s and 9 more 2024-11-21 N/A 7.8 HIGH
An issue was discovered in the Linux kernel before 6.0.11. Missing validation of the number of channels in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger a heap-based buffer overflow when copying the list of operating channels from Wi-Fi management frames.
CVE-2022-45934 4 Debian, Fedoraproject, Linux and 1 more 13 Debian Linux, Fedora, Linux Kernel and 10 more 2024-11-21 N/A 7.8 HIGH
An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets.
CVE-2022-45919 2 Linux, Netapp 11 Linux Kernel, H300s, H300s Firmware and 8 more 2024-11-21 N/A 7.0 HIGH
An issue was discovered in the Linux kernel through 6.0.10. In drivers/media/dvb-core/dvb_ca_en50221.c, a use-after-free can occur is there is a disconnect after an open, because of the lack of a wait_event.
CVE-2022-45888 2 Linux, Netapp 11 Linux Kernel, H300s, H300s Firmware and 8 more 2024-11-21 N/A 6.4 MEDIUM
An issue was discovered in the Linux kernel through 6.0.9. drivers/char/xillybus/xillyusb.c has a race condition and use-after-free during physical removal of a USB device.
CVE-2022-45887 2 Linux, Netapp 11 Linux Kernel, H300s, H300s Firmware and 8 more 2024-11-21 N/A 4.7 MEDIUM
An issue was discovered in the Linux kernel through 6.0.9. drivers/media/usb/ttusb-dec/ttusb_dec.c has a memory leak because of the lack of a dvb_frontend_detach call.
CVE-2022-45886 2 Linux, Netapp 11 Linux Kernel, H300s, H300s Firmware and 8 more 2024-11-21 N/A 7.0 HIGH
An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_net.c has a .disconnect versus dvb_device_open race condition that leads to a use-after-free.
CVE-2022-45885 2 Linux, Netapp 11 Linux Kernel, H300s, H300s Firmware and 8 more 2024-11-21 N/A 7.0 HIGH
An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_frontend.c has a race condition that can cause a use-after-free when a device is disconnected.