Vulnerabilities > Netapp > High

DATE CVE VULNERABILITY TITLE RISK
2024-07-01 CVE-2024-38477 NULL Pointer Dereference vulnerability in multiple products
null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request. Users are recommended to upgrade to version 2.4.60, which fixes this issue.
network
low complexity
apache netapp CWE-476
7.5
2024-07-01 CVE-2024-6387 Race Condition vulnerability in multiple products
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd).
8.1
2024-04-04 CVE-2024-27316 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response.
network
low complexity
apache fedoraproject netapp CWE-770
7.5
2024-02-13 CVE-2023-4408 The DNS message parsing code in `named` includes a section whose computational complexity is overly high.
network
low complexity
netapp fedoraproject isc
7.5
2024-02-13 CVE-2023-5517 Reachable Assertion vulnerability in multiple products
A flaw in query-handling code can cause `named` to exit prematurely with an assertion failure when: - `nxdomain-redirect <domain>;` is configured, and - the resolver receives a PTR query for an RFC 1918 address that would normally result in an authoritative NXDOMAIN response. This issue affects BIND 9 versions 9.12.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.
network
low complexity
netapp fedoraproject isc CWE-617
7.5
2024-02-13 CVE-2023-5679 A bad interaction between DNS64 and serve-stale may cause `named` to crash with an assertion failure during recursive resolution, when both of these features are enabled. This issue affects BIND 9 versions 9.16.12 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.16.12-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.
network
low complexity
netapp fedoraproject isc
7.5
2024-02-13 CVE-2023-6516 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
To keep its cache database efficient, `named` running as a recursive resolver occasionally attempts to clean up the database.
network
low complexity
isc netapp CWE-770
7.5
2024-02-05 CVE-2023-27318 Unspecified vulnerability in Netapp Storagegrid 11.6.0
StorageGRID (formerly StorageGRID Webscale) versions 11.6.0 through 11.6.0.13 are susceptible to a Denial of Service (DoS) vulnerability.
network
low complexity
netapp
7.5
2024-01-31 CVE-2024-1086 Use After Free vulnerability in multiple products
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT. We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.
7.8
2024-01-26 CVE-2024-21985 Unspecified vulnerability in Netapp Clustered Data Ontap
ONTAP 9 versions prior to 9.9.1P18, 9.10.1P16, 9.11.1P13, 9.12.1P10 and 9.13.1P4 are susceptible to a vulnerability which could allow an authenticated user with multiple remote accounts with differing roles to perform actions via REST API beyond their intended privilege.
network
low complexity
netapp
7.6