Vulnerabilities > Netapp
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-15 | CVE-2024-0565 | Integer Underflow (Wrap or Wraparound) vulnerability in multiple products An out-of-bounds memory read flaw was found in receive_encrypted_standard in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux Kernel. | 7.4 |
| 2024-01-12 | CVE-2024-21982 | Unspecified vulnerability in Netapp Clustered Data Ontap ONTAP versions 9.4 and higher are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information to unprivileged attackers when the object-store profiler command is being run by an administrative user. | 6.5 |
| 2023-12-21 | CVE-2023-27319 | Information Exposure Through an Error Message vulnerability in Netapp Ontap Mediator ONTAP Mediator versions prior to 1.7 are susceptible to a vulnerability that can allow an unauthenticated attacker to enumerate URLs via REST API. | 5.3 |
| 2023-12-15 | CVE-2023-27317 | Unspecified vulnerability in Netapp Ontap 9.12.1/9.13.1 ONTAP 9 versions 9.12.1P8, 9.13.1P4, and 9.13.1P5 are susceptible to a vulnerability which will cause all SAS-attached FIPS 140-2 drives to become unlocked after a system reboot or power cycle or a single SAS-attached FIPS 140-2 drive to become unlocked after reinsertion. low complexity netapp | 4.6 |
| 2023-11-14 | CVE-2023-23583 | Incorrect Default Permissions vulnerability in multiple products Sequence of processor instructions leads to unexpected behavior for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege and/or information disclosure and/or denial of service via local access. | 7.8 |
| 2023-11-03 | CVE-2023-31102 | Integer Underflow (Wrap or Wraparound) vulnerability in multiple products Ppmd7.c in 7-Zip before 23.00 allows an integer underflow and invalid read operation via a crafted 7Z archive. | 7.8 |
| 2023-11-01 | CVE-2023-5178 | Use After Free vulnerability in multiple products A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` due to a logical bug in the NVMe/TCP subsystem in the Linux kernel. | 8.8 |
| 2023-10-27 | CVE-2023-46604 | The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. | 9.8 |
| 2023-10-25 | CVE-2023-5363 | Issue summary: A bug has been identified in the processing of key and initialisation vector (IV) lengths. | 7.5 |
| 2023-10-18 | CVE-2023-38545 | Out-of-bounds Write vulnerability in multiple products This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to the SOCKS5 proxy to allow that to resolve the address instead of it getting done by curl itself, the maximum length that host name can be is 255 bytes. If the host name is detected to be longer, curl switches to local name resolving and instead passes on the resolved address only. | 9.8 |