Vulnerabilities (CVE)

Filtered by vendor Netapp Subscribe
Total 2270 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-42003 4 Debian, Fasterxml, Netapp and 1 more 4 Debian Linux, Jackson-databind, Oncommand Workflow Automation and 1 more 2024-11-21 N/A 7.5 HIGH
In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled.
CVE-2022-40982 5 Debian, Intel, Netapp and 2 more 1052 Debian Linux, Celeron 5205u, Celeron 5205u Firmware and 1049 more 2024-11-21 N/A 6.5 MEDIUM
Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2022-3970 3 Debian, Libtiff, Netapp 3 Debian Linux, Libtiff, Active Iq Unified Manager 2024-11-21 N/A 6.3 MEDIUM
A vulnerability was found in LibTIFF. It has been classified as critical. This affects the function TIFFReadRGBATileExt of the file libtiff/tif_getimage.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 227500897dfb07fb7d27f7aa570050e62617e3be. It is recommended to apply a patch to fix this issue. The identifier VDB-213549 was assigned to this vulnerability.
CVE-2022-3705 4 Debian, Fedoraproject, Netapp and 1 more 4 Debian Linux, Fedora, Active Iq Unified Manager and 1 more 2024-11-21 N/A 5.0 MEDIUM
A vulnerability was found in vim and classified as problematic. Affected by this issue is the function qf_update_buffer of the file quickfix.c of the component autocmd Handler. The manipulation leads to use after free. The attack may be launched remotely. Upgrading to version 9.0.0805 is able to address this issue. The name of the patch is d0fab10ed2a86698937e3c3fed2f10bd9bb5e731. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-212324.
CVE-2022-3649 3 Debian, Linux, Netapp 11 Debian Linux, Linux Kernel, Active Iq Unified Manager and 8 more 2024-11-21 N/A 3.1 LOW
A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_new_inode of the file fs/nilfs2/inode.c of the component BPF. The manipulation leads to use after free. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211992.
CVE-2022-3564 3 Debian, Linux, Netapp 10 Debian Linux, Linux Kernel, H300s and 7 more 2024-11-21 N/A 5.5 MEDIUM
A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211087.
CVE-2022-3545 3 Debian, Linux, Netapp 12 Debian Linux, Linux Kernel, H300s and 9 more 2024-11-21 N/A 5.5 MEDIUM
A vulnerability has been found in Linux Kernel and classified as critical. Affected by this vulnerability is the function area_cache_get of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211045 was assigned to this vulnerability.
CVE-2022-3202 2 Linux, Netapp 11 Linux Kernel, H300s, H300s Firmware and 8 more 2024-11-21 N/A 7.1 HIGH
A NULL pointer dereference flaw in diFree in fs/jfs/inode.c in Journaled File System (JFS)in the Linux kernel. This could allow a local attacker to crash the system or leak kernel internal information.
CVE-2022-39410 2 Netapp, Oracle 3 Oncommand Insight, Oncommand Workflow Automation, Mysql 2024-11-21 N/A 6.5 MEDIUM
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
CVE-2022-39408 2 Netapp, Oracle 3 Oncommand Insight, Oncommand Workflow Automation, Mysql 2024-11-21 N/A 6.5 MEDIUM
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
CVE-2022-39400 2 Netapp, Oracle 3 Oncommand Insight, Oncommand Workflow Automation, Mysql 2024-11-21 N/A 4.9 MEDIUM
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2022-39399 4 Azul, Fedoraproject, Netapp and 1 more 15 Zulu, Fedora, 7-mode Transition Tool and 12 more 2024-11-21 N/A 3.7 LOW
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
CVE-2022-39046 2 Gnu, Netapp 12 Glibc, H300s, H300s Firmware and 9 more 2024-11-21 N/A 7.5 HIGH
An issue was discovered in the GNU C Library (glibc) 2.36. When the syslog function is passed a crafted input string larger than 1024 bytes, it reads uninitialized memory from the heap and prints it to the target log file, potentially revealing a portion of the contents of the heap.
CVE-2022-36773 2 Ibm, Netapp 2 Cognos Analytics, Oncommand Insight 2024-11-21 N/A 8.1 HIGH
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 233571.
CVE-2022-36123 2 Linux, Netapp 11 Linux Kernel, H300s, H300s Firmware and 8 more 2024-11-21 N/A 7.8 HIGH
The Linux kernel before 5.18.13 lacks a certain clear operation for the block starting symbol (.bss). This allows Xen PV guest OS users to cause a denial of service or gain privileges.
CVE-2022-35737 3 Netapp, Splunk, Sqlite 3 Ontap Select Deploy Administration Utility, Universal Forwarder, Sqlite 2024-11-21 N/A 7.5 HIGH
SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.
CVE-2022-35278 2 Apache, Netapp 3 Activemq Artemis, Active Iq Unified Manager, Oncommand Workflow Automation 2024-11-21 N/A 6.1 MEDIUM
In Apache ActiveMQ Artemis prior to 2.24.0, an attacker could show malicious content and/or redirect users to a malicious URL in the web console by using HTML in the name of an address or queue.
CVE-2022-35260 4 Apple, Haxx, Netapp and 1 more 12 Macos, Curl, Clustered Data Ontap and 9 more 2024-11-21 N/A 6.5 MEDIUM
curl can be told to parse a `.netrc` file for credentials. If that file endsin a line with 4095 consecutive non-white space letters and no newline, curlwould first read past the end of the stack-based buffer, and if the readworks, write a zero byte beyond its boundary.This will in most cases cause a segfault or similar, but circumstances might also cause different outcomes.If a malicious user can provide a custom netrc file to an application or otherwise affect its contents, this flaw could be used as denial-of-service.
CVE-2022-34918 4 Canonical, Debian, Linux and 1 more 13 Ubuntu Linux, Debian Linux, Linux Kernel and 10 more 2024-11-21 7.2 HIGH 7.8 HIGH
An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c.
CVE-2022-34903 4 Debian, Fedoraproject, Gnupg and 1 more 5 Debian Linux, Fedora, Gnupg and 2 more 2024-11-21 5.8 MEDIUM 6.5 MEDIUM
GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line.