Netapp Security Vulnerabilities (CVEs)
Track 361 security vulnerabilities affecting Netapp products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
CVE-2022-24407 is a SQL injection vulnerability in Cyrus SASL authentication library. It allows attackers to inject arbitrary SQL commands via unescap...
Feb 24, 2022This CVE describes a use-after-free vulnerability in the Linux kernel's MCTP subsystem that occurs when cancel_work_sync is triggered after unregister...
Feb 18, 2022This Linux kernel vulnerability allows remote attackers to bypass UDP source port randomization by exploiting flaws in ICMP error processing. Attacker...
Feb 18, 2022A use-after-free vulnerability in the Linux kernel's Bluetooth subsystem allows local attackers to crash the system or potentially escalate privileges...
Feb 16, 2022CVE-2021-3760 is a use-after-free vulnerability in the Linux kernel's NFC (Near Field Communication) subsystem. This flaw allows local attackers to po...
Feb 16, 2022CVE-2022-0185 is a heap-based buffer overflow vulnerability in the Linux kernel's Filesystem Context API legacy handling. It allows a local attacker t...
Feb 11, 2022CVE-2022-23772 is an integer overflow vulnerability in Go's math/big.Rat.SetString function that allows attackers to trigger uncontrolled memory consu...
Feb 11, 2022This vulnerability in Go's elliptic curve cryptography library allows Curve.IsOnCurve to incorrectly return true for invalid field elements. This coul...
Feb 11, 2022This vulnerability in Python's urllib.parse module allows injection attacks via crafted URLs containing carriage return (\r) or line feed (\n) charact...
Feb 9, 2022This vulnerability is an out-of-bounds write in Intel processor firmware that allows a privileged user to potentially escalate privileges via local ac...
Feb 9, 2022This vulnerability allows an authenticated attacker with local access to improperly validate input in Intel processor firmware, potentially enabling p...
Feb 9, 2022This vulnerability allows an unauthenticated attacker with local access to improperly access firmware controls in certain Intel processors, potentiall...
Feb 9, 2022This firmware vulnerability in certain Intel processors allows authenticated local users to potentially escalate privileges by exploiting insufficient...
Feb 9, 2022This vulnerability in Apache ActiveMQ Artemis allows attackers to cause a denial-of-service (DoS) condition by consuming excessive memory resources. S...
Feb 4, 2022A use-after-free vulnerability in the Linux kernel's cgroup v1 parser allows local attackers with user privileges to escalate privileges. This can lea...
Feb 4, 2022CVE-2022-24122 is a use-after-free vulnerability in the Linux kernel's ucount.c that allows privilege escalation when unprivileged user namespaces are...
Jan 29, 2022This vulnerability allows local attackers with low-privileged access to escalate privileges to kernel-level execution through improper eBPF program va...
Jan 25, 2022CVE-2022-23852 is a signed integer overflow vulnerability in Expat (libexpat) XML parser that can lead to buffer overflow. When XML_CONTEXT_BYTES is c...
Jan 24, 2022This vulnerability in MySQL Server's optimizer component allows authenticated attackers with network access to cause denial of service (server crashes...
Jan 19, 2022This vulnerability in MySQL Server's optimizer component allows authenticated attackers with network access to cause denial of service (server crashes...
Jan 19, 2022A race condition vulnerability in the Linux kernel's Unix domain socket garbage collection allows local users to trigger a read-after-free memory flaw...
Jan 18, 2022CVE-2022-23305 is an SQL injection vulnerability in Log4j 1.2.x's JDBCAppender that allows attackers to execute arbitrary SQL queries by injecting mal...
Jan 18, 2022This vulnerability in the Linux kernel's BPF verifier allows local users to perform privilege escalation through pointer arithmetic with certain *_OR_...
Jan 14, 2022CVE-2021-46143 is an integer overflow vulnerability in Expat's XML parser that can lead to heap memory corruption. Attackers can exploit this by provi...
Jan 6, 2022This vulnerability allows an unauthenticated attacker to hijack active Remote Desktop Sessions in NetApp Virtual Desktop Service when used with an HTM...
Dec 23, 2021This vulnerability allows an attacker to trigger an out-of-bounds memory access in the Linux kernel's F2FS filesystem when processing extended attribu...
