Vulnerabilities > Netapp > HCI

DATE CVE VULNERABILITY TITLE RISK
2023-08-07 CVE-2023-36054 Access of Uninitialized Pointer vulnerability in multiple products
lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer.
network
low complexity
mit debian netapp CWE-824
6.5
6.5
2023-07-10 CVE-2023-32250 Race Condition vulnerability in multiple products
A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server.
network
high complexity
linux netapp CWE-362
8.1
8.1
2022-11-09 CVE-2022-45061 Algorithmic Complexity vulnerability in multiple products
An issue was discovered in Python before 3.11.1.
network
low complexity
python fedoraproject netapp CWE-407
7.5
7.5
2022-08-05 CVE-2022-37434 Out-of-bounds Write vulnerability in multiple products
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field.
network
low complexity
zlib fedoraproject debian netapp apple stormshield CWE-787
critical
 9.8
9.8
2022-03-04 CVE-2021-3737 Infinite Loop vulnerability in multiple products
A flaw was found in python. 		7.5
7.5
2022-02-09 CVE-2022-0391 Injection vulnerability in multiple products
A flaw was found in Python, specifically within the urllib.parse module.
network
low complexity
python netapp fedoraproject oracle CWE-74
7.5
7.5
2021-10-14 CVE-2021-42340 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak.
network
low complexity
apache netapp debian oracle CWE-772
7.5
7.5
2021-06-09 CVE-2021-28169 For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory.
network
low complexity
eclipse debian oracle netapp
5.3
5.3
2021-05-27 CVE-2021-22118 Exposure of Resource to Wrong Sphere vulnerability in multiple products
In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFlux application, or overwrite arbitrary files with multipart request data.
local
low complexity
vmware oracle netapp CWE-668
7.8
7.8
2021-02-26 CVE-2020-27223 Resource Exhaustion vulnerability in multiple products
In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” (i.e.
network
low complexity
eclipse apache netapp debian oracle CWE-400
5.3
5.3