Vulnerabilities > Netapp
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-06 | CVE-2021-46143 | Integer Overflow or Wraparound vulnerability in multiple products In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize. | 7.8 |
| 2022-01-01 | CVE-2021-45960 | Incorrect Calculation vulnerability in multiple products In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory). | 8.8 |
| 2022-01-01 | CVE-2021-44716 | Resource Exhaustion vulnerability in multiple products net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests. | 7.5 |
| 2021-12-25 | CVE-2021-45485 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses. | 7.5 |
| 2021-12-23 | CVE-2021-27006 | Unspecified vulnerability in Netapp Storagegrid StorageGRID (formerly StorageGRID Webscale) versions 11.5 prior to 11.5.0.5 are susceptible to a vulnerability which may allow an administrative user to escalate their privileges and modify settings in SANtricity System Manager. | 2.1 |
| 2021-12-23 | CVE-2021-27007 | Unspecified vulnerability in Netapp Virtual Desktop Service NetApp Virtual Desktop Service (VDS) when used with an HTML5 gateway is susceptible to a vulnerability which when successfully exploited could allow an unauthenticated attacker to takeover a Remote Desktop Session. | 7.5 |
| 2021-12-23 | CVE-2021-45469 | Out-of-bounds Read vulnerability in multiple products In __f2fs_setxattr in fs/f2fs/xattr.c in the Linux kernel through 5.15.11, there is an out-of-bounds memory access when an inode has an invalid last xattr entry. | 7.8 |
| 2021-12-22 | CVE-2021-44733 | Race Condition vulnerability in multiple products A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11. | 7.0 |
| 2021-12-20 | CVE-2021-44790 | Out-of-bounds Write vulnerability in multiple products A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). | 9.8 |
| 2021-12-18 | CVE-2021-45105 | Uncontrolled Recursion vulnerability in multiple products Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. | 5.9 |