Vulnerabilities > Netapp > High

DATE CVE VULNERABILITY TITLE RISK
2023-10-12 CVE-2023-27316 Unspecified vulnerability in Netapp Snapcenter 4.8
SnapCenter versions 4.8 through 4.9 are susceptible to a vulnerability which may allow an authenticated SnapCenter Server user to become an admin user on a remote system where a SnapCenter plug-in has been installed.
local
low complexity
netapp
7.8
2023-10-12 CVE-2023-27313 Unspecified vulnerability in Netapp Snapcenter
SnapCenter versions 3.x and 4.x prior to 4.9 are susceptible to a vulnerability which may allow an authenticated unprivileged user to gain access as an admin user.
network
low complexity
netapp
8.8
2023-10-12 CVE-2023-27314 Unspecified vulnerability in Netapp Clustered Data Ontap
ONTAP 9 versions prior to 9.8P19, 9.9.1P16, 9.10.1P12, 9.11.1P8, 9.12.1P2 and 9.13.1 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to cause a crash of the HTTP service.
network
low complexity
netapp
7.5
2023-10-11 CVE-2023-39325 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption.
network
low complexity
golang fedoraproject netapp CWE-770
7.5
2023-10-10 CVE-2023-44487 The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. 7.5
2023-09-21 CVE-2023-41993 Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products
The issue was addressed with improved checks.
8.8
2023-09-20 CVE-2023-4236 Reachable Assertion vulnerability in multiple products
A flaw in the networking code handling DNS-over-TLS queries may cause `named` to terminate unexpectedly due to an assertion failure.
network
low complexity
isc fedoraproject debian netapp CWE-617
7.5
2023-09-14 CVE-2023-1108 Infinite Loop vulnerability in multiple products
A flaw was found in undertow.
network
low complexity
redhat netapp CWE-835
7.5
2023-09-12 CVE-2023-4863 Out-of-bounds Write vulnerability in multiple products
Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
8.8
2023-08-31 CVE-2023-20900 Authentication Bypass by Capture-replay vulnerability in multiple products
A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html  in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html .
7.5