Element Software

DATE	CVE	VULNERABILITY TITLE	RISK
2022-11-09	CVE-2022-45061	Algorithmic Complexity vulnerability in multiple products An issue was discovered in Python before 3.11.1. network low complexity python fedoraproject netapp CWE-407	7.5
2022-09-23	CVE-2022-35252	When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. network high complexity haxx netapp apple debian splunk	3.7
2022-07-07	CVE-2022-32205	Allocation of Resources Without Limits or Throttling vulnerability in multiple products A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them. network low complexity haxx fedoraproject debian netapp apple siemens splunk CWE-770	4.3
2022-07-07	CVE-2022-32206	Allocation of Resources Without Limits or Throttling vulnerability in multiple products curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. network low complexity haxx fedoraproject debian netapp siemens splunk CWE-770	6.5
2022-07-07	CVE-2022-32207	Incorrect Default Permissions vulnerability in multiple products When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally widen the permissions for the target file, leaving the updated file accessible to more users than intended. network low complexity haxx fedoraproject debian netapp apple splunk CWE-276 critical	9.8
2022-07-07	CVE-2022-32208	Out-of-bounds Write vulnerability in multiple products When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. network high complexity haxx fedoraproject debian netapp apple splunk CWE-787	5.9
2022-06-21	CVE-2022-2068	OS Command Injection vulnerability in multiple products In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. network low complexity openssl debian fedoraproject siemens netapp broadcom CWE-78 critical	9.8
2022-05-25	CVE-2022-1678	An issue was discovered in the Linux Kernel from 4.18 to 4.19, an improper update of sock reference in TCP pacing can lead to memory/netns leak, which can be used by remote clients. network low complexity linux netapp	7.5
2022-04-19	CVE-2022-21443	Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). network high complexity oracle netapp debian azul	3.7
2022-04-19	CVE-2022-21476	Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). network low complexity oracle netapp debian azul	7.5