Vulnerabilities > Netapp > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-10-12 | CVE-2023-27316 | Unspecified vulnerability in Netapp Snapcenter 4.8 SnapCenter versions 4.8 through 4.9 are susceptible to a vulnerability which may allow an authenticated SnapCenter Server user to become an admin user on a remote system where a SnapCenter plug-in has been installed. | 7.8 |
2023-10-12 | CVE-2023-27313 | Unspecified vulnerability in Netapp Snapcenter SnapCenter versions 3.x and 4.x prior to 4.9 are susceptible to a vulnerability which may allow an authenticated unprivileged user to gain access as an admin user. | 8.8 |
2023-10-12 | CVE-2023-27314 | Unspecified vulnerability in Netapp Clustered Data Ontap ONTAP 9 versions prior to 9.8P19, 9.9.1P16, 9.10.1P12, 9.11.1P8, 9.12.1P2 and 9.13.1 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to cause a crash of the HTTP service. | 7.5 |
2023-10-11 | CVE-2023-39325 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. | 7.5 |
2023-10-10 | CVE-2023-44487 | Resource Exhaustion vulnerability in multiple products The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. | 7.5 |
2023-09-20 | CVE-2023-4236 | Reachable Assertion vulnerability in multiple products A flaw in the networking code handling DNS-over-TLS queries may cause `named` to terminate unexpectedly due to an assertion failure. | 7.5 |
2023-09-14 | CVE-2023-1108 | Infinite Loop vulnerability in multiple products A flaw was found in undertow. | 7.5 |
2023-08-31 | CVE-2023-20900 | Authentication Bypass by Capture-replay vulnerability in multiple products A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html . | 7.5 |
2023-08-23 | CVE-2023-41105 | Untrusted Search Path vulnerability in multiple products An issue was discovered in Python 3.11 through 3.11.4. | 7.5 |
2023-08-01 | CVE-2023-3107 | Integer Overflow or Wraparound vulnerability in multiple products A set of carefully crafted ipv6 packets can trigger an integer overflow in the calculation of a fragment reassembled packet's payload length field. | 7.5 |