Filtered by vendor Netapp
Subscribe
Total
2410 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-48064 | 3 Fedoraproject, Gnu, Netapp | 3 Fedora, Binutils, Ontap Select Deploy Administration Utility | 2024-11-21 | N/A | 5.5 MEDIUM |
| GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack. | |||||
| CVE-2022-45919 | 2 Linux, Netapp | 11 Linux Kernel, H300s, H300s Firmware and 8 more | 2024-11-21 | N/A | 7.0 HIGH |
| An issue was discovered in the Linux kernel through 6.0.10. In drivers/media/dvb-core/dvb_ca_en50221.c, a use-after-free can occur is there is a disconnect after an open, because of the lack of a wait_event. | |||||
| CVE-2022-45888 | 2 Linux, Netapp | 11 Linux Kernel, H300s, H300s Firmware and 8 more | 2024-11-21 | N/A | 6.4 MEDIUM |
| An issue was discovered in the Linux kernel through 6.0.9. drivers/char/xillybus/xillyusb.c has a race condition and use-after-free during physical removal of a USB device. | |||||
| CVE-2022-45886 | 2 Linux, Netapp | 11 Linux Kernel, H300s, H300s Firmware and 8 more | 2024-11-21 | N/A | 7.0 HIGH |
| An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_net.c has a .disconnect versus dvb_device_open race condition that leads to a use-after-free. | |||||
| CVE-2022-45884 | 2 Linux, Netapp | 11 Linux Kernel, H300s, H300s Firmware and 8 more | 2024-11-21 | N/A | 7.0 HIGH |
| An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvbdev.c has a use-after-free, related to dvb_register_device dynamically allocating fops. | |||||
| CVE-2022-43680 | 4 Debian, Fedoraproject, Libexpat Project and 1 more | 18 Debian Linux, Fedora, Libexpat and 15 more | 2024-11-21 | N/A | 7.5 HIGH |
| In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations. | |||||
| CVE-2022-43551 | 4 Fedoraproject, Haxx, Netapp and 1 more | 7 Fedora, Curl, Active Iq Unified Manager and 4 more | 2024-11-21 | N/A | 7.5 HIGH |
| A vulnerability exists in curl <7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. However, the HSTS mechanism could be bypassed if the host name in the given URL first uses IDN characters that get replaced to ASCII counterparts as part of the IDN conversion. Like using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop (U+002E) `.`. Then in a subsequent request, it does not detect the HSTS state and makes a clear text transfer. Because it would store the info IDN encoded but look for it IDN decoded. | |||||
| CVE-2022-42889 | 3 Apache, Juniper, Netapp | 10 Commons Text, Jsa1500, Jsa3500 and 7 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "${prefix:name}", where "prefix" is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation. Starting with version 1.5 and continuing through 1.9, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - "script" - execute expressions using the JVM script execution engine (javax.script) - "dns" - resolve dns records - "url" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Text 1.10.0, which disables the problematic interpolators by default. | |||||
| CVE-2022-42004 | 4 Debian, Fasterxml, Netapp and 1 more | 4 Debian Linux, Jackson-databind, Oncommand Workflow Automation and 1 more | 2024-11-21 | N/A | 7.5 HIGH |
| In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization. | |||||
| CVE-2022-42003 | 4 Debian, Fasterxml, Netapp and 1 more | 4 Debian Linux, Jackson-databind, Oncommand Workflow Automation and 1 more | 2024-11-21 | N/A | 7.5 HIGH |
| In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. | |||||
| CVE-2022-41222 | 4 Canonical, Debian, Linux and 1 more | 4 Ubuntu Linux, Debian Linux, Linux Kernel and 1 more | 2024-11-21 | N/A | 7.0 HIGH |
| mm/mremap.c in the Linux kernel before 5.13.3 has a use-after-free via a stale TLB because an rmap lock is not held during a PUD move. | |||||
| CVE-2022-40982 | 5 Debian, Intel, Netapp and 2 more | 1052 Debian Linux, Celeron 5205u, Celeron 5205u Firmware and 1049 more | 2024-11-21 | N/A | 6.5 MEDIUM |
| Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2022-3970 | 4 Apple, Debian, Libtiff and 1 more | 7 Ipados, Iphone Os, Macos and 4 more | 2024-11-21 | N/A | 6.3 MEDIUM |
| A vulnerability was found in LibTIFF. It has been classified as critical. This affects the function TIFFReadRGBATileExt of the file libtiff/tif_getimage.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 227500897dfb07fb7d27f7aa570050e62617e3be. It is recommended to apply a patch to fix this issue. The identifier VDB-213549 was assigned to this vulnerability. | |||||
| CVE-2022-3705 | 4 Debian, Fedoraproject, Netapp and 1 more | 4 Debian Linux, Fedora, Active Iq Unified Manager and 1 more | 2024-11-21 | N/A | 5.0 MEDIUM |
| A vulnerability was found in vim and classified as problematic. Affected by this issue is the function qf_update_buffer of the file quickfix.c of the component autocmd Handler. The manipulation leads to use after free. The attack may be launched remotely. Upgrading to version 9.0.0805 is able to address this issue. The name of the patch is d0fab10ed2a86698937e3c3fed2f10bd9bb5e731. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-212324. | |||||
| CVE-2022-3649 | 3 Debian, Linux, Netapp | 11 Debian Linux, Linux Kernel, Active Iq Unified Manager and 8 more | 2024-11-21 | N/A | 3.1 LOW |
| A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_new_inode of the file fs/nilfs2/inode.c of the component BPF. The manipulation leads to use after free. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211992. | |||||
| CVE-2022-3564 | 3 Debian, Linux, Netapp | 10 Debian Linux, Linux Kernel, H300s and 7 more | 2024-11-21 | N/A | 5.5 MEDIUM |
| A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211087. | |||||
| CVE-2022-3545 | 3 Debian, Linux, Netapp | 12 Debian Linux, Linux Kernel, H300s and 9 more | 2024-11-21 | N/A | 5.5 MEDIUM |
| A vulnerability has been found in Linux Kernel and classified as critical. Affected by this vulnerability is the function area_cache_get of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211045 was assigned to this vulnerability. | |||||
| CVE-2022-3202 | 2 Linux, Netapp | 11 Linux Kernel, H300s, H300s Firmware and 8 more | 2024-11-21 | N/A | 7.1 HIGH |
| A NULL pointer dereference flaw in diFree in fs/jfs/inode.c in Journaled File System (JFS)in the Linux kernel. This could allow a local attacker to crash the system or leak kernel internal information. | |||||
| CVE-2022-39410 | 2 Netapp, Oracle | 3 Oncommand Insight, Oncommand Workflow Automation, Mysql | 2024-11-21 | N/A | 6.5 MEDIUM |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2022-39408 | 2 Netapp, Oracle | 3 Oncommand Insight, Oncommand Workflow Automation, Mysql | 2024-11-21 | N/A | 6.5 MEDIUM |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | |||||