Netapp Security Vulnerabilities
In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of a device.
4.7CVSS
6AI Score
0.0004EPSS
In the Linux kernel 6.0.8, there is an out-of-bounds read in ntfs_attr_find in fs/ntfs/attrib.c.
7.1CVSS
6.4AI Score
0.0005EPSS
NetApp Blue XP Connector versions prior to 3.9.25 expose information via a directory listing. A new Connector architecture resolves this issue - obtaining the fix requires redeploying a fresh Connector.
5.3CVSS
5.1AI Score
0.0005EPSS
SnapCenter Plugin for VMware vSphere versions 4.6 prior to 4.9 aresusceptible to a vulnerability which may allow authenticatedunprivileged users to modify email and snapshot name settings within theVMware vSphere user interface.
5.4CVSS
4.5AI Score
0.0005EPSS
SnapCenter versions 3.x and 4.x prior to 4.9 are susceptible to avulnerability which may allow an authenticated unprivileged user to gainaccess as an admin user.
8.8CVSS
8.4AI Score
0.001EPSS
ONTAP 9 versions prior to 9.8P19, 9.9.1P16, 9.10.1P12, 9.11.1P8,9.12.1P2 and 9.13.1 are susceptible to a vulnerability which could allowa remote unauthenticated attacker to cause a crash of the HTTP service.
7.5CVSS
7.5AI Score
0.001EPSS
SnapGathers versions prior to 4.9 are susceptible to a vulnerabilitywhich could allow a local authenticated attacker to discover plaintextdomain user credentials
6.5CVSS
5.3AI Score
0.0004EPSS
SnapCenter versions 4.8 through 4.9 are susceptible to avulnerability which may allow an authenticated SnapCenter Server user tobecome an admin user on a remote system where a SnapCenter plug-in hasbeen installed.
8.8CVSS
7.4AI Score
0.0004EPSS
ONTAP 9 versions 9.12.1P8, 9.13.1P4, and 9.13.1P5 are susceptible to avulnerability which will cause all SAS-attached FIPS 140-2 drives tobecome unlocked after a system reboot or power cycle or a singleSAS-attached FIPS 140-2 drive to become unlocked after reinsertion. Thiscould lead to disclosure ...
4.6CVSS
4.5AI Score
0.001EPSS
StorageGRID (formerly StorageGRID Webscale) versions 11.6.0 through11.6.0.13 are susceptible to a Denial of Service (DoS) vulnerability. Asuccessful exploit could lead to a crash of the Local DistributionRouter (LDR) service.
7.5CVSS
7.4AI Score
0.0005EPSS
ONTAP Mediator versions prior to 1.7 are susceptible to avulnerability that can allow an unauthenticated attacker to enumerateURLs via REST API.
5.3CVSS
5.3AI Score
0.001EPSS
A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform o...
8.8CVSS
8.8AI Score
0.002EPSS
A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers...
8.8CVSS
8.8AI Score
0.003EPSS
An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current setup. However, certai...
5.9CVSS
7.3AI Score
0.002EPSS
An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/...
5.9CVSS
7AI Score
0.003EPSS
A double free vulnerability exists in libcurl <8.0.0 when sharing HSTS data between separate "handles". This sharing was introduced without considerations for do this sharing across separate threads but there was no indication of this fact in the documentation. Due to missing mutexes or thread l...
5.9CVSS
5.7AI Score
0.001EPSS
An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent ...
5.5CVSS
7.1AI Score
0.0004EPSS
Every named instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. The size limit for that cache database can be configured using the max-cache-size statement in the configuration file; it def...
7.5CVSS
7.8AI Score
0.002EPSS
A named instance configured to run as a DNSSEC-validating recursive resolver with the Aggressive Use of DNSSEC-Validated Cache (RFC 8198) option (synth-from-dnssec) enabled can be remotely terminated using a zone with a malformed NSEC record.This issue affects BIND 9 versions 9.16.8-S1 through 9.16...
7.5CVSS
7.5AI Score
0.001EPSS
A use after free vulnerability exists in curl <v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. When this check fails, libcurl would free the memory for the fingerprint before it returns an error message containing the (now freed) hash. This f...
7.5CVSS
7.3AI Score
0.002EPSS
A denial of service vulnerability exists in curl <v8.1.0 in the way libcurl provides several different backends for resolving host names, selected at build time. If it is built to use the synchronous resolver, it allows name resolves to time-out slow operations using alarm() and siglongjmp(). Wh...
5.9CVSS
6.3AI Score
0.002EPSS
An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS lib...
5.9CVSS
6.2AI Score
0.002EPSS
An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (CURLOPT_READFUNCTION) to ask for data to send, even when the CURLOPT_POSTFIELDS option has been set, if the same handle previously wasused to issue a PUT ...
