Vulnerabilities > Netapp > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-09-01 CVE-2021-39009 Cleartext Storage of Sensitive Information vulnerability in multiple products
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 stores user credentials in plain clear text which can be read by a local privileged user.
local
low complexity
ibm netapp CWE-312
5.5
2022-09-01 CVE-2021-39045 Insufficiently Protected Credentials vulnerability in multiple products
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a local attacker to obtain information due to the autocomplete feature on password input fields.
local
low complexity
ibm netapp CWE-522
5.5
2022-08-31 CVE-2022-1354 Out-of-bounds Read vulnerability in multiple products
A heap buffer overflow flaw was found in Libtiffs' tiffinfo.c in TIFFReadRawDataStriped() function.
5.5
2022-08-31 CVE-2022-1355 Stack-based Buffer Overflow vulnerability in multiple products
A stack buffer overflow flaw was found in Libtiffs' tiffcp.c in main() function.
6.1
2022-08-31 CVE-2022-39046 Information Exposure Through Log Files vulnerability in multiple products
An issue was discovered in the GNU C Library (glibc) 2.36.
network
low complexity
gnu netapp CWE-532
5.3
2022-08-29 CVE-2022-36033 Cross-site Scripting vulnerability in multiple products
jsoup is a Java HTML parser, built for HTML editing, cleaning, scraping, and cross-site scripting (XSS) safety.
network
low complexity
jsoup netapp CWE-79
6.1
2022-08-29 CVE-2022-2953 Out-of-bounds Read vulnerability in multiple products
LibTIFF 4.4.0 has an out-of-bounds read in extractImageSection in tools/tiffcrop.c:6905, allowing attackers to cause a denial-of-service via a crafted tiff file.
local
low complexity
libtiff netapp debian CWE-125
5.5
2022-08-25 CVE-2022-23235 Unspecified vulnerability in Netapp Active IQ Unified Manager
Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.10P1 are susceptible to a vulnerability which could allow an attacker to discover cluster, node and Active IQ Unified Manager specific information via AutoSupport telemetry data that is sent even when AutoSupport has been disabled.
network
low complexity
netapp
5.3
2022-08-24 CVE-2021-4189 Unchecked Return Value vulnerability in multiple products
A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode.
network
low complexity
python debian redhat netapp CWE-252
5.3
2022-08-24 CVE-2021-4209 NULL Pointer Dereference vulnerability in multiple products
A NULL pointer dereference flaw was found in GnuTLS.
network
low complexity
gnu redhat netapp CWE-476
6.5