Vulnerabilities > Netapp > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-05-16 CVE-2022-1586 Out-of-bounds Read vulnerability in multiple products
An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file.
network
low complexity
pcre fedoraproject redhat netapp debian CWE-125
critical
 9.1
9.1
2022-05-16 CVE-2022-1587 Out-of-bounds Read vulnerability in multiple products
An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file.
network
low complexity
pcre redhat fedoraproject netapp CWE-125
critical
 9.1
9.1
2022-05-04 CVE-2022-29155 SQL Injection vulnerability in multiple products
In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query.
network
low complexity
openldap debian netapp CWE-89
critical
 9.8
9.8
2022-05-03 CVE-2022-1292 OS Command Injection vulnerability in multiple products
The c_rehash script does not properly sanitise shell metacharacters to prevent command injection.
network
low complexity
openssl debian netapp oracle fedoraproject CWE-78
critical
 9.8
9.8
2022-04-25 CVE-2022-23457 ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library.
network
low complexity
owasp oracle netapp
critical
 9.8
9.8
2022-02-11 CVE-2022-23806 Unchecked Return Value vulnerability in multiple products
Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element.
network
low complexity
golang netapp debian CWE-252
critical
 9.1
9.1
2022-01-24 CVE-2022-23852 Integer Overflow or Wraparound vulnerability in multiple products
Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.
network
low complexity
libexpat-project netapp tenable debian oracle siemens CWE-190
critical
 9.8
9.8
2022-01-18 CVE-2022-23305 SQL Injection vulnerability in multiple products
By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout.
network
low complexity
apache netapp broadcom qos oracle CWE-89
critical
 9.8
9.8
2021-12-23 CVE-2021-27007 Unspecified vulnerability in Netapp Virtual Desktop Service
NetApp Virtual Desktop Service (VDS) when used with an HTML5 gateway is susceptible to a vulnerability which when successfully exploited could allow an unauthenticated attacker to takeover a Remote Desktop Session.
network
low complexity
netapp
critical
 9.8
9.8
2021-12-20 CVE-2021-44790 A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts).
network
low complexity
apache fedoraproject debian tenable netapp oracle apple
critical
 9.8
9.8