High

DATE	CVE	VULNERABILITY TITLE	RISK
2022-01-18	CVE-2022-23302	Deserialization of Untrusted Data vulnerability in multiple products JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. network low complexity apache netapp broadcom qos oracle CWE-502	8.8
2022-01-14	CVE-2022-23222	NULL Pointer Dereference vulnerability in multiple products kernel/bpf/verifier.c in the Linux kernel through 5.15.14 allows local users to gain privileges because of the availability of pointer arithmetic via certain *_OR_NULL pointer types. local low complexity linux debian netapp fedoraproject CWE-476	7.8
2022-01-06	CVE-2021-46143	Integer Overflow or Wraparound vulnerability in multiple products In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize. local low complexity libexpat-project netapp tenable siemens CWE-190	7.8
2022-01-01	CVE-2021-45960	Incorrect Calculation vulnerability in multiple products In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory). network low complexity libexpat-project tenable debian siemens netapp CWE-682	8.8
2022-01-01	CVE-2021-44716	Resource Exhaustion vulnerability in multiple products net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests. network low complexity golang debian netapp CWE-400	7.5
2021-12-25	CVE-2021-45485	Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses. network low complexity linux netapp oracle CWE-327	7.5
2021-12-23	CVE-2021-27007	Unspecified vulnerability in Netapp Virtual Desktop Service NetApp Virtual Desktop Service (VDS) when used with an HTML5 gateway is susceptible to a vulnerability which when successfully exploited could allow an unauthenticated attacker to takeover a Remote Desktop Session. network low complexity netapp	7.5
2021-12-23	CVE-2021-45469	Out-of-bounds Read vulnerability in multiple products In __f2fs_setxattr in fs/f2fs/xattr.c in the Linux kernel through 5.15.11, there is an out-of-bounds memory access when an inode has an invalid last xattr entry. local low complexity linux fedoraproject debian netapp CWE-125	7.8
2021-12-22	CVE-2021-44733	Race Condition vulnerability in multiple products A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11. local high complexity linux redhat fedoraproject debian netapp CWE-362	7.0
2021-12-15	CVE-2021-45078	Out-of-bounds Write vulnerability in multiple products stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. local low complexity gnu fedoraproject redhat debian netapp CWE-787	7.8