Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Netapp Subscribe
Filtered by product Cloud Backup
Total 321 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-22922 5 Fedoraproject, Haxx, Netapp and 2 more 22 Fedora, Curl, Cloud Backup and 19 more 2023-01-05 4.3 MEDIUM 6.5 MEDIUM
When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the client how to get the same contentfrom a set of different URLs, potentially hosted by different servers and theclient can then download the file from one or several of them. In a serial orparallel manner.If one of the servers hosting the contents has been breached and the contentsof the specific file on that server is replaced with a modified payload, curlshould detect this when the hash of the file mismatches after a completeddownload. It should remove the contents and instead try getting the contentsfrom another URL. This is not done, and instead such a hash mismatch is onlymentioned in text and the potentially malicious content is kept in the file ondisk.
CVE-2021-22945 7 Apple, Debian, Fedoraproject and 4 more 24 Macos, Debian Linux, Fedora and 21 more 2022-12-22 5.8 MEDIUM 9.1 CRITICAL
When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it *again*.
CVE-2019-19966 4 Debian, Linux, Netapp and 1 more 13 Debian Linux, Linux Kernel, Active Iq Unified Manager and 10 more 2022-12-20 2.1 LOW 4.6 MEDIUM
In the Linux kernel before 5.1.6, there is a use-after-free in cpia2_exit() in drivers/media/usb/cpia2/cpia2_v4l.c that will cause denial of service, aka CID-dea37a972655.
CVE-2019-19922 5 Canonical, Debian, Linux and 2 more 14 Ubuntu Linux, Debian Linux, Linux Kernel and 11 more 2022-12-14 2.1 LOW 5.5 MEDIUM
kernel/sched/fair.c in the Linux kernel before 5.3.9, when cpu.cfs_quota_us is used (e.g., with Kubernetes), allows attackers to cause a denial of service against non-cpu-bound applications by generating a workload that triggers unwanted slice expiration, aka CID-de53fd7aedb1. (In other words, although this slice expiration would typically be seen with benign workloads, it is possible that an attacker could calculate how many stray requests are required to force an entire Kubernetes cluster into a low-performance state caused by slice expiration, and ensure that a DDoS attack sent that number of stray requests. An attack does not affect the stability of the kernel; it only causes mismanagement of application execution.)
CVE-2017-15906 5 Debian, Netapp, Openbsd and 2 more 22 Debian Linux, Active Iq Unified Manager, Cloud Backup and 19 more 2022-12-13 5.0 MEDIUM 5.3 MEDIUM
The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.
CVE-2021-25219 6 Debian, Fedoraproject, Isc and 3 more 23 Debian Linux, Fedora, Bind and 20 more 2022-12-07 5.0 MEDIUM 5.3 MEDIUM
In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the BIND 9.17 development branch, exploitation of broken authoritative servers using a flaw in response processing can cause degradation in BIND resolver performance. The way the lame cache is currently designed makes it possible for its internal data structures to grow almost infinitely, which may cause significant delays in client query processing.
CVE-2021-27219 5 Broadcom, Debian, Fedoraproject and 2 more 7 Brocade Fabric Operating System Firmware, Debian Linux, Fedora and 4 more 2022-12-07 5.0 MEDIUM 7.5 HIGH
An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption.
CVE-2021-27218 5 Broadcom, Debian, Fedoraproject and 2 more 7 Brocade Fabric Operating System Firmware, Debian Linux, Fedora and 4 more 2022-12-07 5.0 MEDIUM 7.5 HIGH
An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation.
CVE-2020-15861 3 Canonical, Net-snmp, Netapp 5 Ubuntu Linux, Net-snmp, Cloud Backup and 2 more 2022-12-03 7.2 HIGH 7.8 HIGH
Net-SNMP through 5.7.3 allows Escalation of Privileges because of UNIX symbolic link (symlink) following.
CVE-2020-15852 3 Linux, Netapp, Xen 5 Linux Kernel, Cloud Backup, Solidfire Baseboard Management Controller and 2 more 2022-12-03 4.6 MEDIUM 7.8 HIGH
An issue was discovered in the Linux kernel 5.5 through 5.7.9, as used in Xen through 4.13.x for x86 PV guests. An attacker may be granted the I/O port permissions of an unrelated task. This occurs because tss_invalidate_io_bitmap mishandling causes a loss of synchronization between the I/O bitmaps of TSS and Xen, aka CID-cadfad870154.
CVE-2020-14155 5 Apple, Gitlab, Netapp and 2 more 19 Macos, Gitlab, Active Iq Unified Manager and 16 more 2022-12-02 5.0 MEDIUM 5.3 MEDIUM
libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.
CVE-2020-12888 6 Canonical, Debian, Fedoraproject and 3 more 39 Ubuntu Linux, Debian Linux, Fedora and 36 more 2022-11-14 4.7 MEDIUM 5.3 MEDIUM
The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space.
CVE-2019-11089 2 Intel, Netapp 6 Graphics Driver, Cloud Backup, Data Availability Services and 3 more 2022-11-09 2.1 LOW 5.5 MEDIUM
Insufficient input validation in Kernel Mode module for Intel(R) Graphics Driver before version 25.20.100.6519 may allow an authenticated user to potentially enable denial of service via local access.
CVE-2019-11111 2 Intel, Netapp 6 Graphics Driver, Cloud Backup, Data Availability Services and 3 more 2022-11-09 4.6 MEDIUM 7.8 HIGH
Pointer corruption in the Unified Shader Compiler in Intel(R) Graphics Drivers before 10.18.14.5074 (aka 15.36.x.5074) may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2019-11113 2 Intel, Netapp 6 Graphics Driver, Cloud Backup, Data Availability Services and 3 more 2022-11-09 2.1 LOW 4.4 MEDIUM
Buffer overflow in Kernel Mode module for Intel(R) Graphics Driver before version 25.20.100.6618 (DCH) or 21.20.x.5077 (aka15.45.5077) may allow a privileged user to potentially enable information disclosure via local access.
CVE-2019-14574 2 Intel, Netapp 6 Graphics Driver, Cloud Backup, Data Availability Services and 3 more 2022-11-09 2.1 LOW 5.5 MEDIUM
Out of bounds read in a subsystem for Intel(R) Graphics Driver versions before 26.20.100.7209 may allow an authenticated user to potentially enable denial of service via local access.
CVE-2019-14590 2 Intel, Netapp 6 Graphics Driver, Cloud Backup, Data Availability Services and 3 more 2022-11-09 2.1 LOW 5.5 MEDIUM
Improper access control in the API for the Intel(R) Graphics Driver versions before 26.20.100.7209 may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2019-14591 2 Intel, Netapp 6 Graphics Driver, Cloud Backup, Data Availability Services and 3 more 2022-11-09 2.1 LOW 5.5 MEDIUM
Improper input validation in the API for Intel(R) Graphics Driver versions before 26.20.100.7209 may allow an authenticated user to potentially enable denial of service via local access.
CVE-2020-10029 6 Canonical, Debian, Fedoraproject and 3 more 12 Ubuntu Linux, Debian Linux, Fedora and 9 more 2022-11-09 2.1 LOW 5.5 MEDIUM
The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets. This is related to sysdeps/ieee754/ldbl-96/e_rem_pio2l.c.
CVE-2019-19947 4 Canonical, Debian, Linux and 1 more 13 Ubuntu Linux, Debian Linux, Linux Kernel and 10 more 2022-11-09 2.1 LOW 4.6 MEDIUM
In the Linux kernel through 5.4.6, there are information leaks of uninitialized memory to a USB device in the drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c driver, aka CID-da2311a6385c.