Netapp Security Vulnerabilities (CVEs)

A use-after-free vulnerability in the Linux kernel's NFC Marvell driver allows attackers to potentially execute arbitrary code or cause denial of serv...

A local privilege escalation vulnerability in the Linux kernel's net/sched subsystem allows attackers with local access to gain root privileges. This ...

CVE-2022-1679 is a use-after-free vulnerability in the Linux kernel's Atheros wireless adapter driver (ath9k_htc). It allows a local attacker to crash...

CVE-2022-1619 is a heap-based buffer overflow vulnerability in Vim's command-line editing function that could allow attackers to crash the application...

Rsyslog's TCP syslog reception modules contain a heap buffer overflow vulnerability when octet-counted framing is used. This can cause segmentation fa...

CVE-2022-1292 is a command injection vulnerability in the c_rehash script distributed with OpenSSL. It allows attackers to execute arbitrary commands ...

A memory leak vulnerability in OpenSSL's OPENSSL_LH_flush() function causes unbounded memory growth when processing certificates or keys. This affects...

CVE-2022-25647 is a deserialization vulnerability in Google's Gson library versions before 2.8.9. Attackers can exploit the writeReplace() method in i...

A use-after-free vulnerability in the Linux kernel's sound subsystem allows local attackers to trigger race conditions in ALSA PCM ioctl operations. T...

A local privilege escalation vulnerability in the Linux kernel's pfkey_register function allows unprivileged local users to access kernel memory. This...

This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in IBM Cognos Analytics versions 11.1.7 and 11.2.0. An attacker could trick authe...

This vulnerability is a stack overflow in Go's encoding/pem package when processing large PEM data. It allows attackers to cause denial of service or ...

This vulnerability in Oracle Java SE and GraalVM Enterprise Edition allows unauthenticated remote attackers to access sensitive data from Java applica...

This vulnerability in Oracle Java SE and GraalVM Enterprise Edition allows unauthenticated attackers with network access to modify critical data witho...

This vulnerability in Python's mailcap module allows shell command injection when applications call mailcap.findmatch() with untrusted input. Attacker...

CVE-2022-29156 is a double-free vulnerability in the Linux kernel's RDMA Transport (RTRS) client driver that could allow local attackers to cause a ke...

This vulnerability in the Linux kernel's SUNRPC subsystem allows a use-after-free condition when freeing transport structures before sockets are prope...

CVE-2022-28796 is a use-after-free vulnerability in the Linux kernel's jbd2 journaling subsystem caused by a transaction_t race condition. This allows...

This vulnerability is a double-free memory corruption flaw in the EMS CAN-USB driver in the Linux kernel. It allows local attackers to potentially cra...

CVE-2022-1055 is a use-after-free vulnerability in the Linux kernel's tc_new_tfilter function that allows local attackers to escalate privileges. The ...

A memory access vulnerability in the Linux kernel's i915 GPU driver allows local attackers to execute malicious GPU code, potentially causing system c...

This vulnerability in the Linux kernel's BPF subsystem allows a local user to trigger an out-of-bounds memory write via the BPF_BTF_LOAD command. This...

CVE-2022-0995 is an out-of-bounds write vulnerability in the Linux kernel's watch_queue subsystem that allows a local attacker to overwrite kernel mem...

This vulnerability is an out-of-bounds memory write flaw in the Linux kernel's NFS subsystem, specifically affecting mirroring/replication functionali...

This vulnerability in zlib allows memory corruption during compression (deflating) when processing input with many distant matches. It affects any sof...

This Linux kernel vulnerability allows a local unprivileged user to write to file handlers in the cgroups subsystem, potentially leading to system cra...

CVE-2022-0635 is a denial-of-service vulnerability in BIND 9.18.0 where specific DNS queries can trigger an assertion failure, causing the named proce...

CVE-2022-27666 is a heap buffer overflow vulnerability in the Linux kernel's IPsec ESP transformation code. It allows local attackers with standard us...

CVE-2022-0667 is a denial-of-service vulnerability in BIND 9.18.0 where specially crafted queries cause the BIND process to exit, disrupting DNS servi...

A use-after-free vulnerability in the Linux kernel's FUSE filesystem allows a local attacker to trigger write() operations that can lead to unauthoriz...

This vulnerability allows a malicious USB device host to manipulate endpoint indexes in the Linux kernel's Xilinx USB gadget driver, leading to out-of...

CVE-2022-0778 is a denial-of-service vulnerability in OpenSSL's BN_mod_sqrt() function that can cause infinite loops when parsing specially crafted ce...

This vulnerability in libtiff allows an attacker to cause denial of service by passing a null pointer to memcpy() when processing specially crafted TI...

CVE-2020-36518 is a denial-of-service vulnerability in Jackson Databind where processing deeply nested JSON objects causes a Java StackOverflowError, ...

This CVE allows local Windows users to escalate privileges by hijacking the system search path. The Python installer on Windows can incorrectly add us...

CVE-2022-0847 (Dirty Pipe) is a Linux kernel vulnerability that allows unprivileged local users to write to read-only files in the page cache, enablin...

A local privilege escalation vulnerability in the KVM subsystem for s390 architecture in Linux kernel allows a local attacker with normal user privile...

A NULL pointer dereference vulnerability in the Linux kernel's Btrfs filesystem allows local attackers with CAP_SYS_ADMIN privileges to crash the syst...

This CVE describes a buffer overflow vulnerability in the Linux kernel's NFC driver (st21nfca). Attackers can exploit this by sending specially crafte...

This vulnerability in Go's regexp.Compile function allows attackers to cause a denial of service via stack exhaustion by providing a deeply nested reg...

This vulnerability in NetApp StorageGRID allows attackers to cause a Denial of Service (DoS) by targeting the Local Distribution Router (LDR) service....

This CVE describes a use-after-free vulnerability in the Linux kernel's Bluetooth HCI subsystem. A privileged local attacker can trigger a race condit...

CVE-2021-3609 is a race condition vulnerability in the Linux kernel's CAN BCM networking protocol that allows local attackers to corrupt memory and po...

CVE-2022-0492 is a Linux kernel vulnerability in the cgroups v1 release_agent feature that allows local attackers to escalate privileges and escape co...

CVE-2022-23308 is a use-after-free vulnerability in libxml2's validation component that allows attackers to potentially execute arbitrary code or caus...

This CVE describes a prototype pollution vulnerability in Node.js's console.table() function when user-controlled input is passed to the 'properties' ...

CVE-2022-25636 is a heap out-of-bounds write vulnerability in the Linux kernel's netfilter component that allows local users to escalate privileges to...