High

DATE	CVE	VULNERABILITY TITLE	RISK
2023-05-01	CVE-2023-2236	Use After Free vulnerability in multiple products A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation. Both io_install_fixed_file and its callers call fput in a file in case of an error, causing a reference underflow which leads to a use-after-free vulnerability. We recommend upgrading past commit 9d94c04c0db024922e886c9fd429659f22f48ea4. local low complexity linux netapp CWE-416	7.8
2023-04-25	CVE-2023-0045	Externally Controlled Reference to a Resource in Another Sphere vulnerability in multiple products The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall. network low complexity linux debian netapp CWE-610	7.5
2023-04-25	CVE-2023-29552	The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated, remote attacker to register arbitrary services. network low complexity netapp suse vmware service-location-protocol-project	7.5
2023-04-24	CVE-2023-2007	Improper Locking vulnerability in multiple products The specific flaw exists within the DPT I2O Controller driver. local low complexity linux debian netapp CWE-667	7.8
2023-04-24	CVE-2023-2006	Race Condition vulnerability in multiple products A race condition was found in the Linux kernel's RxRPC network protocol, within the processing of RxRPC bundles. local high complexity linux netapp CWE-362	7.0
2023-04-11	CVE-2023-1989	Use After Free vulnerability in multiple products A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio.c in the Linux Kernel. local high complexity linux netapp debian CWE-416	7.0
2023-04-05	CVE-2023-1838	Use After Free vulnerability in multiple products A use-after-free flaw was found in vhost_net_set_backend in drivers/vhost/net.c in virtio network subcomponent in the Linux kernel due to a double fget. local low complexity linux netapp CWE-416	7.1
2023-03-31	CVE-2023-28464	Double Free vulnerability in multiple products hci_conn_cleanup in net/bluetooth/hci_conn.c in the Linux kernel through 6.2.9 has a use-after-free (observed in hci_conn_hash_flush) because of calls to hci_dev_put and hci_conn_put. local low complexity linux netapp CWE-415	7.8
2023-03-30	CVE-2023-27533	Injection vulnerability in multiple products A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation. network low complexity haxx fedoraproject netapp splunk CWE-74	8.8
2023-03-30	CVE-2023-27534	Path Traversal vulnerability in multiple products A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. network low complexity haxx fedoraproject netapp broadcom splunk CWE-22	8.8