Filtered by vendor Netapp
Subscribe
Total
2390 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-12652 | 2 Libpng, Netapp | 2 Libpng, Active Iq Unified Manager | 2025-05-21 | 7.5 HIGH | 9.8 CRITICAL |
| libpng before 1.6.32 does not properly check the length of chunks against the user limit. | |||||
| CVE-2022-38732 | 1 Netapp | 1 Snapcenter | 2025-05-20 | N/A | 7.5 HIGH |
| SnapCenter versions prior to 4.7 shipped without Content Security Policy (CSP) implemented which could allow certain types of attacks that otherwise would be prevented. | |||||
| CVE-2023-28656 | 2 F5, Netapp | 5 Nginx Api Connectivity Manager, Nginx Instance Manager, Nginx Security Monitoring and 2 more | 2025-05-19 | N/A | 8.1 HIGH |
| NGINX Management Suite may allow an authenticated attacker to gain access to configuration objects outside of their assigned environment. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2023-27043 | 3 Fedoraproject, Netapp, Python | 4 Fedora, Active Iq Unified Manager, Ontap Select Deploy Administration Utility and 1 more | 2025-05-19 | N/A | 5.3 MEDIUM |
| The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python. | |||||
| CVE-2021-40438 | 11 Apache, Broadcom, Debian and 8 more | 40 Http Server, Brocade Fabric Operating System Firmware, Debian Linux and 37 more | 2025-05-16 | 6.8 MEDIUM | 9.0 CRITICAL |
| A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier. | |||||
| CVE-2024-20926 | 3 Debian, Netapp, Oracle | 8 Debian Linux, Cloud Insights Acquisition Unit, Cloud Insights Storage Workload Security Agent and 5 more | 2025-05-15 | N/A | 5.9 MEDIUM |
| Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Scripting). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21; Oracle GraalVM for JDK: 17.0.9; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). | |||||
| CVE-2024-20977 | 2 Netapp, Oracle | 2 Oncommand Insight, Mysql | 2025-05-15 | N/A | 6.5 MEDIUM |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2025-0725 | 2 Haxx, Netapp | 11 Curl, Libcurl, Hci Baseboard Management Controller and 8 more | 2025-05-13 | N/A | 7.3 HIGH |
| When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option, **using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would make libcurl perform a buffer overflow. | |||||
| CVE-2025-26465 | 4 Debian, Netapp, Openbsd and 1 more | 6 Debian Linux, Active Iq Unified Manager, Ontap and 3 more | 2025-05-13 | N/A | 6.8 MEDIUM |
| A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high. | |||||
| CVE-2019-17359 | 4 Apache, Bouncycastle, Netapp and 1 more | 21 Tomee, Bc-java, Active Iq Unified Manager and 18 more | 2025-05-12 | 5.0 MEDIUM | 7.5 HIGH |
| The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigger a large attempted memory allocation, and resultant OutOfMemoryError error, via crafted ASN.1 data. This is fixed in 1.64. | |||||
| CVE-2018-1000180 | 5 Bouncycastle, Debian, Netapp and 2 more | 21 Bc-java, Fips Java Api, Debian Linux and 18 more | 2025-05-12 | 5.0 MEDIUM | 7.5 HIGH |
| Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected. This appears to be fixed in versions BC 1.60 beta 4 and later, BC-FJA 1.0.2 and later. | |||||
| CVE-2018-1000613 | 4 Bouncycastle, Netapp, Opensuse and 1 more | 24 Bc-java, Oncommand Workflow Automation, Leap and 21 more | 2025-05-12 | 7.5 HIGH | 9.8 CRITICAL |
| Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which will be picked up from the class path for the executing application. This vulnerability appears to have been fixed in 1.60 and later. | |||||
| CVE-2022-23241 | 1 Netapp | 1 Clustered Data Ontap | 2025-05-09 | N/A | 8.1 HIGH |
| Clustered Data ONTAP versions 9.11.1 through 9.11.1P2 with SnapLock configured FlexGroups are susceptible to a vulnerability which could allow an authenticated remote attacker to arbitrarily modify or delete WORM data prior to the end of the retention period. | |||||
| CVE-2022-31690 | 2 Netapp, Vmware | 2 Active Iq Unified Manager, Spring Security | 2025-05-08 | N/A | 8.1 HIGH |
| Spring Security, versions 5.7 prior to 5.7.5, and 5.6 prior to 5.6.9, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can modify a request initiated by the Client (via the browser) to the Authorization Server which can lead to a privilege escalation on the subsequent approval. This scenario can happen if the Authorization Server responds with an OAuth2 Access Token Response containing an empty scope list (per RFC 6749, Section 5.1) on the subsequent request to the token endpoint to obtain the access token. | |||||
| CVE-2022-3599 | 3 Debian, Libtiff, Netapp | 3 Debian Linux, Libtiff, Active Iq Unified Manager | 2025-05-07 | N/A | 5.5 MEDIUM |
| LibTIFF 4.4.0 has an out-of-bounds read in writeSingleSection in tools/tiffcrop.c:7345, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit e8131125. | |||||
| CVE-2022-3598 | 3 Debian, Libtiff, Netapp | 3 Debian Linux, Libtiff, Active Iq Unified Manager | 2025-05-07 | N/A | 5.5 MEDIUM |
| LibTIFF 4.4.0 has an out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c:3604, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit cfbb883b. | |||||
| CVE-2022-3597 | 3 Debian, Libtiff, Netapp | 3 Debian Linux, Libtiff, Active Iq Unified Manager | 2025-05-07 | N/A | 5.5 MEDIUM |
| LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:6826, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191. | |||||
| CVE-2022-3626 | 3 Debian, Libtiff, Netapp | 3 Debian Linux, Libtiff, Active Iq Unified Manager | 2025-05-07 | N/A | 5.5 MEDIUM |
| LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c:340 when called from processCropSelections, tools/tiffcrop.c:7619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191. | |||||
| CVE-2022-3627 | 3 Debian, Libtiff, Netapp | 3 Debian Linux, Libtiff, Active Iq Unified Manager | 2025-05-07 | N/A | 5.5 MEDIUM |
| LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:6860, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191. | |||||
| CVE-2022-42915 | 5 Apple, Fedoraproject, Haxx and 2 more | 13 Macos, Fedora, Curl and 10 more | 2025-05-07 | N/A | 8.1 HIGH |
| curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTP(S) URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels the rest of the protocol through. An HTTP proxy might refuse this request (HTTP proxies often only allow outgoing connections to specific port numbers, like 443 for HTTPS) and instead return a non-200 status code to the client. Due to flaws in the error/cleanup handling, this could trigger a double free in curl if one of the following schemes were used in the URL for the transfer: dict, gopher, gophers, ldap, ldaps, rtmp, rtmps, or telnet. The earliest affected version is 7.77.0. | |||||