Clustered Data Ontap

DATE	CVE	VULNERABILITY TITLE	RISK
2022-12-05	CVE-2022-32221	Exposure of Resource to Wrong Sphere vulnerability in multiple products When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback. network low complexity haxx netapp debian apple splunk CWE-668 critical	9.8
2022-12-05	CVE-2022-35260	Out-of-bounds Write vulnerability in multiple products curl can be told to parse a `.netrc` file for credentials. network low complexity haxx netapp apple splunk CWE-787	6.5
2022-11-23	CVE-2022-40304	Double Free vulnerability in multiple products An issue was discovered in libxml2 before 2.10.3. local low complexity xmlsoft netapp apple CWE-415	7.8
2022-11-23	CVE-2022-40303	Integer Overflow or Wraparound vulnerability in multiple products An issue was discovered in libxml2 before 2.10.3. network low complexity xmlsoft netapp apple CWE-190	7.5
2022-11-01	CVE-2022-3602	Out-of-bounds Write vulnerability in multiple products A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. network low complexity openssl fedoraproject netapp nodejs CWE-787	7.5
2022-10-19	CVE-2022-23241	Unspecified vulnerability in Netapp Clustered Data Ontap 9.11.1 Clustered Data ONTAP versions 9.11.1 through 9.11.1P2 with SnapLock configured FlexGroups are susceptible to a vulnerability which could allow an authenticated remote attacker to arbitrarily modify or delete WORM data prior to the end of the retention period. network low complexity netapp	8.1
2022-09-23	CVE-2022-35252	When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. network high complexity haxx netapp apple debian splunk	3.7
2022-07-07	CVE-2022-32205	Allocation of Resources Without Limits or Throttling vulnerability in multiple products A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them. network low complexity haxx fedoraproject debian netapp apple siemens splunk CWE-770	4.3
2022-07-07	CVE-2022-32206	Allocation of Resources Without Limits or Throttling vulnerability in multiple products curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. network low complexity haxx fedoraproject debian netapp siemens splunk CWE-770	6.5
2022-07-07	CVE-2022-32207	Incorrect Default Permissions vulnerability in multiple products When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally widen the permissions for the target file, leaving the updated file accessible to more users than intended. network low complexity haxx fedoraproject debian netapp apple splunk CWE-276 critical	9.8