Vulnerabilities > Netapp > High

DATE CVE VULNERABILITY TITLE RISK
2022-08-24 CVE-2021-3999 Off-by-one Error vulnerability in multiple products
A flaw was found in glibc.
local
low complexity
gnu debian netapp CWE-193
7.8
2022-08-24 CVE-2021-4204 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
An out-of-bounds (OOB) memory access flaw was found in the Linux kernel's eBPF due to an Improper Input Validation.
local
low complexity
linux debian redhat netapp CWE-119
7.1
2022-08-23 CVE-2022-2938 Use After Free vulnerability in multiple products
A flaw was found in the Linux kernel's implementation of Pressure Stall Information.
local
low complexity
linux redhat fedoraproject netapp CWE-416
7.8
2022-08-23 CVE-2022-31676 Improper Privilege Management vulnerability in multiple products
VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege escalation vulnerability.
local
low complexity
vmware debian fedoraproject netapp CWE-269
7.8
2022-08-18 CVE-2021-33060 Out-of-bounds Write vulnerability in multiple products
Out-of-bounds write in the BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access.
local
low complexity
intel netapp CWE-787
7.8
2022-08-10 CVE-2022-28131 Uncontrolled Recursion vulnerability in multiple products
Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document.
network
low complexity
golang fedoraproject netapp CWE-674
7.5
2022-08-05 CVE-2022-1973 Use After Free vulnerability in multiple products
A use-after-free flaw was found in the Linux kernel in log_replay in fs/ntfs3/fslog.c in the NTFS journal.
local
low complexity
linux fedoraproject netapp CWE-416
7.1
2022-08-03 CVE-2022-35737 Improper Validation of Array Index vulnerability in multiple products
SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.
network
low complexity
sqlite netapp splunk CWE-129
7.5
2022-07-27 CVE-2022-36946 nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len.
network
low complexity
linux debian netapp
7.5
2022-07-26 CVE-2022-1671 NULL Pointer Dereference vulnerability in multiple products
A NULL pointer dereference flaw was found in rxrpc_preparse_s in net/rxrpc/server_key.c in the Linux kernel.
local
low complexity
linux netapp CWE-476
7.1