Vulnerabilities > Netapp > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-06-23 CVE-2022-29526 Improper Privilege Management vulnerability in multiple products
Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment.
network
low complexity
golang fedoraproject netapp CWE-269
5.3
2022-06-09 CVE-2022-28614 Integer Overflow or Wraparound vulnerability in multiple products
The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function.
network
low complexity
apache fedoraproject netapp CWE-190
5.3
2022-06-02 CVE-2022-23236 Cleartext Storage of Sensitive Information vulnerability in Netapp E-Series Santricity OS Controller
E-Series SANtricity OS Controller Software versions 11.40 through 11.70.2 store the LDAP BIND password in plaintext within a file accessible only to privileged users.
local
low complexity
netapp CWE-312
4.4
2022-06-02 CVE-2022-23237 Open Redirect vulnerability in Netapp E-Series Santricity OS Controller
E-Series SANtricity OS Controller Software 11.x versions through 11.70.2 are vulnerable to host header injection attacks that could allow an attacker to redirect users to malicious websites.
network
low complexity
netapp CWE-601
6.1
2022-06-02 CVE-2022-27774 Insufficiently Protected Credentials vulnerability in multiple products
An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers.
network
low complexity
haxx debian netapp brocade splunk CWE-522
5.7
2022-06-02 CVE-2022-27776 Insufficiently Protected Credentials vulnerability in multiple products
A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number.
6.5
2022-06-02 CVE-2022-27779 libcurl wrongly allows cookies to be set for Top Level Domains (TLDs) if thehost name is provided with a trailing dot.curl can be told to receive and send cookies.
network
low complexity
haxx netapp splunk
5.3
2022-06-02 CVE-2022-30115 Cleartext Transmission of Sensitive Information vulnerability in multiple products
Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure clear-text HTTP step even when HTTP is provided in theURL.
network
low complexity
haxx netapp splunk CWE-319
4.3
2022-05-24 CVE-2021-3597 Race Condition vulnerability in multiple products
A flaw was found in undertow.
network
high complexity
redhat netapp CWE-362
5.9
2022-05-24 CVE-2021-3629 Resource Exhaustion vulnerability in multiple products
A flaw was found in Undertow.
network
high complexity
redhat netapp CWE-400
5.9