Vulnerabilities > Netapp

DATE CVE VULNERABILITY TITLE RISK
2024-01-12 CVE-2024-21982 Unspecified vulnerability in Netapp Clustered Data Ontap
ONTAP versions 9.4 and higher are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information to unprivileged attackers when the object-store profiler command is being run by an administrative user.
network
low complexity
netapp
6.5
2023-12-21 CVE-2023-27319 Information Exposure Through an Error Message vulnerability in Netapp Ontap Mediator
ONTAP Mediator versions prior to 1.7 are susceptible to a vulnerability that can allow an unauthenticated attacker to enumerate URLs via REST API.
network
low complexity
netapp CWE-209
5.3
2023-12-15 CVE-2023-27317 Unspecified vulnerability in Netapp Ontap 9.12.1/9.13.1
ONTAP 9 versions 9.12.1P8, 9.13.1P4, and 9.13.1P5 are susceptible to a vulnerability which will cause all SAS-attached FIPS 140-2 drives to become unlocked after a system reboot or power cycle or a single SAS-attached FIPS 140-2 drive to become unlocked after reinsertion.
low complexity
netapp
4.6
2023-11-14 CVE-2023-23583 Sequence of processor instructions leads to unexpected behavior for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege and/or information disclosure and/or denial of service via local access.
local
low complexity
intel debian netapp
7.8
2023-11-03 CVE-2023-31102 Integer Underflow (Wrap or Wraparound) vulnerability in multiple products
Ppmd7.c in 7-Zip before 23.00 allows an integer underflow and invalid read operation via a crafted 7Z archive.
local
low complexity
7-zip netapp CWE-191
7.8
2023-11-01 CVE-2023-5178 Use After Free vulnerability in multiple products
A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` due to a logical bug in the NVMe/TCP subsystem in the Linux kernel.
network
low complexity
linux redhat netapp CWE-416
critical
9.8
2023-10-25 CVE-2023-5363 Issue summary: A bug has been identified in the processing of key and initialisation vector (IV) lengths.
network
low complexity
openssl debian netapp
7.5
2023-10-18 CVE-2023-38545 Out-of-bounds Write vulnerability in multiple products
This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to the SOCKS5 proxy to allow that to resolve the address instead of it getting done by curl itself, the maximum length that host name can be is 255 bytes. If the host name is detected to be longer, curl switches to local name resolving and instead passes on the resolved address only.
network
low complexity
haxx fedoraproject netapp CWE-787
critical
9.8
2023-10-17 CVE-2023-22015 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).
network
low complexity
oracle netapp
4.9
2023-10-17 CVE-2023-22025 Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, product of Oracle Java SE (component: Hotspot).
network
high complexity
oracle netapp
3.7