Dec 23, 2021This CVE describes a use-after-free vulnerability in the TEE subsystem of the Linux kernel caused by a race condition in tee_shm_get_from_id. Attacker...
Dec 22, 2021The ksmbd SMB server in Linux kernels up to 5.15.8 incorrectly sets encryption flags when using SMB 3.1.1, causing Windows 10 clients to disable encry...
Dec 16, 2021This vulnerability in GNU Binutils allows attackers to trigger a heap-based buffer overflow via the stab_xcoff_builtin_type function in stabs.c. It ca...
Dec 15, 2021CVE-2021-44228 (Log4Shell) is a critical remote code execution vulnerability in Apache Log4j2 that allows attackers to execute arbitrary code by explo...
Dec 10, 2021This vulnerability allows users with DBADM authority in IBM Db2 to access other databases and read or modify files beyond their intended permissions. ...
Dec 9, 2021CVE-2021-43527 is a critical heap overflow vulnerability in NSS (Network Security Services) that allows remote code execution when processing maliciou...
Dec 8, 2021This CSRF vulnerability in IBM Cognos Analytics allows attackers to trick authenticated users into performing unauthorized actions on the My Inbox pag...
Dec 3, 2021IBM Cognos Analytics versions 11.1.7 and 11.2.0 have a weak default password policy that doesn't enforce strong passwords. This makes user accounts vu...
Dec 3, 2021CVE-2021-42377 is a critical vulnerability in BusyBox's hush shell applet where an attacker-controlled pointer free leads to denial of service and pot...
Nov 15, 2021CVE-2021-43618 is an integer overflow vulnerability in GNU Multiple Precision Arithmetic Library (GMP) that leads to buffer overflow when processing c...
Nov 15, 2021CVE-2017-5123 is a Linux kernel vulnerability in the waitid system call that allows insufficient data validation, enabling local privilege escalation....
Nov 2, 2021A use-after-free vulnerability in the SELinux PTRACE_TRACEME handler in Linux kernel versions before 5.14.8 allows local attackers to cause memory cor...
Oct 28, 2021This vulnerability in MySQL Server's optimizer component allows authenticated attackers with network access to cause denial of service (server hangs o...
Oct 20, 2021This vulnerability allows unauthenticated attackers to cause a denial of service (DoS) on MySQL Server running on Windows by crashing or hanging the s...
Oct 20, 2021This vulnerability in Oracle Java SE 8u301 allows an unauthenticated attacker to potentially compromise Java deployments via network protocols when a ...
Oct 20, 2021CVE-2021-37136 is a denial-of-service vulnerability in Netty's Bzip2Decoder that allows attackers to trigger out-of-memory errors by sending specially...
Oct 19, 2021CVE-2021-29745 is a privilege escalation vulnerability in IBM Cognos Analytics where lower-level users can access the 'New Job' page, which should be ...
Oct 15, 2021A memory corruption vulnerability in the Aspeed LPC control driver in Linux kernel allows local attackers to overwrite kernel memory and potentially e...
Oct 11, 2021CVE-2021-42013 is a critical path traversal vulnerability in Apache HTTP Server that allows attackers to access files outside configured directories. ...
Oct 7, 2021CVE-2021-22930 is a use-after-free vulnerability in Node.js that allows memory corruption attacks. An attacker could exploit this to execute arbitrary...
Oct 7, 2021CVE-2021-41773 is a path traversal vulnerability in Apache HTTP Server 2.4.49 that allows attackers to access files outside configured directories. If...
Oct 5, 2021This CVE describes an integer overflow vulnerability in Redis' hiredis library that affects redis-cli and redis-sentinel when parsing large multi-bulk...
Oct 4, 2021CVE-2021-41099 is an integer overflow vulnerability in Redis' string library that allows heap corruption when the proto-max-bulk-len configuration is ...
Oct 4, 2021CVE-2021-32627 is an integer overflow vulnerability in Redis that allows remote attackers to corrupt heap memory by setting configuration parameters t...
Oct 4, 2021Why Monitor Netapp Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 361+ known vulnerabilities affecting Netapp products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Netapp packages in under 60 seconds. No agents required - completely agentless scanning that works across Netapp deployments.
Free vulnerability database: Access detailed information about every Netapp CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Netapp CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
