Netapp Security Vulnerabilities (CVEs)

This vulnerability in Intel TDX module software allows a privileged user on a local system to potentially escalate privileges due to improper input va...

This vulnerability in iPerf3 allows attackers to exploit a timing side channel in RSA decryption operations when using OpenSSL with RSA authentication...

A stack-based buffer overflow vulnerability in nscd (Name Service Cache Daemon) allows attackers to execute arbitrary code or crash the service when n...

A memory allocation failure in nscd's netgroup cache can cause the daemon to terminate, resulting in denial of service for clients relying on name ser...

IBM Cognos Analytics versions 11.2.0-11.2.4 and 12.0.0-12.0.2 have improper input validation in application logging, allowing injection attacks. This ...

This vulnerability in ONTAP Select Deploy administration utility allows read-only users to escalate their privileges to higher administrative levels. ...

CVE-2024-32487 is a command injection vulnerability in the 'less' pager utility that allows attackers to execute arbitrary OS commands via specially c...

This vulnerability allows remote attackers to interfere with DNS name resolution by sending invalid packets from expected IP addresses and source port...

CVE-2023-38709 is an input validation vulnerability in Apache HTTP Server that allows malicious backend applications or content generators to split HT...

This vulnerability in nghttp2's HTTP/2 implementation allows memory exhaustion attacks when clients send excessive headers. Attackers can cause denial...

CVE-2024-2398 is a memory leak vulnerability in libcurl that occurs when HTTP/2 server push headers exceed the 1000-header limit. This allows attacker...

This CVE describes an out-of-bounds write vulnerability in Apache Commons Configuration that could allow attackers to write data beyond allocated memo...

Spring Framework applications using UriComponentsBuilder to parse external URLs with host validation are vulnerable to open redirect and SSRF attacks....

CVE-2024-28757 is an XML Entity Expansion vulnerability in libexpat that allows attackers to cause denial of service through resource exhaustion when ...

CVE-2024-25111 is an uncontrolled recursion vulnerability in Squid's HTTP chunked decoder that allows remote attackers to cause denial of service by s...

CVE-2024-26461 is a memory leak vulnerability in Kerberos 5's GSSAPI sealing implementation that can lead to denial of service through resource exhaus...

This vulnerability in BIND 9 DNS resolver allows attackers to cause uncontrolled memory growth by triggering specific query patterns that overwhelm ca...

CVE-2023-4408 is a denial-of-service vulnerability in BIND's DNS message parsing code where crafted queries cause excessive CPU consumption due to alg...

A vulnerability in BIND DNS servers where enabling both DNS64 and serve-stale features can cause named to crash during recursive resolution. This affe...

This vulnerability in NetApp ONTAP allows authenticated users with multiple remote accounts to perform REST API actions beyond their intended privileg...

This Java security vulnerability allows attackers to bypass sandbox protections in client-side Java deployments. It affects Java SE, GraalVM for JDK, ...

This vulnerability in Oracle Java SE and GraalVM allows unauthenticated attackers with network access to modify critical data in Java deployments that...

A vulnerability in GnuTLS causes Cockpit to reject certificate chains with distributed trust when using cockpit-certificate-ensure, allowing unauthent...

CVE-2023-23583 is a hardware vulnerability in certain Intel processors where specific instruction sequences can cause unexpected behavior, potentially...

This vulnerability in 7-Zip's PPMd7 compression module allows attackers to craft malicious 7Z archives that trigger an integer underflow, leading to i...

This CVE describes a use-after-free vulnerability in the NVMe/TCP subsystem of the Linux kernel that could allow attackers to execute arbitrary code o...

This vulnerability in Oracle MySQL Connector/J allows an unauthenticated attacker with network access to potentially compromise the connector through ...

This vulnerability allows authenticated SnapCenter Server users to escalate privileges to admin level on remote systems where SnapCenter plug-ins are ...

This vulnerability in SnapCenter allows authenticated unprivileged users to escalate their privileges to administrative access. It affects SnapCenter ...

CVE-2023-44487 is an HTTP/2 protocol vulnerability that allows attackers to cause denial of service by rapidly resetting streams, consuming server res...

CVE-2023-4911 is a buffer overflow vulnerability in the GNU C Library's dynamic loader (ld.so) that allows local attackers to exploit SUID binaries. B...

A denial-of-service vulnerability in BIND 9's DNS-over-TLS implementation causes the named service to crash when handling high volumes of DNS-over-TLS...

CVE-2023-1108 is a denial-of-service vulnerability in Undertow's SSL/TLS implementation where an infinite loop in the handshake process can crash the ...

This CVE describes a privilege escalation vulnerability in VMware vSphere where a malicious actor with Guest Operation Privileges in a target virtual ...

A vulnerability in Python 3.11 through 3.11.4 allows path truncation via null bytes in os.path.normpath(). This can bypass security checks that previo...

This vulnerability affects systems using certifi Python package versions before 2023.07.22, which included compromised e-Tugra root certificates. Atta...

This vulnerability in the Linux kernel's ksmbd SMB server allows attackers to cause denial-of-service by exploiting improper resource consumption hand...

This vulnerability in the Linux kernel's ksmbd SMB server allows attackers to cause a denial-of-service by sending specially crafted SMB2_LOGOFF comma...

CVE-2023-32258 is a race condition vulnerability in the Linux kernel's ksmbd SMB server that allows local attackers to escalate privileges to kernel-l...

This vulnerability in the Linux kernel's nftables subsystem allows local users with CAP_NET_ADMIN capability to trigger out-of-bounds read/write opera...

A use-after-free vulnerability in the Linux kernel's netfilter subsystem allows local attackers with user access to escalate privileges. The flaw occu...

A time-of-check to time-of-use (TOCTOU) vulnerability in the Linux kernel's io_uring subsystem allows a local user to escalate privileges to root. Thi...