Vulnerabilities > Netapp

DATE CVE VULNERABILITY TITLE RISK
2024-02-20 CVE-2024-22019 A vulnerability in Node.js HTTP servers allows an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and denial of service (DoS).
network
low complexity
nodejs netapp
7.5
2024-02-16 CVE-2024-21983 Unspecified vulnerability in Netapp Storagegrid
StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8 are susceptible to a Denial of Service (DoS) vulnerability.
network
low complexity
netapp
6.5
2024-02-16 CVE-2024-21984 Cross-site Scripting vulnerability in Netapp Storagegrid
StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8 are susceptible to a difficult to exploit Reflected Cross-Site Scripting (XSS) vulnerability.
network
high complexity
netapp CWE-79
6.9
2024-02-16 CVE-2024-21987 Incorrect Authorization vulnerability in Netapp Snapcenter 4.8/4.9
SnapCenter versions 4.8 prior to 5.0 are susceptible to a vulnerability which could allow an authenticated SnapCenter Server user to modify system logging configuration settings
network
low complexity
netapp CWE-863
5.4
2024-02-14 CVE-2024-25617 Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more.
network
low complexity
squid-cache netapp
7.5
2024-02-05 CVE-2023-27318 Unspecified vulnerability in Netapp Storagegrid 11.6.0/11.6.0.13
StorageGRID (formerly StorageGRID Webscale) versions 11.6.0 through 11.6.0.13 are susceptible to a Denial of Service (DoS) vulnerability.
network
low complexity
netapp
7.5
2024-01-31 CVE-2024-1086 Use After Free vulnerability in multiple products
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT. We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.
7.8
2024-01-26 CVE-2024-21985 Unspecified vulnerability in Netapp Clustered Data Ontap
ONTAP 9 versions prior to 9.9.1P18, 9.10.1P16, 9.11.1P13, 9.12.1P10 and 9.13.1P4 are susceptible to a vulnerability which could allow an authenticated user with multiple remote accounts with differing roles to perform actions via REST API beyond their intended privilege.
network
low complexity
netapp
7.6
2024-01-16 CVE-2024-20952 Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security).
network
high complexity
oracle netapp debian
7.4
2024-01-16 CVE-2024-0567 Improper Verification of Cryptographic Signature vulnerability in multiple products
A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust.
network
low complexity
gnu fedoraproject netapp debian CWE-347
7.5