Vulnerabilities > Netapp

DATE CVE VULNERABILITY TITLE RISK
2024-03-10 CVE-2024-28757 XML Entity Expansion vulnerability in multiple products
libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).
network
low complexity
libexpat-project fedoraproject netapp CWE-776
7.5
7.5
2024-03-07 CVE-2024-1351 Improper Certificate Validation vulnerability in multiple products
Under certain configurations of --tlsCAFile and tls.CAFile, MongoDB Server may skip peer certificate validation which may result in untrusted connections to succeed.
network
low complexity
mongodb netapp CWE-295
critical
 9.8
9.8
2024-03-06 CVE-2024-25111 Squid is a web proxy cache.
network
low complexity
squid-cache fedoraproject netapp
7.5
7.5
2024-02-29 CVE-2024-26462 Memory Leak vulnerability in multiple products
Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.
local
low complexity
mit netapp CWE-401
5.5
5.5
2024-02-26 CVE-2022-34357 IBM Cognos Analytics Mobile Server 11.1.7, 11.2.4, and 12.0.0 is vulnerable to Denial of Service due to due to weak or absence of rate limiting.
network
low complexity
netapp ibm
6.5
6.5
2024-02-26 CVE-2023-30996 IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 could be vulnerable to information leakage due to unverified sources in messages sent between Windows objects of different origins.
network
low complexity
netapp ibm
5.3
5.3
2024-02-26 CVE-2023-32344 IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 is vulnerable to form action hijacking where it is possible to modify the form action to reference an arbitrary path.
network
low complexity
netapp ibm
4.3
4.3
2024-02-26 CVE-2023-38359 IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 is vulnerable to cross-site scripting.
network
low complexity
netapp ibm
6.1
6.1
2024-02-26 CVE-2023-43051 IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 is vulnerable to cross-site scripting.
network
low complexity
netapp ibm
5.4
5.4
2024-02-26 CVE-2024-22201 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
Jetty is a Java based web server and servlet engine.
network
low complexity
eclipse debian netapp CWE-770
7.5
7.5