Vulnerabilities > Netapp
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-10-18 | CVE-2023-38545 | Out-of-bounds Write vulnerability in multiple products This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to the SOCKS5 proxy to allow that to resolve the address instead of it getting done by curl itself, the maximum length that host name can be is 255 bytes. If the host name is detected to be longer, curl switches to local name resolving and instead passes on the resolved address only. | 9.8 |
2023-10-16 | CVE-2023-40791 | extract_user_to_sg in lib/scatterlist.c in the Linux kernel before 6.4.12 fails to unpin pages in a certain situation, as demonstrated by a WARNING for try_grab_page. | 6.3 |
2023-10-14 | CVE-2023-45862 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products An issue was discovered in drivers/usb/storage/ene_ub6250.c for the ENE UB6250 reader driver in the Linux kernel before 6.2.5. | 5.5 |
2023-10-12 | CVE-2023-27316 | Unspecified vulnerability in Netapp Snapcenter 4.8/4.9 SnapCenter versions 4.8 through 4.9 are susceptible to a vulnerability which may allow an authenticated SnapCenter Server user to become an admin user on a remote system where a SnapCenter plug-in has been installed. | 7.8 |
2023-10-12 | CVE-2023-27312 | Unspecified vulnerability in Netapp Snapcenter Plug-In 4.6 SnapCenter Plugin for VMware vSphere versions 4.6 prior to 4.9 are susceptible to a vulnerability which may allow authenticated unprivileged users to modify email and snapshot name settings within the VMware vSphere user interface. | 4.3 |
2023-10-12 | CVE-2023-27313 | Unspecified vulnerability in Netapp Snapcenter SnapCenter versions 3.x and 4.x prior to 4.9 are susceptible to a vulnerability which may allow an authenticated unprivileged user to gain access as an admin user. | 8.8 |
2023-10-12 | CVE-2023-27314 | Unspecified vulnerability in Netapp Clustered Data Ontap ONTAP 9 versions prior to 9.8P19, 9.9.1P16, 9.10.1P12, 9.11.1P8, 9.12.1P2 and 9.13.1 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to cause a crash of the HTTP service. | 7.5 |
2023-10-12 | CVE-2023-27315 | Insufficiently Protected Credentials vulnerability in Netapp Snapgathers SnapGathers versions prior to 4.9 are susceptible to a vulnerability which could allow a local authenticated attacker to discover plaintext domain user credentials | 5.5 |
2023-10-11 | CVE-2023-39325 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. | 7.5 |
2023-10-10 | CVE-2023-44487 | The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. | 7.5 |