Vulnerabilities > Netapp > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-02-16 CVE-2024-21987 Incorrect Authorization vulnerability in Netapp Snapcenter 4.8/4.9
SnapCenter versions 4.8 prior to 5.0 are susceptible to a vulnerability which could allow an authenticated SnapCenter Server user to modify system logging configuration settings
network
low complexity
netapp CWE-863
5.4
2024-01-12 CVE-2024-21982 Unspecified vulnerability in Netapp Clustered Data Ontap
ONTAP versions 9.4 and higher are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information to unprivileged attackers when the object-store profiler command is being run by an administrative user.
network
low complexity
netapp
6.5
2023-12-21 CVE-2023-27319 Information Exposure Through an Error Message vulnerability in Netapp Ontap Mediator
ONTAP Mediator versions prior to 1.7 are susceptible to a vulnerability that can allow an unauthenticated attacker to enumerate URLs via REST API.
network
low complexity
netapp CWE-209
5.3
2023-12-15 CVE-2023-27317 Unspecified vulnerability in Netapp Ontap 9.12.1/9.13.1
ONTAP 9 versions 9.12.1P8, 9.13.1P4, and 9.13.1P5 are susceptible to a vulnerability which will cause all SAS-attached FIPS 140-2 drives to become unlocked after a system reboot or power cycle or a single SAS-attached FIPS 140-2 drive to become unlocked after reinsertion.
low complexity
netapp
4.6
2023-10-16 CVE-2023-40791 extract_user_to_sg in lib/scatterlist.c in the Linux kernel before 6.4.12 fails to unpin pages in a certain situation, as demonstrated by a WARNING for try_grab_page.
local
high complexity
linux netapp
6.3
2023-10-14 CVE-2023-45862 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
An issue was discovered in drivers/usb/storage/ene_ub6250.c for the ENE UB6250 reader driver in the Linux kernel before 6.2.5.
local
low complexity
linux netapp CWE-770
5.5
2023-10-12 CVE-2023-27312 Unspecified vulnerability in Netapp Snapcenter Plug-In 4.6
SnapCenter Plugin for VMware vSphere versions 4.6 prior to 4.9 are susceptible to a vulnerability which may allow authenticated unprivileged users to modify email and snapshot name settings within the VMware vSphere user interface.
network
low complexity
netapp
4.3
2023-10-12 CVE-2023-27315 Insufficiently Protected Credentials vulnerability in Netapp Snapgathers
SnapGathers versions prior to 4.9 are susceptible to a vulnerability which could allow a local authenticated attacker to discover plaintext domain user credentials
local
low complexity
netapp CWE-522
5.5
2023-10-05 CVE-2023-40745 Integer Overflow or Wraparound vulnerability in multiple products
LibTIFF is vulnerable to an integer overflow.
network
low complexity
libtiff fedoraproject redhat netapp CWE-190
6.5
2023-09-18 CVE-2023-4527 Out-of-bounds Read vulnerability in multiple products
A flaw was found in glibc.
network
high complexity
gnu redhat fedoraproject netapp CWE-125
6.5