Netapp Security Vulnerabilities (CVEs)

A vulnerability in NetApp ONTAP with snapshot locking enabled allows privileged remote attackers to set snapshot expiry times to 'none', potentially p...

This is a reflected cross-site scripting (XSS) vulnerability in NetApp StorageGRID that allows attackers to execute malicious scripts in a privileged ...

An unauthenticated attacker can exploit a Server-Side Request Forgery (SSRF) vulnerability in StorageGRID to change passwords for Grid Manager or Tena...

This CVE describes a privilege escalation vulnerability in NetApp StorageGRID where authenticated attackers can discover Grid node names and IP addres...

A local privilege escalation vulnerability exists in the SAN Host Utilities for Windows installer versions before 8.0. This allows authenticated local...

A vulnerability in Oracle MySQL's mysqldump client allows low-privileged attackers with network access to potentially access or modify sensitive data....

This vulnerability in Oracle MySQL Server allows high-privileged attackers with network access to cause a denial of service (DoS) by crashing or hangi...

This vulnerability allows attackers to create malicious OOXML files (like Excel, Word, or PowerPoint documents) with duplicate zip entries that can ca...

This CVE describes an insufficient validation vulnerability in PHP's header handling that could allow attackers to manipulate HTTP headers. When user-...

Vim versions before 9.1.1198 contain a vulnerability in zip.vim that could cause data loss when users view specially crafted zip files and press 'x' o...

This vulnerability in Vim's tar.vim plugin allows arbitrary shell command execution when opening specially crafted tar archives. Attackers can exploit...

This CVE describes a stack-based buffer overflow vulnerability in libxml2's xmlSnprintfElements function. Attackers can exploit this by providing mali...

This OpenSSH vulnerability allows machine-in-the-middle attacks when VerifyHostKeyDNS is enabled. Attackers can impersonate legitimate servers by expl...

A critical memory corruption vulnerability in GNU Binutils' linker component (ld) allows remote attackers to potentially execute arbitrary code or cau...

A memory corruption vulnerability exists in GNU Binutils' bfd_putl64 function within the ld component. This allows remote attackers to potentially exe...

This vulnerability allows attackers to bypass Sparkle's (Ed)DSA signature verification and replace legitimate software updates with malicious payloads...

This vulnerability allows attackers to bypass Windows' Mark-of-the-Web security feature when extracting files with 7-Zip. Attackers can craft maliciou...

This vulnerability in MySQL Server's Optimizer component allows high-privileged attackers with network access to cause denial of service by crashing o...

CVE-2025-22134 is a heap-buffer overflow vulnerability in Vim that occurs when switching buffers using the :all command while visual mode is active. T...

CVE-2024-53580 is a NULL pointer dereference vulnerability in iperf v3.17.1 that causes a segmentation fault via the iperf_exchange_parameters() funct...

This vulnerability allows authenticated attackers to cause a Denial of Service (DoS) by crashing StorageGRID services. It affects StorageGRID (formerl...

This vulnerability in Apache Tomcat allows attackers to cause denial of service by exploiting the TLS handshake process to trigger OutOfMemoryError co...

CVE-2024-49761 is a Regular Expression Denial of Service (ReDoS) vulnerability in REXML, Ruby's XML toolkit. It allows attackers to cause denial of se...

This vulnerability in Jetty's DosFilter allows unauthenticated attackers to send crafted requests that trigger OutOfMemory errors, leading to denial-o...

This vulnerability in Apache Commons IO allows attackers to cause denial of service by consuming excessive CPU resources through maliciously crafted i...

This vulnerability in Apache Avro's Java SDK allows attackers to execute arbitrary code by exploiting schema parsing flaws. It affects all users of Ap...

This vulnerability allows attackers to cause a stack overflow by sending malicious Protocol Buffers data with deeply nested groups, potentially crashi...

This AngularJS vulnerability allows attackers to bypass image source restrictions via improper sanitization of the 'srcset' attribute, enabling conten...

CVE-2024-43374 is a use-after-free vulnerability in Vim's argument list handling that can cause the editor to crash. It affects users running Vim vers...

This vulnerability in Oracle Java SE's 2D component allows unauthenticated attackers with network access to potentially modify or read some accessible...

This CVE involves the removal of GLOBALTRUST root certificates from the certifi Python package due to compliance issues. Systems using affected certif...

This vulnerability in Apache Tomcat allows attackers to cause uncontrolled resource consumption through HTTP/2 connections. By sending excessive HTTP ...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in Apache HTTP Server's mod_rewrite module. Attackers can exploit unsafe Rewrite...

This vulnerability in Apache HTTP Server's mod_proxy module allows attackers to send specially crafted requests with incorrect URL encoding to backend...

urllib3's CVE-2024-37891 allows the Proxy-Authorization header to leak during cross-origin redirects when configured incorrectly without using urllib3...

This vulnerability in NetApp StorageGRID allows attackers to potentially intercept and decrypt SSH communications through man-in-the-middle attacks. I...

This vulnerability in Intel TDX module software allows a privileged user with local access to potentially escalate privileges due to improper input va...