Every CVE whose affected-product data names Netapp Bootstrap Os, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (56)
CVE-2022-32207 — CVSS 9.8 (critical): When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a…
CVE-2024-56337 — CVSS 9.8 (critical): Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through…
CVE-2024-50379 — CVSS 9.8 (critical): Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive…
CVE-2024-2398 — CVSS 8.6 (high): When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the…
CVE-2024-32487 — CVSS 8.6 (high): less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c…
CVE-2022-22576 — CVSS 8.1 (high): An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated…
CVE-2024-6387 — CVSS 8.1 (high): A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle…
CVE-2019-17498 — CVSS 8.1 (high): In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an…
CVE-2023-50868 — CVSS 7.5 (high): The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a…
CVE-2024-6119 — CVSS 7.5 (high): Issue summary: Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an…
CVE-2022-21476 — CVSS 7.5 (high): Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions…
CVE-2022-45061 — CVSS 7.5 (high): An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the…
CVE-2024-21147 — CVSS 7.4 (high): Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component…
CVE-2022-2068 — CVSS 7.3 (high): In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not…
CVE-2023-29483 — CVSS 7.0 (high): eventlet before 0.35.2, as used in dnspython before 2.6.0, allows remote attackers to interfere with DNS name resolution by quickly sending…
CVE-2020-11884 — CVSS 7.0 (high): In the Linux kernel 4.19 through 5.6.7 on the s390 platform, code execution may occur because of a race condition, as demonstrated by code…
CVE-2025-0665 — CVSS 7.0 (high): libcurl would wrongly close the same eventfd file descriptor twice when taking down a connection channel after having completed a threaded…
CVE-2021-4203 — CVSS 6.8 (medium): A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and…
CVE-2024-2312 — CVSS 6.7 (medium): GRUB2 does not call the module fini functions on exit, leading to Debian/Ubuntu's peimage GRUB2 module leaving UEFI system table hooks…
CVE-2020-12770 — CVSS 6.7 (medium): An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka…
CVE-2024-2466 — CVSS 6.5 (medium): libcurl did not check the server certificate of TLS connections done to a host specified as an IP address, when built to use mbedTLS…
CVE-2020-13143 — CVSS 6.5 (medium): gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux kernel 3.16 through 5.6.13 relies on kstrdup without considering…
CVE-2024-8096 — CVSS 6.5 (medium): When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server…
CVE-2022-32206 — CVSS 6.5 (medium): curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and…
CVE-2024-2379 — CVSS 6.3 (medium): libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an…
CVE-2022-32208 — CVSS 5.9 (medium): When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a…
CVE-2024-43398 — CVSS 5.9 (medium): REXML is an XML toolkit for Ruby. The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML that has many deep elements that…
CVE-2022-1678 — CVSS 5.9 (medium): An issue was discovered in the Linux Kernel from 4.18 to 4.19, an improper update of sock reference in TCP pacing can lead to memory/netns…
CVE-2020-36516 — CVSS 5.9 (medium): An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy…
CVE-2024-26306 — CVSS 5.9 (medium): iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server with RSA authentication, allows a timing side channel in RSA decryption…
CVE-2022-21496 — CVSS 5.3 (medium): Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that…
CVE-2020-12888 — CVSS 5.3 (medium): The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space.
CVE-2024-54677 — CVSS 5.3 (medium): Uncontrolled Resource Consumption vulnerability in the examples web application provided with Apache Tomcat leads to denial of service…
CVE-2024-9823 — CVSS 5.3 (medium): There exists a security vulnerability in Jetty's DosFilter which can be exploited by unauthorized users to cause remote denial-of-service…
CVE-2025-30691 — CVSS 4.8 (medium): Vulnerability in Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle Java SE: 21.0.6, 24; Oracle GraalVM…
CVE-2025-21502 — CVSS 4.8 (medium): Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component…
CVE-2024-21140 — CVSS 4.8 (medium): Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component…
CVE-2021-3753 — CVSS 4.7 (medium): A race problem was seen in the vt_k_ioctl in drivers/tty/vt/vt_ioctl.c in the Linux kernel, which may cause an out of bounds read in vt as…
CVE-2024-43374 — CVSS 4.5 (medium): The UNIX editor Vim prior to version 9.1.0678 has a use-after-free error in argument list handling. When adding a new file to the argument…
CVE-2024-43790 — CVSS 4.5 (medium): Vim is an open source command line text editor. When performing a search and displaying the search-count message is disabled (:set shm+=S)…
CVE-2025-29768 — CVSS 4.4 (medium): Vim, a text editor, is vulnerable to potential data loss with zip.vim and special crafted zip files in versions prior to 9.1.1198. The…
CVE-2024-39908 — CVSS 4.3 (medium): REXML is an XML toolkit for Ruby. The REXML gem before 3.3.1 has some DoS vulnerabilities when it parses an XML that has many specific…
CVE-2025-22134 — CVSS 4.2 (medium): When switching to other buffers using the :all command and visual mode still being active, this may cause a heap-buffer overflow, because…
CVE-2024-47814 — CVSS 3.9 (low): Vim is an open source, command line text editor. A use-after-free was found in Vim < 9.1.0764. When closing a buffer (visible in a window)…
CVE-2022-35252 — CVSS 3.7 (low): When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back…
CVE-2024-21211 — CVSS 3.7 (low): Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component…
CVE-2022-21443 — CVSS 3.7 (low): Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions…
CVE-2024-2004 — CVSS 3.5 (low): When a protocol selection parameter option disables all protocols without adding any then the default set of protocols would remain in the…
CVE-2024-11053 — CVSS 3.4 (low): When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, curl could leak the password used for the first host…
CVE-2025-0167 — CVSS 3.4 (low): When asked to use a `.netrc` file for credentials **and** to follow HTTP redirects, curl could leak the password used for the first host to…
CVE-2021-36086 — CVSS 3.3 (low): The CIL compiler in SELinux 3.2 has a use-after-free in cil_reset_classpermission (called from cil_reset_classperms_set and…
CVE-2025-1215 — CVSS 2.8 (low): A vulnerability classified as problematic was found in vim up to 9.1.1096. This vulnerability affects unknown code of the file src/main.c…