Vulnerabilities > Netapp > High

DATE CVE VULNERABILITY TITLE RISK
2023-07-10 CVE-2023-32250 Race Condition vulnerability in multiple products
A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server.
network
high complexity
linux netapp CWE-362
8.1
2023-07-10 CVE-2023-32254 Race Condition vulnerability in multiple products
A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server.
network
high complexity
linux netapp CWE-362
8.1
2023-07-05 CVE-2023-35001 Out-of-bounds Write vulnerability in multiple products
Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace
local
low complexity
linux debian fedoraproject netapp CWE-787
7.8
2023-06-28 CVE-2023-3390 Use After Free vulnerability in multiple products
A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nf_tables_api.c. Mishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability.
local
low complexity
linux netapp CWE-416
7.8
2023-06-28 CVE-2023-1295 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products
A time-of-check to time-of-use issue exists in io_uring subsystem's IORING_OP_CLOSE operation in the Linux kernel's versions 5.6 - 5.11 (inclusive), which allows a local user to elevate their privileges to root.
local
high complexity
linux netapp CWE-367
7.0
2023-06-21 CVE-2023-2828 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
Every `named` instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers.
network
low complexity
isc debian fedoraproject netapp CWE-770
7.5
2023-06-21 CVE-2023-2829 A `named` instance configured to run as a DNSSEC-validating recursive resolver with the Aggressive Use of DNSSEC-Validated Cache (RFC 8198) option (`synth-from-dnssec`) enabled can be remotely terminated using a zone with a malformed NSEC record. This issue affects BIND 9 versions 9.16.8-S1 through 9.16.41-S1 and 9.18.11-S1 through 9.18.15-S1.
network
low complexity
isc netapp
7.5
2023-06-21 CVE-2023-2911 Out-of-bounds Write vulnerability in multiple products
If the `recursive-clients` quota is reached on a BIND 9 resolver configured with both `stale-answer-enable yes;` and `stale-answer-client-timeout 0;`, a sequence of serve-stale-related lookups could cause `named` to loop and terminate unexpectedly due to a stack overflow. This issue affects BIND 9 versions 9.16.33 through 9.16.41, 9.18.7 through 9.18.15, 9.16.33-S1 through 9.16.41-S1, and 9.18.11-S1 through 9.18.15-S1.
network
low complexity
isc debian fedoraproject netapp CWE-787
7.5
2023-06-18 CVE-2023-35826 Use After Free vulnerability in multiple products
An issue was discovered in the Linux kernel before 6.3.2.
local
high complexity
linux netapp CWE-416
7.0
2023-06-18 CVE-2023-35828 Use After Free vulnerability in multiple products
An issue was discovered in the Linux kernel before 6.3.2.
local
high complexity
linux netapp CWE-416
7.0