Filtered by vendor Netapp
Subscribe
Total
2037 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-2764 | 2 Netapp, Redhat | 9 Active Iq Unified Manager, Cloud Secure Agent, Oncommand Insight and 6 more | 2022-11-07 | N/A | 4.9 MEDIUM |
| A flaw was found in Undertow. Denial of service can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations. | |||||
| CVE-2022-1319 | 2 Netapp, Redhat | 7 Active Iq Unified Manager, Cloud Secure Agent, Oncommand Insight and 4 more | 2022-11-07 | N/A | 7.5 HIGH |
| A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG. | |||||
| CVE-2022-1259 | 2 Netapp, Redhat | 10 Active Iq Unified Manager, Cloud Secure Agent, Oncommand Insight and 7 more | 2022-11-07 | N/A | 7.5 HIGH |
| A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may cause overhead or a denial of service in the server. This flaw exists because of an incomplete fix for CVE-2021-3629. | |||||
| CVE-2021-22939 | 5 Debian, Netapp, Nodejs and 2 more | 8 Debian Linux, Nextgen Api, Node.js and 5 more | 2022-11-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| If the Node.js https API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error was returned and connections to servers with an expired certificate would have been accepted. | |||||
| CVE-2022-24407 | 5 Cyrusimap, Debian, Fedoraproject and 2 more | 8 Cyrus-sasl, Debian Linux, Fedora and 5 more | 2022-11-07 | 6.5 MEDIUM | 8.8 HIGH |
| In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement. | |||||
| CVE-2021-41182 | 7 Debian, Drupal, Fedoraproject and 4 more | 37 Debian Linux, Drupal, Fedora and 34 more | 2022-11-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources. | |||||
| CVE-2019-19063 | 7 Broadcom, Canonical, Fedoraproject and 4 more | 20 Brocade Fabric Operating System Firmware, Ubuntu Linux, Fedora and 17 more | 2022-11-07 | 4.9 MEDIUM | 4.6 MEDIUM |
| Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption), aka CID-3f9361695113. | |||||
| CVE-2021-41184 | 6 Drupal, Fedoraproject, Jquery and 3 more | 35 Drupal, Fedora, Jquery Ui and 32 more | 2022-11-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources. | |||||
| CVE-2021-41183 | 7 Debian, Drupal, Fedoraproject and 4 more | 36 Debian Linux, Drupal, Fedora and 33 more | 2022-11-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various `*Text` options are now always treated as pure text, not HTML. A workaround is to not accept the value of the `*Text` options from untrusted sources. | |||||
| CVE-2019-19057 | 7 Broadcom, Canonical, Debian and 4 more | 20 Brocade Fabric Operating System Firmware, Ubuntu Linux, Debian Linux and 17 more | 2022-11-07 | 2.1 LOW | 3.3 LOW |
| Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures, aka CID-d10dcb615c8e. | |||||
| CVE-2021-3326 | 5 Debian, Fujitsu, Gnu and 2 more | 17 Debian Linux, M10-1, M10-1 Firmware and 14 more | 2022-11-04 | 5.0 MEDIUM | 7.5 HIGH |
| The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service. | |||||
| CVE-2022-36879 | 3 Debian, Linux, Netapp | 43 Debian Linux, Linux Kernel, A700s and 40 more | 2022-11-04 | N/A | 5.5 MEDIUM |
| An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice. | |||||
| CVE-2022-21592 | 2 Netapp, Oracle | 3 Oncommand Insight, Oncommand Workflow Automation, Mysql | 2022-11-04 | N/A | 4.3 MEDIUM |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 5.7.39 and prior and 8.0.29 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). | |||||
| CVE-2022-21589 | 2 Netapp, Oracle | 3 Oncommand Insight, Oncommand Workflow Automation, Mysql | 2022-11-04 | N/A | 4.3 MEDIUM |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 5.7.39 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). | |||||
| CVE-2022-21600 | 2 Netapp, Oracle | 3 Oncommand Insight, Oncommand Workflow Automation, Mysql | 2022-11-04 | N/A | 7.2 HIGH |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). | |||||
| CVE-2022-21607 | 2 Netapp, Oracle | 3 Oncommand Insight, Oncommand Workflow Automation, Mysql | 2022-11-04 | N/A | 4.9 MEDIUM |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2022-21605 | 2 Netapp, Oracle | 3 Oncommand Insight, Oncommand Workflow Automation, Mysql | 2022-11-04 | N/A | 4.9 MEDIUM |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Data Dictionary). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2022-21638 | 2 Netapp, Oracle | 3 Oncommand Insight, Oncommand Workflow Automation, Mysql | 2022-11-04 | N/A | 4.9 MEDIUM |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2022-21635 | 2 Netapp, Oracle | 3 Oncommand Insight, Oncommand Workflow Automation, Mysql | 2022-11-04 | N/A | 6.5 MEDIUM |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H). | |||||
| CVE-2022-21641 | 2 Netapp, Oracle | 3 Oncommand Insight, Oncommand Workflow Automation, Mysql | 2022-11-04 | N/A | 4.9 MEDIUM |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||||