Vulnerabilities > Netapp > Snapcenter > High

DATE CVE VULNERABILITY TITLE RISK
2023-10-12 CVE-2023-27316 Unspecified vulnerability in Netapp Snapcenter 4.8/4.9
SnapCenter versions 4.8 through 4.9 are susceptible to a vulnerability which may allow an authenticated SnapCenter Server user to become an admin user on a remote system where a SnapCenter plug-in has been installed.
local
low complexity
netapp
7.8
2023-10-12 CVE-2023-27313 Unspecified vulnerability in Netapp Snapcenter
SnapCenter versions 3.x and 4.x prior to 4.9 are susceptible to a vulnerability which may allow an authenticated unprivileged user to gain access as an admin user.
network
low complexity
netapp
8.8
2022-12-23 CVE-2022-43551 Cleartext Transmission of Sensitive Information vulnerability in multiple products
A vulnerability exists in curl <7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP.
network
low complexity
haxx fedoraproject netapp splunk CWE-319
7.5
2022-09-29 CVE-2022-38732 Unspecified vulnerability in Netapp Snapcenter
SnapCenter versions prior to 4.7 shipped without Content Security Policy (CSP) implemented which could allow certain types of attacks that otherwise would be prevented.
network
low complexity
netapp
7.5
2022-07-07 CVE-2022-2048 In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources.
network
low complexity
eclipse debian netapp jenkins
7.5
2022-06-02 CVE-2022-27778 Use of Incorrectly-Resolved Name or Reference vulnerability in multiple products
A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with `--remove-on-error`.
network
low complexity
haxx netapp oracle splunk CWE-706
8.1
2022-04-13 CVE-2015-20107 Command Injection vulnerability in multiple products
In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file.
network
low complexity
python netapp fedoraproject CWE-77
7.6
2022-02-24 CVE-2022-21824 Due to the formatting logic of the "console.table()" function it was not safe to allow user controlled input to be passed to the "properties" parameter while simultaneously passing a plain object with at least one property as the first parameter, which could be "__proto__".
network
low complexity
nodejs oracle debian netapp
8.2
2021-12-14 CVE-2021-4044 Infinite Loop vulnerability in multiple products
Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server.
network
low complexity
openssl netapp nodejs CWE-835
7.5
2021-10-20 CVE-2021-35583 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Windows).
network
low complexity
oracle netapp
7.5