Vulnerabilities > Netapp

DATE CVE VULNERABILITY TITLE RISK
2022-07-19 CVE-2022-34169 Incorrect Conversion between Numeric Types vulnerability in multiple products
The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets.
7.5
2022-07-15 CVE-2022-30634 Infinite Loop vulnerability in multiple products
Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 << 32 - 1 bytes.
network
low complexity
golang netapp CWE-835
7.5
2022-07-15 CVE-2022-31107 Grafana is an open-source platform for monitoring and observability.
network
high complexity
grafana netapp
7.5
2022-07-15 CVE-2022-31097 Cross-site Scripting vulnerability in multiple products
Grafana is an open-source platform for monitoring and observability.
network
low complexity
grafana netapp CWE-79
8.7
2022-07-07 CVE-2022-2047 Improper Input Validation vulnerability in multiple products
In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname.
network
low complexity
eclipse debian netapp CWE-20
2.7
2022-07-07 CVE-2022-2048 In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources.
network
low complexity
eclipse debian netapp jenkins
7.5
2022-07-07 CVE-2022-32205 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them.
4.3
2022-07-07 CVE-2022-32206 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms.
6.5
2022-07-07 CVE-2022-32207 Incorrect Default Permissions vulnerability in multiple products
When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended.
network
low complexity
haxx fedoraproject debian netapp apple splunk CWE-276
critical
9.8
2022-07-07 CVE-2022-32208 Out-of-bounds Write vulnerability in multiple products
When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly.
network
high complexity
haxx fedoraproject debian netapp apple splunk CWE-787
5.9