Vulnerabilities > Netapp > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-01 | CVE-2024-38477 | null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request. Users are recommended to upgrade to version 2.4.60, which fixes this issue. | 7.5 |
| 2024-07-01 | CVE-2024-6387 | Race Condition vulnerability in multiple products A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). | 8.1 |
| 2024-04-04 | CVE-2024-27316 | HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. | 7.5 |
| 2024-02-05 | CVE-2023-27318 | Unspecified vulnerability in Netapp Storagegrid 11.6.0/11.6.0.13 StorageGRID (formerly StorageGRID Webscale) versions 11.6.0 through 11.6.0.13 are susceptible to a Denial of Service (DoS) vulnerability. | 7.5 |
| 2024-01-31 | CVE-2024-1086 | Use After Free vulnerability in multiple products A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT. We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660. | 7.8 |
| 2024-01-26 | CVE-2024-21985 | Unspecified vulnerability in Netapp Clustered Data Ontap ONTAP 9 versions prior to 9.9.1P18, 9.10.1P16, 9.11.1P13, 9.12.1P10 and 9.13.1P4 are susceptible to a vulnerability which could allow an authenticated user with multiple remote accounts with differing roles to perform actions via REST API beyond their intended privilege. | 7.6 |
| 2024-01-16 | CVE-2024-0567 | Improper Verification of Cryptographic Signature vulnerability in multiple products A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. | 7.5 |
| 2024-01-15 | CVE-2024-0565 | Integer Underflow (Wrap or Wraparound) vulnerability in multiple products An out-of-bounds memory read flaw was found in receive_encrypted_standard in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux Kernel. | 7.4 |
| 2023-11-14 | CVE-2023-23583 | Sequence of processor instructions leads to unexpected behavior for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege and/or information disclosure and/or denial of service via local access. | 7.8 |
| 2023-11-03 | CVE-2023-31102 | Integer Underflow (Wrap or Wraparound) vulnerability in multiple products Ppmd7.c in 7-Zip before 23.00 allows an integer underflow and invalid read operation via a crafted 7Z archive. | 7.8 |