Netapp Security Vulnerabilities (CVEs)

A vulnerability in BIND 9 DNS servers configured with DNSSEC validation and aggressive cache usage allows remote attackers to cause denial of service ...

A use-after-free vulnerability in the Linux kernel's cedrus video decoder driver allows local attackers to potentially escalate privileges or cause de...

A use-after-free vulnerability in the Renesas USB3 gadget driver in Linux kernel versions before 6.3.2 allows local attackers to potentially execute a...

This vulnerability allows attackers to perform out-of-bounds writes in the Linux kernel's flower classifier code via specially crafted GENEVE packets....

A use-after-free vulnerability in the Linux kernel's r592 memory stick host driver allows local attackers to crash the system during device disconnect...

A use-after-free vulnerability in the Linux kernel's Btrfs filesystem allows local attackers to potentially crash the system or execute arbitrary code...

This vulnerability in OpenLDAP causes a null pointer dereference in the ber_memalloc_x() function, which can lead to denial of service (DoS) by crashi...

This vulnerability in curl versions before 8.1.0 causes information disclosure when reusing a handle between PUT and POST requests. It affects applica...

CVE-2023-28319 is a use-after-free vulnerability in curl/libcurl versions before 8.1.0 that occurs during SSH server public key verification. When ver...

This vulnerability allows attackers to bypass request size limits in Apache Tomcat by submitting exactly maxParameterCount query parameters, potential...

A local privilege escalation vulnerability exists in the Linux kernel's XFS filesystem when restoring from a dirty log journal after failure. This all...

CVE-2023-32233 is a use-after-free vulnerability in the Linux kernel's Netfilter nf_tables subsystem that allows unprivileged local users to perform a...

CVE-2023-28656 is an authorization bypass vulnerability in NGINX Management Suite that allows authenticated users to access configuration objects outs...

This CVE describes a race condition vulnerability in the Linux kernel's RxRPC network protocol, where improper locking during bundle processing could ...

This vulnerability in Oracle Java SE and GraalVM Enterprise Edition's JSSE component allows attackers to compromise confidentiality and integrity of d...

A use-after-free vulnerability in the Linux kernel's Bluetooth subsystem allows local attackers to potentially execute arbitrary code or cause denial ...

A use-after-free vulnerability in the Linux kernel's virtio network driver allows local attackers to crash the system or potentially leak kernel memor...

This vulnerability is a use-after-free and double-free flaw in the Linux kernel's Bluetooth subsystem that can lead to privilege escalation. Attackers...

A vulnerability in curl versions before 8.0 allows attackers to inject malicious content during TELNET protocol negotiation when user input is accepte...

A path traversal vulnerability in curl's SFTP implementation allows attackers to bypass path filtering by using specially crafted paths containing til...

CVE-2023-1077 is a type confusion vulnerability in the Linux kernel's real-time scheduler that can lead to memory corruption. This allows local attack...

This CVE describes an out-of-bounds read vulnerability in the Broadcom brcmfmac WiFi driver in the Linux kernel. When processing association request d...

This Linux kernel vulnerability allows local users to escalate privileges by exploiting a uid mapping bug in OverlayFS when copying capable files betw...

CVE-2022-38734 is a Denial of Service vulnerability in NetApp StorageGRID's Local Distribution Router service. Attackers can crash the LDR service by ...

This vulnerability in Python's urllib.parse component allows attackers to bypass URL blocklisting mechanisms by using URLs that begin with blank chara...

This CVE describes a timing side-channel vulnerability in GnuTLS that allows attackers to perform Bleichenbacher-style attacks against RSA encryption....

This SQLite vulnerability allows array-bounds overflow when processing extremely large string arguments (billions of bytes) through certain C API func...

This vulnerability allows an authenticated malicious user to take over another user's Grafana account via OAuth login manipulation. It affects Grafana...

Grafana versions 8.x and 9.x before specific patched releases are vulnerable to stored cross-site scripting (XSS) in the Unified Alerting feature. An ...

This vulnerability in Eclipse Jetty's HTTP/2 server implementation allows attackers to cause denial of service by sending invalid HTTP/2 requests that...

This vulnerability in npm causes workspace operations to ignore .gitignore and .npmignore exclusion rules, potentially exposing sensitive files. Anyon...

This HTTP request smuggling vulnerability in Apache HTTP Server's mod_proxy_ajp module allows attackers to bypass security controls and smuggle malici...

CVE-2022-30556 is a buffer overflow vulnerability in Apache HTTP Server's r:wsread() function that can cause memory corruption. It affects Apache HTTP...

CVE-2022-1998 is a use-after-free vulnerability in the Linux kernel's fanotify file system notification subsystem. A local attacker could trigger this...

This vulnerability in the Linux kernel's netfilter component allows a local user with namespace creation privileges to escalate to root via a use-afte...

The curl URL parser incorrectly accepts percent-encoded URL separators like '/' in hostnames, allowing attackers to bypass filters and checks by makin...

This curl vulnerability allows information disclosure when an attacker can force curl to reuse an existing IPv6 connection from the pool with a differ...

This vulnerability in curl versions before 7.83.1 could cause the wrong file to be deleted when using the --no-clobber option with --remove-on-error. ...

A use-after-free vulnerability in the Linux kernel's io_uring subsystem allows local attackers to crash the system or potentially escalate privileges....

CVE-2022-1652 is a use-after-free vulnerability in the Linux kernel's floppy disk driver that allows local attackers to execute arbitrary code or caus...

CVE-2022-1882 is a use-after-free vulnerability in the Linux kernel's pipes functionality that allows a local user to crash the system or potentially ...

This vulnerability causes the BIND DNS server to crash with an assertion failure when configured with HTTP references in listen-on statements. It affe...