High

DATE	CVE	VULNERABILITY TITLE	RISK
2024-07-01	CVE-2024-38477	null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request. Users are recommended to upgrade to version 2.4.60, which fixes this issue. network low complexity apache netapp	7.5
2024-07-01	CVE-2024-6387	Race Condition vulnerability in multiple products A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). network high complexity openbsd redhat suse debian canonical amazon netapp freebsd netbsd CWE-362	8.1
2024-04-04	CVE-2024-27316	HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. network low complexity apache fedoraproject netapp	7.5
2024-02-14	CVE-2024-25617	Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. network low complexity squid-cache netapp	7.5
2024-02-05	CVE-2023-27318	Unspecified vulnerability in Netapp Storagegrid 11.6.0/11.6.0.13 StorageGRID (formerly StorageGRID Webscale) versions 11.6.0 through 11.6.0.13 are susceptible to a Denial of Service (DoS) vulnerability. network low complexity netapp	7.5
2024-01-31	CVE-2024-1086	Use After Free vulnerability in multiple products A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT. We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660. local low complexity linux fedoraproject redhat debian netapp CWE-416	7.8
2024-01-26	CVE-2024-21985	Unspecified vulnerability in Netapp Clustered Data Ontap ONTAP 9 versions prior to 9.9.1P18, 9.10.1P16, 9.11.1P13, 9.12.1P10 and 9.13.1P4 are susceptible to a vulnerability which could allow an authenticated user with multiple remote accounts with differing roles to perform actions via REST API beyond their intended privilege. network low complexity netapp	7.6
2024-01-16	CVE-2024-0567	Improper Verification of Cryptographic Signature vulnerability in multiple products A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. network low complexity gnu fedoraproject netapp debian CWE-347	7.5
2024-01-15	CVE-2024-0565	Integer Underflow (Wrap or Wraparound) vulnerability in multiple products An out-of-bounds memory read flaw was found in receive_encrypted_standard in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux Kernel. low complexity linux netapp CWE-191	7.4
2023-11-14	CVE-2023-23583	Incorrect Default Permissions vulnerability in multiple products Sequence of processor instructions leads to unexpected behavior for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege and/or information disclosure and/or denial of service via local access. local low complexity intel debian netapp CWE-276	7.8