Vulnerabilities > Netapp

DATE CVE VULNERABILITY TITLE RISK
2022-05-06 CVE-2022-24903 Improper Validation of Specified Quantity in Input vulnerability in multiple products
Rsyslog is a rocket-fast system for log processing.
network
high complexity
rsyslog fedoraproject debian netapp CWE-1284
8.1
8.1
2022-05-04 CVE-2022-29155 SQL Injection vulnerability in multiple products
In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query.
network
low complexity
openldap debian netapp CWE-89
critical
 9.8
9.8
2022-05-03 CVE-2022-1292 OS Command Injection vulnerability in multiple products
The c_rehash script does not properly sanitise shell metacharacters to prevent command injection.
network
low complexity
openssl debian netapp oracle fedoraproject CWE-78
critical
 9.8
9.8
2022-05-03 CVE-2022-1343 Improper Certificate Validation vulnerability in multiple products
The function `OCSP_basic_verify` verifies the signer certificate on an OCSP response.
network
low complexity
openssl netapp CWE-295
5.3
5.3
2022-05-03 CVE-2022-1434 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key.
network
high complexity
openssl netapp CWE-327
5.9
5.9
2022-05-03 CVE-2022-1473 Incomplete Cleanup vulnerability in multiple products
The OPENSSL_LH_flush() function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries.
network
low complexity
openssl netapp CWE-459
7.5
7.5
2022-05-03 CVE-2022-29824 Integer Overflow or Wraparound vulnerability in multiple products
In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows.
network
low complexity
xmlsoft fedoraproject debian netapp oracle CWE-190
6.5
6.5
2022-05-02 CVE-2022-29968 Missing Initialization of Resource vulnerability in multiple products
An issue was discovered in the Linux kernel through 5.17.5.
local
low complexity
linux fedoraproject netapp CWE-909
7.8
7.8
2022-05-01 CVE-2022-25647 Deserialization of Untrusted Data vulnerability in multiple products
The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks.
network
low complexity
google debian netapp oracle CWE-502
7.5
7.5
2022-05-01 CVE-2022-25844 The package angular after 1.7.0 are vulnerable to Regular Expression Denial of Service (ReDoS) by providing a custom locale rule that makes it possible to assign the parameter in posPre: ' '.repeat() of NUMBER_FORMATS.PATTERNS[1].posPre with a very high value.
network
low complexity
angularjs fedoraproject netapp
7.5
7.5