Vulnerabilities > Netapp > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-08-18 | CVE-2021-37714 | Infinite Loop vulnerability in multiple products jsoup is a Java library for working with HTML. | 7.5 |
2021-08-16 | CVE-2021-22940 | Use After Free vulnerability in multiple products Node.js before 16.6.1, 14.17.5, and 12.22.5 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior. | 7.5 |
2021-08-08 | CVE-2021-38201 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products net/sunrpc/xdr.c in the Linux kernel before 5.13.4 allows remote attackers to cause a denial of service (xdr_set_page_base slab-out-of-bounds access) by performing many NFS 4.2 READ_PLUS operations. | 7.5 |
2021-08-08 | CVE-2021-38202 | Out-of-bounds Read vulnerability in multiple products fs/nfsd/trace.h in the Linux kernel before 5.13.4 might allow remote attackers to cause a denial of service (out-of-bounds read in strlen) by sending NFS traffic when the trace event framework is being used for nfsd. | 7.5 |
2021-08-07 | CVE-2021-38160 | Classic Buffer Overflow vulnerability in multiple products In drivers/char/virtio_console.c in the Linux kernel before 5.13.4, data corruption or loss can be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size. | 7.8 |
2021-08-05 | CVE-2021-22926 | Improper Certificate Validation vulnerability in multiple products libcurl-using applications can ask for a specific client certificate to be used in a transfer. | 7.5 |
2021-08-05 | CVE-2021-3580 | Improper Input Validation vulnerability in multiple products A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. | 7.5 |
2021-08-02 | CVE-2021-33195 | Injection vulnerability in multiple products Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does not conform to the RFC1035 format. | 7.3 |
2021-07-22 | CVE-2021-32785 | Use of Externally-Controlled Format String vulnerability in multiple products mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. | 7.5 |
2021-07-22 | CVE-2021-36222 | NULL Pointer Dereference vulnerability in multiple products ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. | 7.5 |