Vulnerabilities > Netapp > High

DATE CVE VULNERABILITY TITLE RISK
2022-07-19 CVE-2022-34169 Incorrect Conversion between Numeric Types vulnerability in multiple products
The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets.
7.5
2022-07-15 CVE-2022-30634 Infinite Loop vulnerability in multiple products
Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 << 32 - 1 bytes.
network
low complexity
golang netapp CWE-835
7.5
2022-07-15 CVE-2022-31107 Incorrect Authorization vulnerability in multiple products
Grafana is an open-source platform for monitoring and observability.
network
high complexity
grafana netapp CWE-863
7.5
2022-07-15 CVE-2022-31097 Cross-site Scripting vulnerability in multiple products
Grafana is an open-source platform for monitoring and observability.
network
low complexity
grafana netapp CWE-79
8.7
2022-07-07 CVE-2022-2048 In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources.
network
low complexity
eclipse debian netapp jenkins
7.5
2022-07-04 CVE-2022-34918 Type Confusion vulnerability in multiple products
An issue was discovered in the Linux kernel through 5.18.9.
local
low complexity
linux debian canonical netapp CWE-843
7.8
2022-06-13 CVE-2022-29244 Information Exposure vulnerability in multiple products
npm pack ignores root-level .gitignore and .npmignore file exclusion directives when run in a workspace or with a workspace flag (ie.
network
low complexity
npmjs netapp CWE-200
7.5
2022-06-09 CVE-2022-26377 HTTP Request Smuggling vulnerability in multiple products
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to.
network
low complexity
apache fedoraproject netapp CWE-444
7.5
2022-06-09 CVE-2022-29404 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size.
network
low complexity
apache fedoraproject netapp CWE-770
7.5
2022-06-09 CVE-2022-30522 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large, mod_sed may make excessively large memory allocations and trigger an abort.
network
low complexity
apache netapp fedoraproject CWE-770
7.5