Vulnerabilities > Netapp > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-04-18 CVE-2023-21962 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services).
network
low complexity
oracle fedoraproject netapp
4.9
2023-04-18 CVE-2023-21967 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE).
network
high complexity
oracle netapp debian
5.9
2023-04-18 CVE-2023-21971 Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J).
network
high complexity
oracle netapp
5.3
2023-03-30 CVE-2023-27535 Improper Authentication vulnerability in multiple products
An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers.
network
high complexity
haxx fedoraproject debian netapp splunk CWE-287
5.9
2023-03-30 CVE-2023-27536 Improper Authentication vulnerability in multiple products
An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option.
network
high complexity
haxx fedoraproject debian netapp splunk CWE-287
5.9
2023-03-30 CVE-2023-27537 Double Free vulnerability in multiple products
A double free vulnerability exists in libcurl <8.0.0 when sharing HSTS data between separate "handles".
network
high complexity
haxx netapp broadcom splunk CWE-415
5.9
2023-03-30 CVE-2023-27538 Improper Authentication vulnerability in multiple products
An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse.
5.5
2023-03-16 CVE-2023-28486 Improper Encoding or Escaping of Output vulnerability in multiple products
Sudo before 1.9.13 does not escape control characters in log messages.
network
low complexity
sudo-project netapp CWE-116
5.3
2023-03-16 CVE-2023-28487 Improper Encoding or Escaping of Output vulnerability in multiple products
Sudo before 1.9.13 does not escape control characters in sudoreplay output.
network
low complexity
sudo-project netapp CWE-116
5.3
2023-02-28 CVE-2022-23239 Cross-site Scripting vulnerability in Netapp Active IQ Unified Manager
Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.11P1 are susceptible to a vulnerability which allows administrative users to perform a Stored Cross-Site Scripting (XSS) attack.
network
low complexity
netapp CWE-79
4.8