Vulnerabilities > Netapp > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-07-06 CVE-2022-33980 Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded.
network
low complexity
apache netapp debian
critical
9.8
2022-07-01 CVE-2022-2274 Out-of-bounds Write vulnerability in multiple products
The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions.
network
low complexity
openssl netapp CWE-787
critical
9.8
2022-06-24 CVE-2021-38945 Unrestricted Upload of File with Dangerous Type vulnerability in multiple products
IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 could allow a remote attacker to upload arbitrary files, caused by improper content validation.
network
low complexity
ibm netapp CWE-434
critical
9.8
2022-06-21 CVE-2022-2068 OS Command Injection vulnerability in multiple products
In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review.
network
low complexity
openssl debian fedoraproject siemens netapp broadcom CWE-78
critical
9.8
2022-06-09 CVE-2022-28615 Integer Overflow or Wraparound vulnerability in multiple products
Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer.
network
low complexity
apache fedoraproject netapp CWE-190
critical
9.1
2022-06-09 CVE-2022-31813 Insufficient Verification of Data Authenticity vulnerability in multiple products
Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism.
network
low complexity
apache netapp fedoraproject CWE-345
critical
9.8
2022-05-26 CVE-2022-1664 Path Traversal vulnerability in multiple products
Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability.
network
low complexity
debian netapp CWE-22
critical
9.8
2022-05-19 CVE-2022-22978 Incorrect Authorization vulnerability in multiple products
In spring security versions prior to 5.4.11+, 5.5.7+ , 5.6.4+ and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers.
network
low complexity
vmware oracle netapp CWE-863
critical
9.8
2022-05-16 CVE-2022-1586 Out-of-bounds Read vulnerability in multiple products
An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file.
network
low complexity
pcre fedoraproject redhat netapp CWE-125
critical
9.1
2022-05-16 CVE-2022-1587 Out-of-bounds Read vulnerability in multiple products
An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file.
network
low complexity
pcre redhat fedoraproject netapp CWE-125
critical
9.1