Filtered by vendor Netapp
Subscriptions
Total
2418 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-2124 | 4 Debian, Linux, Netapp and 1 more | 18 Debian Linux, Linux Kernel, H300s and 15 more | 2024-11-21 | 7.8 High |
| An out-of-bounds memory access flaw was found in the Linux kernel’s XFS file system in how a user restores an XFS image after failure (with a dirty log journal). This flaw allows a local user to crash or potentially escalate their privileges on the system. | ||||
| CVE-2023-2007 | 3 Debian, Linux, Netapp | 13 Debian Linux, Linux Kernel, H300s and 10 more | 2024-11-21 | 7.8 High |
| The specific flaw exists within the DPT I2O Controller driver. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel. | ||||
| CVE-2023-28531 | 2 Netapp, Openbsd | 4 Brocade Fabric Operating System, Hci Bootstrap Os, Solidfire Element Os and 1 more | 2024-11-21 | 9.8 Critical |
| ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9. | ||||
| CVE-2023-28487 | 3 Netapp, Redhat, Sudo Project | 5 Active Iq Unified Manager, Enterprise Linux, Openshift Data Foundation and 2 more | 2024-11-21 | 5.3 Medium |
| Sudo before 1.9.13 does not escape control characters in sudoreplay output. | ||||
| CVE-2023-28486 | 3 Netapp, Redhat, Sudo Project | 5 Active Iq Unified Manager, Enterprise Linux, Openshift Data Foundation and 2 more | 2024-11-21 | 5.3 Medium |
| Sudo before 1.9.13 does not escape control characters in log messages. | ||||
| CVE-2023-28464 | 3 Linux, Netapp, Redhat | 7 Linux Kernel, H300s Firmware, H410c Firmware and 4 more | 2024-11-21 | 7.8 High |
| hci_conn_cleanup in net/bluetooth/hci_conn.c in the Linux kernel through 6.2.9 has a use-after-free (observed in hci_conn_hash_flush) because of calls to hci_dev_put and hci_conn_put. There is a double free that may lead to privilege escalation. | ||||
| CVE-2023-28322 | 5 Apple, Fedoraproject, Haxx and 2 more | 17 Macos, Fedora, Curl and 14 more | 2024-11-21 | 3.7 Low |
| An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST. | ||||
| CVE-2023-27537 | 4 Broadcom, Haxx, Netapp and 1 more | 13 Brocade Fabric Operating System Firmware, Libcurl, Active Iq Unified Manager and 10 more | 2024-11-21 | 5.9 Medium |
| A double free vulnerability exists in libcurl <8.0.0 when sharing HSTS data between separate "handles". This sharing was introduced without considerations for do this sharing across separate threads but there was no indication of this fact in the documentation. Due to missing mutexes or thread locks, two threads sharing the same HSTS data could end up doing a double-free or use-after-free. | ||||
| CVE-2023-27533 | 5 Fedoraproject, Haxx, Netapp and 2 more | 15 Fedora, Curl, Active Iq Unified Manager and 12 more | 2024-11-21 | 8.8 High |
| A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system. | ||||
| CVE-2023-27319 | 1 Netapp | 1 Ontap Mediator | 2024-11-21 | 5.3 Medium |
| ONTAP Mediator versions prior to 1.7 are susceptible to a vulnerability that can allow an unauthenticated attacker to enumerate URLs via REST API. | ||||
| CVE-2023-27318 | 1 Netapp | 1 Storagegrid | 2024-11-21 | 6.5 Medium |
| StorageGRID (formerly StorageGRID Webscale) versions 11.6.0 through 11.6.0.13 are susceptible to a Denial of Service (DoS) vulnerability. A successful exploit could lead to a crash of the Local Distribution Router (LDR) service. | ||||
| CVE-2023-27315 | 1 Netapp | 1 Snapgathers | 2024-11-21 | 6.5 Medium |
| SnapGathers versions prior to 4.9 are susceptible to a vulnerability which could allow a local authenticated attacker to discover plaintext domain user credentials | ||||
| CVE-2023-27314 | 1 Netapp | 1 Clustered Data Ontap | 2024-11-21 | 7.5 High |
| ONTAP 9 versions prior to 9.8P19, 9.9.1P16, 9.10.1P12, 9.11.1P8, 9.12.1P2 and 9.13.1 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to cause a crash of the HTTP service. | ||||
| CVE-2023-27313 | 1 Netapp | 1 Snapcenter | 2024-11-21 | 8.3 High |
| SnapCenter versions 3.x and 4.x prior to 4.9 are susceptible to a vulnerability which may allow an authenticated unprivileged user to gain access as an admin user. | ||||
| CVE-2023-27312 | 1 Netapp | 1 Snapcenter Plug-in | 2024-11-21 | 5.4 Medium |
| SnapCenter Plugin for VMware vSphere versions 4.6 prior to 4.9 are susceptible to a vulnerability which may allow authenticated unprivileged users to modify email and snapshot name settings within the VMware vSphere user interface. | ||||
| CVE-2023-25136 | 4 Fedoraproject, Netapp, Openbsd and 1 more | 10 Fedora, 500f, 500f Firmware and 7 more | 2024-11-21 | 6.5 Medium |
| OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to any location in the sshd address space. One third-party report states "remote code execution is theoretically possible." | ||||
| CVE-2023-23915 | 4 Haxx, Netapp, Redhat and 1 more | 13 Curl, Active Iq Unified Manager, Clustered Data Ontap and 10 more | 2024-11-21 | 6.5 Medium |
| A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality to behave incorrectly when multiple URLs are requested in parallel. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. This HSTS mechanism would however surprisingly fail when multiple transfers are done in parallel as the HSTS cache file gets overwritten by the most recentlycompleted transfer. A later HTTP-only transfer to the earlier host name would then *not* get upgraded properly to HSTS. | ||||
| CVE-2023-22081 | 3 Netapp, Oracle, Redhat | 12 Cloud Insights Acquisition Unit, Cloud Insights Storage Workload Security Agent, Graalvm For Jdk and 9 more | 2024-11-21 | 5.3 Medium |
| Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf, 11.0.20, 17.0.8, 21; Oracle GraalVM for JDK: 17.0.8, 21; Oracle GraalVM Enterprise Edition: 20.3.11, 21.3.7 and 22.3.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). | ||||
| CVE-2023-22025 | 3 Netapp, Oracle, Redhat | 11 Cloud Insights Acquisition Unit, Cloud Insights Storage Workload Security Agent, Graalvm For Jdk and 8 more | 2024-11-21 | 3.7 Low |
| Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u381-perf, 17.0.8, 21; Oracle GraalVM for JDK: 17.0.8, 21; Oracle GraalVM Enterprise Edition: 21.3.7 and 22.3.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition,. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). | ||||
| CVE-2023-21971 | 2 Netapp, Oracle | 6 Active Iq Unified Manager, Oncommand Insight, Snapcenter and 3 more | 2024-11-21 | 5.3 Medium |
| Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.32 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors as well as unauthorized update, insert or delete access to some of MySQL Connectors accessible data and unauthorized read access to a subset of MySQL Connectors accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:H). | ||||