Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2024-01-12	CVE-2024-21982	Unspecified vulnerability in Netapp Clustered Data Ontap ONTAP versions 9.4 and higher are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information to unprivileged attackers when the object-store profiler command is being run by an administrative user. network low complexity netapp	6.5
2023-08-07	CVE-2023-36054	Access of Uninitialized Pointer vulnerability in multiple products lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. network low complexity mit debian netapp CWE-824	6.5
2023-05-26	CVE-2023-28320	Resource Exhaustion vulnerability in multiple products A denial of service vulnerability exists in curl <v8.1.0 in the way libcurl provides several different backends for resolving host names, selected at build time. network high complexity haxx apple netapp CWE-400	5.9
2023-05-26	CVE-2023-28321	Improper Certificate Validation vulnerability in multiple products An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. network high complexity haxx debian fedoraproject netapp apple CWE-295	5.9
2023-03-30	CVE-2023-27537	Double Free vulnerability in multiple products A double free vulnerability exists in libcurl <8.0.0 when sharing HSTS data between separate "handles". network high complexity haxx netapp broadcom splunk CWE-415	5.9
2023-03-30	CVE-2023-27538	Improper Authentication vulnerability in multiple products An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. local low complexity haxx fedoraproject debian netapp broadcom splunk CWE-287	5.5
2023-02-23	CVE-2023-23915	Cleartext Transmission of Sensitive Information vulnerability in multiple products A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality to behave incorrectly when multiple URLs are requested in parallel. network low complexity haxx netapp splunk CWE-319	6.5
2023-02-23	CVE-2023-23916	Allocation of Resources Without Limits or Throttling vulnerability in multiple products An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the "chained" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. network low complexity haxx fedoraproject debian netapp splunk CWE-770	6.5
2022-12-05	CVE-2022-35260	Out-of-bounds Write vulnerability in multiple products curl can be told to parse a `.netrc` file for credentials. network low complexity haxx netapp apple splunk CWE-787	6.5
2022-07-07	CVE-2022-32205	Allocation of Resources Without Limits or Throttling vulnerability in multiple products A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them. network low complexity haxx fedoraproject debian netapp apple siemens splunk CWE-770	4.3