Filtered by vendor Netapp Subscriptions
Total 2481 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-36054 4 Debian, Mit, Netapp and 1 more 8 Debian Linux, Kerberos 5, Active Iq Unified Manager and 5 more 2024-11-21 6.5 Medium
lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.
CVE-2023-35829 2 Linux, Netapp 5 Linux Kernel, H300s, H410s and 2 more 2024-11-21 7.0 High
An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in rkvdec_remove in drivers/staging/media/rkvdec/rkvdec.c.
CVE-2023-35828 2 Linux, Netapp 6 Linux Kernel, H300s, H410c and 3 more 2024-11-21 7 High
An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in renesas_usb3_remove in drivers/usb/gadget/udc/renesas_usb3.c.
CVE-2023-35826 2 Linux, Netapp 6 Linux Kernel, H300s, H410c and 3 more 2024-11-21 7.0 High
An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in cedrus_remove in drivers/staging/media/sunxi/cedrus/cedrus.c.
CVE-2023-32252 3 Linux, Netapp, Redhat 12 Linux Kernel, H300s, H300s Firmware and 9 more 2024-11-21 7.5 High
A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2_LOGOFF commands. The issue results from the lack of proper validation of a pointer prior to accessing it. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.
CVE-2023-32248 3 Linux, Netapp, Redhat 7 Linux Kernel, H300s, H410c and 4 more 2024-11-21 7.5 High
A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2_TREE_CONNECT and SMB2_QUERY_INFO commands. The issue results from the lack of proper validation of a pointer prior to accessing it. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.
CVE-2023-32247 3 Linux, Netapp, Redhat 6 Linux Kernel, H300s, H410s and 3 more 2024-11-21 7.5 High
A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2_SESSION_SETUP commands. The issue results from the lack of control of resource consumption. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.
CVE-2023-31102 3 7-zip, Linux, Netapp 4 7-zip, Linux Kernel, Active Iq Unified Manager and 1 more 2024-11-21 7.8 High
Ppmd7.c in 7-Zip before 23.00 allows an integer underflow and invalid read operation via a crafted 7Z archive.
CVE-2023-2898 3 Debian, Linux, Netapp 12 Debian Linux, Linux Kernel, H300s and 9 more 2024-11-21 4.7 Medium
There is a null-pointer-dereference flaw found in f2fs_write_end_io in fs/f2fs/data.c in the Linux kernel. This flaw allows a local privileged user to cause a denial of service problem.
CVE-2023-2269 5 Debian, Fedoraproject, Linux and 2 more 14 Debian Linux, Fedora, Linux Kernel and 11 more 2024-11-21 4.4 Medium
A denial of service problem was found, due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing sub-component.
CVE-2023-2124 4 Debian, Linux, Netapp and 1 more 18 Debian Linux, Linux Kernel, H300s and 15 more 2024-11-21 7.8 High
An out-of-bounds memory access flaw was found in the Linux kernel’s XFS file system in how a user restores an XFS image after failure (with a dirty log journal). This flaw allows a local user to crash or potentially escalate their privileges on the system.
CVE-2023-2007 3 Debian, Linux, Netapp 13 Debian Linux, Linux Kernel, H300s and 10 more 2024-11-21 7.8 High
The specific flaw exists within the DPT I2O Controller driver. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel.
CVE-2023-28531 2 Netapp, Openbsd 4 Brocade Fabric Operating System, Hci Bootstrap Os, Solidfire Element Os and 1 more 2024-11-21 9.8 Critical
ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9.
CVE-2023-28487 3 Netapp, Redhat, Sudo Project 5 Active Iq Unified Manager, Enterprise Linux, Openshift Data Foundation and 2 more 2024-11-21 5.3 Medium
Sudo before 1.9.13 does not escape control characters in sudoreplay output.
CVE-2023-28486 3 Netapp, Redhat, Sudo Project 5 Active Iq Unified Manager, Enterprise Linux, Openshift Data Foundation and 2 more 2024-11-21 5.3 Medium
Sudo before 1.9.13 does not escape control characters in log messages.
CVE-2023-28464 3 Linux, Netapp, Redhat 7 Linux Kernel, H300s Firmware, H410c Firmware and 4 more 2024-11-21 7.8 High
hci_conn_cleanup in net/bluetooth/hci_conn.c in the Linux kernel through 6.2.9 has a use-after-free (observed in hci_conn_hash_flush) because of calls to hci_dev_put and hci_conn_put. There is a double free that may lead to privilege escalation.
CVE-2023-28322 5 Apple, Fedoraproject, Haxx and 2 more 17 Macos, Fedora, Curl and 14 more 2024-11-21 3.7 Low
An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.
CVE-2023-27537 4 Broadcom, Haxx, Netapp and 1 more 13 Brocade Fabric Operating System Firmware, Libcurl, Active Iq Unified Manager and 10 more 2024-11-21 5.9 Medium
A double free vulnerability exists in libcurl <8.0.0 when sharing HSTS data between separate "handles". This sharing was introduced without considerations for do this sharing across separate threads but there was no indication of this fact in the documentation. Due to missing mutexes or thread locks, two threads sharing the same HSTS data could end up doing a double-free or use-after-free.
CVE-2023-27533 5 Fedoraproject, Haxx, Netapp and 2 more 15 Fedora, Curl, Active Iq Unified Manager and 12 more 2024-11-21 8.8 High
A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.
CVE-2023-27319 1 Netapp 1 Ontap Mediator 2024-11-21 5.3 Medium
ONTAP Mediator versions prior to 1.7 are susceptible to a vulnerability that can allow an unauthenticated attacker to enumerate URLs via REST API.