Vulnerabilities > Netapp > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-05-12 CVE-2023-1096 Unspecified vulnerability in Netapp Snapcenter 4.7/4.8
SnapCenter versions 4.7 prior to 4.7P2 and 4.8 prior to 4.8P1 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to gain access as an admin user.
network
low complexity
netapp
critical
9.8
2023-03-17 CVE-2023-28531 ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints.
network
low complexity
openbsd netapp
critical
9.8
2023-02-23 CVE-2023-23914 Cleartext Transmission of Sensitive Information vulnerability in multiple products
A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality fail when multiple URLs are requested serially.
network
low complexity
haxx netapp splunk CWE-319
critical
9.1
2022-12-05 CVE-2022-32221 Exposure of Resource to Wrong Sphere vulnerability in multiple products
When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback.
network
low complexity
haxx netapp debian apple splunk CWE-668
critical
9.8
2022-10-31 CVE-2022-31692 Spring Security, versions 5.7 prior to 5.7.5 and 5.6 prior to 5.6.9 could be susceptible to authorization rules bypass via forward or include dispatcher types.
network
low complexity
vmware netapp
critical
9.8
2022-10-13 CVE-2022-42889 Code Injection vulnerability in multiple products
Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded.
network
low complexity
apache netapp juniper CWE-94
critical
9.8
2022-09-09 CVE-2022-2526 Use After Free vulnerability in multiple products
A use-after-free vulnerability was found in systemd.
network
low complexity
systemd-project netapp CWE-416
critical
9.8
2022-09-01 CVE-2020-35527 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
In SQLite 3.31.1, there is an out of bounds access problem through ALTER TABLE for views that have a nested FROM clause.
network
low complexity
sqlite netapp CWE-119
critical
9.8
2022-08-05 CVE-2022-37434 Out-of-bounds Write vulnerability in multiple products
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field.
network
low complexity
zlib fedoraproject debian netapp apple stormshield CWE-787
critical
9.8
2022-07-07 CVE-2022-32207 Incorrect Default Permissions vulnerability in multiple products
When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended.
network
low complexity
haxx fedoraproject debian netapp apple splunk CWE-276
critical
9.8