Vulnerabilities > Netapp > High

DATE CVE VULNERABILITY TITLE RISK
2021-07-13 CVE-2021-35517 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs.
network
low complexity
apache netapp oracle CWE-770
7.5
2021-07-13 CVE-2021-36090 When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs.
network
low complexity
apache oracle netapp
7.5
2021-07-09 CVE-2021-3612 Out-of-bounds Write vulnerability in multiple products
An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP.
7.8
2021-06-11 CVE-2021-22901 Use After Free vulnerability in multiple products
curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection.
network
high complexity
haxx oracle netapp siemens splunk CWE-416
8.1
2021-06-07 CVE-2020-36387 Use After Free vulnerability in multiple products
An issue was discovered in the Linux kernel before 5.8.2.
local
low complexity
linux netapp CWE-416
7.8
2021-06-07 CVE-2020-36385 Use After Free vulnerability in multiple products
An issue was discovered in the Linux kernel before 5.10.
local
low complexity
linux netapp starwindsoftware CWE-416
7.8
2021-06-02 CVE-2021-3530 Uncontrolled Recursion vulnerability in multiple products
A flaw was discovered in GNU libiberty within demangle_path() in rust-demangle.c, as distributed in GNU Binutils version 2.36.
network
low complexity
gnu netapp CWE-674
7.5
2021-06-01 CVE-2020-4561 Inclusion of Functionality from Untrusted Control Sphere vulnerability in multiple products
IBM Cognos Analytics 11.0 and 11.1 DQM API allows submitting of all control requests in unauthenticated sessions.
network
low complexity
ibm netapp CWE-829
7.5
2021-06-01 CVE-2021-3516 Use After Free vulnerability in multiple products
There's a flaw in libxml2's xmllint in versions before 2.9.11.
7.8
2021-06-01 CVE-2021-23017 Off-by-one Error vulnerability in multiple products
A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.
network
high complexity
f5 openresty fedoraproject netapp oracle CWE-193
7.7