Vulnerabilities > Netapp > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-07-05 CVE-2022-2097 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances.
5.3
2022-07-01 CVE-2022-34903 Injection vulnerability in multiple products
GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line.
network
high complexity
gnupg fedoraproject debian netapp CWE-74
6.5
2022-06-30 CVE-2022-2056 Divide By Zero vulnerability in multiple products
Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file.
network
low complexity
libtiff netapp fedoraproject debian CWE-369
6.5
2022-06-30 CVE-2022-2057 Divide By Zero vulnerability in multiple products
Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file.
network
low complexity
libtiff netapp fedoraproject debian CWE-369
6.5
2022-06-30 CVE-2022-2058 Divide By Zero vulnerability in multiple products
Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file.
network
low complexity
libtiff netapp fedoraproject debian CWE-369
6.5
2022-06-24 CVE-2021-29768 IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a low level user to obtain sensitive information from the details of the 'Cloud Storage' page for which they should not have access.
network
low complexity
ibm netapp
6.5
2022-06-24 CVE-2021-39047 Cross-site Scripting vulnerability in multiple products
IBM Planning Analytics 2.0 and IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 are vulnerable to cross-site scripting.
network
low complexity
ibm netapp CWE-79
6.1
2022-06-23 CVE-2022-29526 Improper Privilege Management vulnerability in multiple products
Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment.
network
low complexity
golang fedoraproject netapp CWE-269
5.3
2022-06-09 CVE-2022-28614 Integer Overflow or Wraparound vulnerability in multiple products
The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function.
network
low complexity
apache fedoraproject netapp CWE-190
5.3
2022-06-02 CVE-2022-23237 Open Redirect vulnerability in Netapp E-Series Santricity OS Controller
E-Series SANtricity OS Controller Software 11.x versions through 11.70.2 are vulnerable to host header injection attacks that could allow an attacker to redirect users to malicious websites.
network
netapp CWE-601
5.8