Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Clustered Data Ontap Security Vulnerabilities - 2023

cve
cve

CVE-2023-23914

A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality fail when multiple URLs are requested serially. Using its HSTS support, curl can be instructed to use HTTPS instead of usingan insecure clear-text HTTP step even when HTTP ...

9.1CVSS

8.8AI Score

0.001EPSS

2023-02-23 08:15 PM
419
cve
cve

CVE-2023-23915

A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality to behave incorrectly when multiple URLs are requested in parallel. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP...

6.5CVSS

6.2AI Score

0.001EPSS

2023-02-23 08:15 PM
355
cve
cve

CVE-2023-23916

An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the "chained" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. The number of acceptable "links" in this "de...

6.5CVSS

6.7AI Score

0.002EPSS

2023-02-23 08:15 PM
416
cve
cve

CVE-2023-27314

ONTAP 9 versions prior to 9.8P19, 9.9.1P16, 9.10.1P12, 9.11.1P8,9.12.1P2 and 9.13.1 are susceptible to a vulnerability which could allowa remote unauthenticated attacker to cause a crash of the HTTP service.

7.5CVSS

7.5AI Score

0.001EPSS

2023-10-12 07:15 PM
39
cve
cve

CVE-2023-27533

A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform o...

8.8CVSS

8.8AI Score

0.002EPSS

2023-03-30 08:15 PM
146
cve
cve

CVE-2023-27537

A double free vulnerability exists in libcurl <8.0.0 when sharing HSTS data between separate "handles". This sharing was introduced without considerations for do this sharing across separate threads but there was no indication of this fact in the documentation. Due to missing mutexes or thread l...

5.9CVSS

5.7AI Score

0.001EPSS

2023-03-30 08:15 PM
91
cve
cve

CVE-2023-27538

An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent ...

5.5CVSS

7.1AI Score

0.0004EPSS

2023-03-30 08:15 PM
145
cve
cve

CVE-2023-28319

A use after free vulnerability exists in curl <v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. When this check fails, libcurl would free the memory for the fingerprint before it returns an error message containing the (now freed) hash. This f...

7.5CVSS

7.3AI Score

0.002EPSS

2023-05-26 09:15 PM
126
cve
cve

CVE-2023-28320

A denial of service vulnerability exists in curl <v8.1.0 in the way libcurl provides several different backends for resolving host names, selected at build time. If it is built to use the synchronous resolver, it allows name resolves to time-out slow operations using alarm() and siglongjmp(). Wh...

5.9CVSS

6.3AI Score

0.002EPSS

2023-05-26 09:15 PM
89
cve
cve

CVE-2023-28321

An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS lib...

5.9CVSS

6.2AI Score

0.002EPSS

2023-05-26 09:15 PM
175
cve
cve

CVE-2023-28322

An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (CURLOPT_READFUNCTION) to ask for data to send, even when the CURLOPT_POSTFIELDS option has been set, if the same handle previously wasused to issue a PUT ...

3.7CVSS

5.3AI Score

0.001EPSS

2023-05-26 09:15 PM
168
cve
cve

CVE-2023-2953

A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.

7.5CVSS

7.3AI Score

0.004EPSS

2023-05-30 10:15 PM
150
cve
cve

CVE-2023-3107

A set of carefully crafted ipv6 packets can trigger an integer overflow in the calculation of a fragment reassembled packet's payload length field. This allows an attacker to trigger a kernel panic, resulting in a denial of service.

7.5CVSS

7.3AI Score

0.001EPSS

2023-08-01 11:15 PM
37
cve
cve

CVE-2023-36054

lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_da...

6.5CVSS

6.5AI Score

0.004EPSS

2023-08-07 07:15 PM
335
cve
cve

CVE-2023-38403

iperf3 before 3.14 allows peers to cause an integer overflow and heap corruption via a crafted length field.

7.5CVSS

7.6AI Score

0.004EPSS

2023-07-17 09:15 PM
115