Filtered by vendor Netapp
Subscribe
Total
2503 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-20839 | 2 Netapp, Systemd Project | 5 Cn1610, Cn1610 Firmware, Snapprotect and 2 more | 2025-05-05 | 4.3 MEDIUM | 4.3 MEDIUM |
| systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled. | |||||
| CVE-2016-1000338 | 4 Bouncycastle, Canonical, Netapp and 1 more | 5 Legion-of-the-bouncy-castle-java-crytography-api, Ubuntu Linux, 7-mode Transition Tool and 2 more | 2025-05-05 | 5.0 MEDIUM | 7.5 HIGH |
| In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of 'invisible' data into a signed structure. | |||||
| CVE-2021-38160 | 4 Debian, Linux, Netapp and 1 more | 9 Debian Linux, Linux Kernel, Element Software and 6 more | 2025-05-05 | 7.2 HIGH | 7.8 HIGH |
| In drivers/char/virtio_console.c in the Linux kernel before 5.13.4, data corruption or loss can be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size. NOTE: the vendor indicates that the cited data corruption is not a vulnerability in any existing use case; the length validation was added solely for robustness in the face of anomalous host OS behavior | |||||
| CVE-2022-43945 | 2 Linux, Netapp | 12 Linux Kernel, Active Iq Unified Manager, H300s and 9 more | 2025-05-01 | N/A | 7.5 HIGH |
| The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC message with garbage data is still correctly formed according to the specification and is passed forward to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the allocated buffer space. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | |||||
| CVE-2024-29131 | 3 Apache, Fedoraproject, Netapp | 4 Commons Configuration, Fedora, Ontap Tools and 1 more | 2025-05-01 | N/A | 7.3 HIGH |
| Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1. Users are recommended to upgrade to version 2.10.1, which fixes the issue. | |||||
| CVE-2021-35942 | 3 Debian, Gnu, Netapp | 7 Debian Linux, Glibc, Active Iq Unified Manager and 4 more | 2025-05-01 | 6.4 MEDIUM | 9.1 CRITICAL |
| The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs because atoi was used but strtoul should have been used to ensure correct calculations. | |||||
| CVE-2020-11993 | 7 Apache, Canonical, Debian and 4 more | 13 Http Server, Ubuntu Linux, Debian Linux and 10 more | 2025-05-01 | 4.3 MEDIUM | 7.5 HIGH |
| Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of mod_http2 above "info" will mitigate this vulnerability for unpatched servers. | |||||
| CVE-2021-36160 | 6 Apache, Broadcom, Debian and 3 more | 13 Http Server, Brocade Fabric Operating System Firmware, Debian Linux and 10 more | 2025-05-01 | 5.0 MEDIUM | 7.5 HIGH |
| A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive). | |||||
| CVE-2021-39275 | 6 Apache, Debian, Fedoraproject and 3 more | 11 Http Server, Debian Linux, Fedora and 8 more | 2025-05-01 | 7.5 HIGH | 9.8 CRITICAL |
| ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier. | |||||
| CVE-2021-44790 | 7 Apache, Apple, Debian and 4 more | 14 Http Server, Mac Os X, Macos and 11 more | 2025-05-01 | 7.5 HIGH | 9.8 CRITICAL |
| A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier. | |||||
| CVE-2022-26377 | 3 Apache, Fedoraproject, Netapp | 3 Http Server, Fedora, Clustered Data Ontap | 2025-05-01 | 5.0 MEDIUM | 7.5 HIGH |
| Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions. | |||||
| CVE-2022-30556 | 3 Apache, Fedoraproject, Netapp | 3 Http Server, Fedora, Clustered Data Ontap | 2025-05-01 | 5.0 MEDIUM | 7.5 HIGH |
| Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer. | |||||
| CVE-2022-31813 | 3 Apache, Fedoraproject, Netapp | 3 Http Server, Fedora, Clustered Data Ontap | 2025-05-01 | 7.5 HIGH | 9.8 CRITICAL |
| Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application. | |||||
| CVE-2022-45934 | 4 Debian, Fedoraproject, Linux and 1 more | 13 Debian Linux, Fedora, Linux Kernel and 10 more | 2025-04-29 | N/A | 7.8 HIGH |
| An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets. | |||||
| CVE-2022-45885 | 2 Linux, Netapp | 11 Linux Kernel, H300s, H300s Firmware and 8 more | 2025-04-29 | N/A | 7.0 HIGH |
| An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_frontend.c has a race condition that can cause a use-after-free when a device is disconnected. | |||||
| CVE-2022-40303 | 3 Apple, Netapp, Xmlsoft | 22 Ipados, Iphone Os, Macos and 19 more | 2025-04-29 | N/A | 7.5 HIGH |
| An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault. | |||||
| CVE-2022-40304 | 3 Apple, Netapp, Xmlsoft | 22 Ipados, Iphone Os, Macos and 19 more | 2025-04-28 | N/A | 7.8 HIGH |
| An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked. | |||||
| CVE-2022-45887 | 2 Linux, Netapp | 11 Linux Kernel, H300s, H300s Firmware and 8 more | 2025-04-25 | N/A | 4.7 MEDIUM |
| An issue was discovered in the Linux kernel through 6.0.9. drivers/media/usb/ttusb-dec/ttusb_dec.c has a memory leak because of the lack of a dvb_frontend_detach call. | |||||
| CVE-2021-42375 | 3 Busybox, Fedoraproject, Netapp | 19 Busybox, Fedora, Cloud Backup and 16 more | 2025-04-23 | 1.9 LOW | 5.5 MEDIUM |
| An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due to the shell mistaking specific characters for reserved characters. This may be used for DoS under rare conditions of filtered command input. | |||||
| CVE-2022-32207 | 6 Apple, Debian, Fedoraproject and 3 more | 19 Macos, Debian Linux, Fedora and 16 more | 2025-04-23 | 7.5 HIGH | 9.8 CRITICAL |
| When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended. | |||||