Vulnerabilities > Netapp > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-06-30 | CVE-2022-2057 | Divide By Zero vulnerability in multiple products Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. | 6.5 |
2022-06-30 | CVE-2022-2058 | Divide By Zero vulnerability in multiple products Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. | 6.5 |
2022-06-24 | CVE-2021-29768 | IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a low level user to obtain sensitive information from the details of the 'Cloud Storage' page for which they should not have access. | 6.5 |
2022-06-24 | CVE-2021-39047 | Cross-site Scripting vulnerability in multiple products IBM Planning Analytics 2.0 and IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 are vulnerable to cross-site scripting. | 6.1 |
2022-06-23 | CVE-2022-29526 | Improper Privilege Management vulnerability in multiple products Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. | 5.3 |
2022-06-09 | CVE-2022-28614 | Integer Overflow or Wraparound vulnerability in multiple products The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function. | 5.3 |
2022-06-02 | CVE-2022-23236 | Cleartext Storage of Sensitive Information vulnerability in Netapp E-Series Santricity OS Controller E-Series SANtricity OS Controller Software versions 11.40 through 11.70.2 store the LDAP BIND password in plaintext within a file accessible only to privileged users. | 4.4 |
2022-06-02 | CVE-2022-23237 | Open Redirect vulnerability in Netapp E-Series Santricity OS Controller E-Series SANtricity OS Controller Software 11.x versions through 11.70.2 are vulnerable to host header injection attacks that could allow an attacker to redirect users to malicious websites. | 6.1 |
2022-06-02 | CVE-2022-27774 | Insufficiently Protected Credentials vulnerability in multiple products An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers. | 5.7 |
2022-06-02 | CVE-2022-27776 | Insufficiently Protected Credentials vulnerability in multiple products A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number. | 6.5 |