Vulnerabilities > Netapp > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-02-23 CVE-2023-23914 Cleartext Transmission of Sensitive Information vulnerability in multiple products
A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality fail when multiple URLs are requested serially.
network
low complexity
haxx netapp splunk CWE-319
critical
 9.1
9.1
2022-12-05 CVE-2022-32221 Exposure of Resource to Wrong Sphere vulnerability in multiple products
When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback.
network
low complexity
haxx netapp debian apple splunk CWE-668
critical
 9.8
9.8
2022-10-31 CVE-2022-31692 Spring Security, versions 5.7 prior to 5.7.5 and 5.6 prior to 5.6.9 could be susceptible to authorization rules bypass via forward or include dispatcher types.
network
low complexity
vmware netapp
critical
 9.8
9.8
2022-10-13 CVE-2022-42889 Code Injection vulnerability in multiple products
Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded.
network
low complexity
apache netapp juniper CWE-94
critical
 9.8
9.8
2022-09-09 CVE-2022-2526 Use After Free vulnerability in multiple products
A use-after-free vulnerability was found in systemd.
network
low complexity
systemd-project netapp CWE-416
critical
 9.8
9.8
2022-09-01 CVE-2020-35527 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
In SQLite 3.31.1, there is an out of bounds access problem through ALTER TABLE for views that have a nested FROM clause.
network
low complexity
sqlite netapp CWE-119
critical
 9.8
9.8
2022-08-05 CVE-2022-37434 Out-of-bounds Write vulnerability in multiple products
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field.
network
low complexity
zlib fedoraproject debian netapp apple stormshield CWE-787
critical
 9.8
9.8
2022-07-07 CVE-2022-32207 Incorrect Default Permissions vulnerability in multiple products
When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended.
network
low complexity
haxx fedoraproject debian netapp apple splunk CWE-276
critical
 9.8
9.8
2022-07-06 CVE-2022-33980 Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded.
network
low complexity
apache netapp debian
critical
 9.8
9.8
2022-07-01 CVE-2022-2274 Out-of-bounds Write vulnerability in multiple products
The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions.
network
low complexity
openssl netapp CWE-787
critical
 9.8
9.8