Filtered by vendor Netapp
Subscribe
Total
2310 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-1652 | 4 Debian, Linux, Netapp and 1 more | 13 Debian Linux, Linux Kernel, H300s and 10 more | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. | |||||
CVE-2021-0124 | 2 Intel, Netapp | 1360 Atom C3308, Atom C3308 Firmware, Atom C3336 and 1357 more | 2024-02-28 | 4.6 MEDIUM | 6.6 MEDIUM |
Improper access control in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via physical access. | |||||
CVE-2022-21483 | 2 Netapp, Oracle | 4 Active Iq Unified Manager, Oncommand Insight, Snapcenter and 1 more | 2024-02-28 | 4.0 MEDIUM | 6.3 MEDIUM |
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.35 and prior, 7.5.25 and prior, 7.6.21 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H). | |||||
CVE-2022-23806 | 3 Debian, Golang, Netapp | 6 Debian Linux, Go, Beegfs Csi Driver and 3 more | 2024-02-28 | 6.4 MEDIUM | 9.1 CRITICAL |
Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element. | |||||
CVE-2022-0562 | 4 Debian, Fedoraproject, Libtiff and 1 more | 4 Debian Linux, Fedora, Libtiff and 1 more | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dirread.c in libtiff versions from 4.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, a fix is available with commit 561599c. | |||||
CVE-2022-1622 | 4 Apple, Fedoraproject, Libtiff and 1 more | 7 Iphone Os, Macos, Tvos and 4 more | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa. | |||||
CVE-2021-33068 | 2 Intel, Netapp | 2 Active Management Technology Firmware, Cloud Backup | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
Null pointer dereference in subsystem for Intel(R) AMT before versions 15.0.35 may allow an authenticated user to potentially enable denial of service via network access. | |||||
CVE-2022-26488 | 3 Microsoft, Netapp, Python | 4 Windows, Active Iq Unified Manager, Ontap Select Deploy Administration Utility and 1 more | 2024-02-28 | 4.4 MEDIUM | 7.0 HIGH |
In Python before 3.10.3 on Windows, local users can gain privileges because the search path is inadequately secured. The installer may allow a local attacker to add user-writable directories to the system search path. To exploit, an administrator must have installed Python for all users and enabled PATH entries. A non-administrative user can trigger a repair that incorrectly adds user-writable paths into PATH, enabling search-path hijacking of other users and system services. This affects Python (CPython) through 3.7.12, 3.8.x through 3.8.12, 3.9.x through 3.9.10, and 3.10.x through 3.10.2. | |||||
CVE-2021-3733 | 4 Fedoraproject, Netapp, Python and 1 more | 20 Extra Packages For Enterprise Linux, Fedora, Hci Compute Node Firmware and 17 more | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability. | |||||
CVE-2022-0563 | 2 Kernel, Netapp | 2 Util-linux, Ontap Select Deploy Administration Utility | 2024-02-28 | 1.9 LOW | 5.5 MEDIUM |
A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4. | |||||
CVE-2022-26336 | 2 Apache, Netapp | 2 Poi, Active Iq Unified Manager | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
A shortcoming in the HMEF package of poi-scratchpad (Apache POI) allows an attacker to cause an Out of Memory exception. This package is used to read TNEF files (Microsoft Outlook and Microsoft Exchange Server). If an application uses poi-scratchpad to parse TNEF files and the application allows untrusted users to supply them, then a carefully crafted file can cause an Out of Memory exception. This issue affects poi-scratchpad version 5.2.0 and prior versions. Users are recommended to upgrade to poi-scratchpad 5.2.1. | |||||
CVE-2021-0116 | 2 Intel, Netapp | 1360 Atom C3308, Atom C3308 Firmware, Atom C3336 and 1357 more | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
Out-of-bounds write in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable an escalation of privilege via local access. | |||||
CVE-2021-4203 | 3 Linux, Netapp, Oracle | 23 Linux Kernel, A700s, A700s Firmware and 20 more | 2024-02-28 | 4.9 MEDIUM | 6.8 MEDIUM |
A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information. | |||||
CVE-2021-29824 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to priviledge escalation where a lower level user could have read access to to the 'Data Connections' page to which they don't have access. IBM X-Force ID: 204468. | |||||
CVE-2021-0115 | 2 Intel, Netapp | 681 Atom C3308, Atom C3336, Atom C3338 and 678 more | 2024-02-28 | 4.6 MEDIUM | 6.7 MEDIUM |
Buffer overflow in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
CVE-2022-21484 | 2 Netapp, Oracle | 4 Active Iq Unified Manager, Oncommand Insight, Snapcenter and 1 more | 2024-02-28 | 2.9 LOW | 2.9 LOW |
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.35 and prior, 7.5.25 and prior, 7.6.21 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 2.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L). | |||||
CVE-2022-21417 | 2 Netapp, Oracle | 5 Active Iq Unified Manager, Oncommand Insight, Oncommand Workflow Automation and 2 more | 2024-02-28 | 4.0 MEDIUM | 4.9 MEDIUM |
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||||
CVE-2022-29526 | 4 Fedoraproject, Golang, Linux and 1 more | 4 Fedora, Go, Linux Kernel and 1 more | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible. | |||||
CVE-2018-25032 | 10 Apple, Azul, Debian and 7 more | 37 Mac Os X, Macos, Zulu and 34 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches. | |||||
CVE-2022-0998 | 2 Linux, Netapp | 17 Linux Kernel, H300e, H300e Firmware and 14 more | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
An integer overflow flaw was found in the Linux kernel’s virtio device driver code in the way a user triggers the vhost_vdpa_config_validate function. This flaw allows a local user to crash or potentially escalate their privileges on the system. |