Vulnerabilities > Netapp > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-22 | CVE-2022-48564 | Resource Exhaustion vulnerability in multiple products read_ints in plistlib.py in Python through 3.9.1 is vulnerable to a potential DoS attack via CPU and RAM exhaustion when processing malformed Apple Property List files in binary format. | 6.5 |
| 2023-08-22 | CVE-2022-48566 | Race Condition vulnerability in multiple products An issue was discovered in compare_digest in Lib/hmac.py in Python through 3.9.1. | 5.9 |
| 2023-08-22 | CVE-2020-19185 | Out-of-bounds Write vulnerability in multiple products Buffer Overflow vulnerability in one_one_mapping function in progs/dump_entry.c:1373 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. | 6.5 |
| 2023-08-22 | CVE-2020-19186 | Out-of-bounds Write vulnerability in multiple products Buffer Overflow vulnerability in _nc_find_entry function in tinfo/comp_hash.c:66 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. | 6.5 |
| 2023-08-22 | CVE-2020-19187 | Out-of-bounds Write vulnerability in multiple products Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1100 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. | 6.5 |
| 2023-08-11 | CVE-2022-40982 | Information Exposure Through Discrepancy vulnerability in multiple products Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | 6.5 |
| 2023-08-09 | CVE-2023-4273 | Out-of-bounds Write vulnerability in multiple products A flaw was found in the exFAT driver of the Linux kernel. | 6.7 |
| 2023-08-07 | CVE-2023-36054 | Access of Uninitialized Pointer vulnerability in multiple products lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. | 6.5 |
| 2023-07-14 | CVE-2023-2975 | Improper Authentication vulnerability in multiple products Issue summary: The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries which are unauthenticated as a consequence. Impact summary: Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding or reordering such empty entries as these are ignored by the OpenSSL implementation. | 5.3 |
| 2023-06-30 | CVE-2023-3338 | NULL Pointer Dereference vulnerability in multiple products A null pointer dereference flaw was found in the Linux kernel's DECnet networking protocol. | 6.5 |