Vulnerabilities > Netapp

DATE CVE VULNERABILITY TITLE RISK
2023-10-18 CVE-2023-38545 Out-of-bounds Write vulnerability in multiple products
This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to the SOCKS5 proxy to allow that to resolve the address instead of it getting done by curl itself, the maximum length that host name can be is 255 bytes. If the host name is detected to be longer, curl switches to local name resolving and instead passes on the resolved address only.
network
low complexity
haxx fedoraproject netapp microsoft CWE-787
critical
9.8
2023-10-16 CVE-2023-40791 extract_user_to_sg in lib/scatterlist.c in the Linux kernel before 6.4.12 fails to unpin pages in a certain situation, as demonstrated by a WARNING for try_grab_page.
local
high complexity
linux netapp
6.3
2023-10-14 CVE-2023-45862 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
An issue was discovered in drivers/usb/storage/ene_ub6250.c for the ENE UB6250 reader driver in the Linux kernel before 6.2.5.
local
low complexity
linux netapp CWE-770
5.5
2023-10-12 CVE-2023-27316 Unspecified vulnerability in Netapp Snapcenter 4.8/4.9
SnapCenter versions 4.8 through 4.9 are susceptible to a vulnerability which may allow an authenticated SnapCenter Server user to become an admin user on a remote system where a SnapCenter plug-in has been installed.
local
low complexity
netapp
7.8
2023-10-12 CVE-2023-27312 Unspecified vulnerability in Netapp Snapcenter Plug-In 4.6
SnapCenter Plugin for VMware vSphere versions 4.6 prior to 4.9 are susceptible to a vulnerability which may allow authenticated unprivileged users to modify email and snapshot name settings within the VMware vSphere user interface.
network
low complexity
netapp
4.3
2023-10-12 CVE-2023-27313 Unspecified vulnerability in Netapp Snapcenter
SnapCenter versions 3.x and 4.x prior to 4.9 are susceptible to a vulnerability which may allow an authenticated unprivileged user to gain access as an admin user.
network
low complexity
netapp
8.8
2023-10-12 CVE-2023-27314 Unspecified vulnerability in Netapp Clustered Data Ontap
ONTAP 9 versions prior to 9.8P19, 9.9.1P16, 9.10.1P12, 9.11.1P8, 9.12.1P2 and 9.13.1 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to cause a crash of the HTTP service.
network
low complexity
netapp
7.5
2023-10-12 CVE-2023-27315 Insufficiently Protected Credentials vulnerability in Netapp Snapgathers
SnapGathers versions prior to 4.9 are susceptible to a vulnerability which could allow a local authenticated attacker to discover plaintext domain user credentials
local
low complexity
netapp CWE-522
5.5
2023-10-11 CVE-2023-39325 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption.
network
low complexity
golang fedoraproject netapp CWE-770
7.5
2023-10-10 CVE-2023-44487 The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. 7.5