Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2022-08-31	CVE-2022-39046	Information Exposure Through Log Files vulnerability in multiple products An issue was discovered in the GNU C Library (glibc) 2.36. network low complexity gnu netapp CWE-532	5.3
2022-08-22	CVE-2022-2873	Incorrect Calculation of Buffer Size vulnerability in multiple products An out-of-bounds memory access flaw was found in the Linux kernel Intel’s iSMT SMBus host controller driver in the way a user triggers the I2C_SMBUS_BLOCK_DATA (with the ioctl I2C_SMBUS) with malicious input data. local low complexity linux fedoraproject redhat netapp debian CWE-131	5.5
2022-07-27	CVE-2022-36879	An issue was discovered in the Linux kernel through 5.18.14. local low complexity linux debian netapp	5.5
2022-07-20	CVE-2022-31160	Cross-site Scripting vulnerability in multiple products jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. network low complexity jqueryui netapp drupal fedoraproject debian CWE-79	6.1
2022-07-07	CVE-2022-32205	Allocation of Resources Without Limits or Throttling vulnerability in multiple products A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them. network low complexity haxx fedoraproject debian netapp apple siemens splunk CWE-770	4.3
2022-07-07	CVE-2022-32206	Allocation of Resources Without Limits or Throttling vulnerability in multiple products curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. network low complexity haxx fedoraproject debian netapp siemens splunk CWE-770	6.5
2022-07-07	CVE-2022-32208	Out-of-bounds Write vulnerability in multiple products When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. network high complexity haxx fedoraproject debian netapp apple splunk CWE-787	5.9
2022-07-06	CVE-2022-2318	Use After Free vulnerability in multiple products There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges. local low complexity linux debian netapp CWE-416	5.5
2022-07-05	CVE-2022-2097	Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. network low complexity openssl fedoraproject netapp siemens debian CWE-327	5.3
2022-06-02	CVE-2022-27774	Insufficiently Protected Credentials vulnerability in multiple products An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers. network low complexity haxx debian netapp brocade splunk CWE-522	5.7