Vulnerabilities > Netapp > High

DATE CVE VULNERABILITY TITLE RISK
2023-08-31 CVE-2023-20900 Authentication Bypass by Capture-replay vulnerability in multiple products
A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html  in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html .
7.5
2023-08-23 CVE-2023-41105 Untrusted Search Path vulnerability in multiple products
An issue was discovered in Python 3.11 through 3.11.4.
network
low complexity
python netapp CWE-426
7.5
2023-08-01 CVE-2023-3107 Integer Overflow or Wraparound vulnerability in multiple products
A set of carefully crafted ipv6 packets can trigger an integer overflow in the calculation of a fragment reassembled packet's payload length field.
network
low complexity
freebsd netapp CWE-190
7.5
2023-07-31 CVE-2023-4004 Use After Free vulnerability in multiple products
A use-after-free flaw was found in the Linux kernel's netfilter in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_EXT_KEY_END.
7.8
2023-07-24 CVE-2023-32247 Memory Leak vulnerability in multiple products
A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server.
network
low complexity
linux netapp CWE-401
7.5
2023-07-24 CVE-2023-32248 NULL Pointer Dereference vulnerability in multiple products
A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server.
network
low complexity
linux netapp CWE-476
7.5
2023-07-24 CVE-2023-32252 NULL Pointer Dereference vulnerability in multiple products
A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server.
network
low complexity
linux netapp CWE-476
7.5
2023-07-24 CVE-2023-32257 Improper Locking vulnerability in multiple products
A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server.
network
high complexity
linux netapp CWE-667
8.1
2023-07-24 CVE-2023-32258 Improper Locking vulnerability in multiple products
A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server.
network
high complexity
linux netapp CWE-667
8.1
2023-07-20 CVE-2022-28734 Out-of-bounds Write vulnerability in multiple products
Out-of-bounds write when handling split HTTP headers; When handling split HTTP headers, GRUB2 HTTP code accidentally moves its internal data buffer point by one position.
network
high complexity
gnu netapp CWE-787
7.0