3.7CVSS
5.3AI Score
0.001EPSS
hci_conn_cleanup in net/bluetooth/hci_conn.c in the Linux kernel through 6.2.9 has a use-after-free (observed in hci_conn_hash_flush) because of calls to hci_dev_put and hci_conn_put. There is a double free that may lead to privilege escalation.
7.8CVSS
7.3AI Score
0.0004EPSS
do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference).
7CVSS
6.9AI Score
0.0004EPSS
5.3CVSS
5.4AI Score
0.001EPSS
5.3CVSS
5.4AI Score
0.001EPSS
ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9.
9.8CVSS
9.1AI Score
0.001EPSS
The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a request was submitted th...
7.5CVSS
7.7AI Score
0.026EPSS
There is a null-pointer-dereference flaw found in f2fs_write_end_io in fs/f2fs/data.c in the Linux kernel. This flaw allows a local privileged user to cause a denial of service problem.
4.7CVSS
5.9AI Score
0.0004EPSS
If the recursive-clients quota is reached on a BIND 9 resolver configured with both stale-answer-enable yes; and stale-answer-client-timeout 0;, a sequence of serve-stale-related lookups could cause named to loop and terminate unexpectedly due to a stack overflow.This issue affects BIND 9 versions ...
7.5CVSS
7.5AI Score
0.002EPSS
A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.
7.5CVSS
7.3AI Score
0.004EPSS
The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated, remote attacker to register arbitrary services. This could allow the attacker to use spoofed UDP traffic to conduct a denial-of-service attack with a significant amplification factor.
Issue summary: The AES-SIV cipher implementation contains a bug that causesit to ignore empty associated data entries which are unauthenticated asa consequence. Impact summary: Applications that use the AES-SIV algorithm and want toauthenticate empty data entries as associated data can be mislead b...
5.3CVSS
6AI Score
0.005EPSS
A set of carefully crafted ipv6 packets can trigger an integer overflow in the calculation of a fragment reassembled packet's payload length field. This allows an attacker to trigger a kernel panic, resulting in a denial of service.
7.5CVSS
7.3AI Score
0.001EPSS
An issue was discovered in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel 6.2. There is a blocking operation when a task is in !TASK_RUNNING. In dvb_frontend_get_event, wait_event_interruptible is called; the condition is dvb_frontend_test_event(fepriv,events). In dvb_frontend_test_event...
5.5CVSS
6.6AI Score
0.0004EPSS
Ppmd7.c in 7-Zip before 23.00 allows an integer underflow and invalid read operation via a crafted 7Z archive.
7.8CVSS
7.2AI Score
0.0005EPSS
A use after free vulnerability was found in prepare_to_relocate in fs/btrfs/relocation.c in btrfs in the Linux Kernel. This possible flaw can be triggered by calling btrfs_ioctl_balance() before calling btrfs_ioctl_defrag().
7.8CVSS
7.4AI Score
0.0004EPSS
A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. This flaw allows a local attacker to crash the system at device disconnect, possibly leading to a kernel information leak.
7.1CVSS
6.8AI Score
0.0004EPSS
A NULL pointer dereference issue was found in the gfs2 file system in the Linux kernel. It occurs on corrupt gfs2 file systems when the evict code tries to reference the journal descriptor structure after it has been freed and set to NULL. A privileged local user could use this flaw to cause a kern...
4.4CVSS
6.3AI Score
0.0004EPSS
In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are mishandled.
7.8CVSS
7.5AI Score
0.0004EPSS
A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2_SESSION_SETUP commands. The issue results from the lack of control of resource consumption. An attacker can leverage this vulnerability to create a denial-of-s...
7.5CVSS
7.1AI Score
0.009EPSS
A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2_TREE_CONNECT and SMB2_QUERY_INFO commands. The issue results from the lack of proper validation of a pointer prior to accessing it. An attacker can leverage th...
7.5CVSS
7.5AI Score
0.006EPSS
A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_SESSION_SETUP commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerabilit...
9CVSS
7.7AI Score
0.003EPSS
A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2_LOGOFF commands. The issue results from the lack of proper validation of a pointer prior to accessing it. An attacker can leverage this vulnerability to create...
7.5CVSS
7.2AI Score
0.009EPSS
A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_TREE_DISCONNECT commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerabil...
9.8CVSS
7.7AI Score
0.003EPSS
A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_SESSION_SETUP and SMB2_LOGOFF commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage t...
8.1CVSS
7.7AI Score
0.007EPSS
A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_LOGOFF and SMB2_CLOSE commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vuln...
8.1CVSS
8.5AI Score
0.003EPSS
The Linux kernel 6.3 has a use-after-free in iopt_unmap_iova_range in drivers/iommu/iommufd/io_pagetable.c.
4.4CVSS
4.5AI Score
0.0004EPSS
A null pointer dereference flaw was found in the Linux kernel's DECnet networking protocol. This issue could allow a remote user to crash the system.
6.5CVSS
6.4AI Score
0.007EPSS