High

DATE	CVE	VULNERABILITY TITLE	RISK
2022-07-19	CVE-2022-34169	Incorrect Conversion between Numeric Types vulnerability in multiple products The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. network low complexity apache debian oracle fedoraproject netapp azul CWE-681	7.5
2022-07-15	CVE-2022-30634	Infinite Loop vulnerability in multiple products Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 << 32 - 1 bytes. network low complexity golang netapp CWE-835	7.5
2022-07-15	CVE-2022-31107	Incorrect Authorization vulnerability in multiple products Grafana is an open-source platform for monitoring and observability. network high complexity grafana netapp CWE-863	7.5
2022-07-15	CVE-2022-31097	Cross-site Scripting vulnerability in multiple products Grafana is an open-source platform for monitoring and observability. network low complexity grafana netapp CWE-79	8.7
2022-07-07	CVE-2022-2048	In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. network low complexity eclipse debian netapp jenkins	7.5
2022-07-04	CVE-2022-34918	Type Confusion vulnerability in multiple products An issue was discovered in the Linux kernel through 5.18.9. local low complexity linux debian canonical netapp CWE-843	7.8
2022-06-13	CVE-2022-29244	Information Exposure vulnerability in multiple products npm pack ignores root-level .gitignore and .npmignore file exclusion directives when run in a workspace or with a workspace flag (ie. network low complexity npmjs netapp CWE-200	7.5
2022-06-09	CVE-2022-26377	HTTP Request Smuggling vulnerability in multiple products Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. network low complexity apache fedoraproject netapp CWE-444	7.5
2022-06-09	CVE-2022-29404	Allocation of Resources Without Limits or Throttling vulnerability in multiple products In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size. network low complexity apache fedoraproject netapp CWE-770	7.5
2022-06-09	CVE-2022-30522	Allocation of Resources Without Limits or Throttling vulnerability in multiple products If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large, mod_sed may make excessively large memory allocations and trigger an abort. network low complexity apache netapp fedoraproject CWE-770	7.5