Lucene search
+L
NetappClustered Data Ontap

187 matches found

cve
cve
added 2022/06/08 10:0 a.m.19077 views

CVE-2022-31813

CVE-2022-31813 affects Apache HTTP Server 2.4.53 and older; due to hop-by-hop handling, X-Forwarded-* headers may be dropped to the origin server, which can enable bypass of IP-based authentication. All connected advisories indicate the fix is in Apache HTTP Server 2.4.54 and related updates in d...

9.8CVSS9.4AI score0.0314EPSS
cve
cve
added 2021/09/26 12:0 a.m.17263 views

CVE-2021-41617

CVE-2021-41617 affects OpenSSH sshd (versions 6.2–8.x prior to 8.8) where certain non-default configurations allow local privilege escalation because supplemental groups are not initialized as expected when AuthorizedKeysCommand/AuthorizedPrincipalsCommand run under a different user. This can cau...

7CVSS7.5AI score0.02367EPSS
cve
cve
added 2020/08/07 3:27 p.m.11993 views

CVE-2020-11984

CVE-2020-11984 affects Apache HTTP Server mod_proxy_uwsgi. Based on the provided documents, it is a vulnerability in httpd’s uwsgi handling that can lead to information disclosure and potentially remote code execution. The vulnerability was reported for Apache HTTP Server versions around 2.4.32 t...

9.8CVSS9.3AI score0.90039EPSS
In wild
cve
cve
added 2017/10/26 12:0 a.m.10791 views

CVE-2017-15906

OpenSSH OpenSSH sftp-server.c contains a write-blocking flaw in readonly mode that can let an attacker create zero-length files. Specifically, the process_open function in sftp-server.c mishandles write operations when in read-only mode, affecting OpenSSH versions prior to 7.6. The vulnerability ...

5.3CVSS5.5AI score0.03359EPSS
cve
cve
added 2024/07/01 6:15 p.m.9522 views

CVE-2024-38476

CVE-2024-38476 concerns Apache HTTP Server 2.4.59 and earlier where backend applications emitting malicious or exploitable response headers can lead to information disclosure, SSRF, or local script execution via internal redirects. The connected advisories confirm the issue affects httpd/core beh...

9.8CVSS6.2AI score0.41611EPSS
cve
cve
added 2021/09/15 7:32 p.m.7877 views

CVE-2016-20012

CVE-2016-20012 : OpenSSH up to 8.7 may leak information by testing whether a given username/public key combination is known to the SSH server, since a challenge is sent only if that combo could be valid for a login. This could enable user enumeration. The IBM bulletin notes the vendor does not re...

5.3CVSS5.4AI score0.05326EPSS
cve
cve
added 2017/06/20 1:0 a.m.7633 views

CVE-2017-3167

CVE-2017-3167 affects Apache httpd 2.2.x prior to 2.2.33 and 2.4.x prior to 2.4.26. The issue is that third‑party modules using ap_get_basic_auth_pw() outside the authentication phase can bypass authentication requirements. Connected sources confirm the impact and upstream fixes: update to httpd ...

9.8CVSS9.6AI score0.20231EPSS
cve
cve
added 2018/03/26 3:0 p.m.7391 views

CVE-2018-1312

CVE-2018-1312 affects Apache httpd 2.2.0–2.4.29 where nonce generation for HTTP Digest authentication was not seeded with a proper pseudo-random seed. This allowed replay across servers in a common Digest configuration. Public advisories (CentOS, Debian, Arch Linux, ALT Linux) fix confirmed in ve...

9.8CVSS7.5AI score0.15885EPSS
cve
cve
added 2021/09/16 2:40 p.m.6655 views

CVE-2021-39275

CVE-2021-39275 affects Apache HTTP Server (httpd) up to 2.4.48 and earlier. The issue is an out-of-bounds write in ap_escape_quotes() when given malicious input, potentially crashing the server or enabling code execution in some environments. Several connected sources concur this vulnerability ex...

9.8CVSS9.3AI score0.36339EPSS
cve
cve
added 2017/06/20 1:0 a.m.6052 views

CVE-2017-7668

CVE-2017-7668: Apache httpd contains a buffer over-read in ap_find_token() caused by strict HTTP parsing changes in 2.2.32 and 2.4.24. A remote attacker can craft headers to crash the httpd process or have ap_find_token() return an incorrect value. Affected distributions have addressed this by up...

7.5CVSS8.4AI score0.57472EPSS
cve
cve
added 2018/08/17 12:0 a.m.5769 views

CVE-2018-15473

OpenSSH vulnerability CVE-2018-15473 affects OpenSSH up to version 7.7, where the server may enumerate valid usernames by returning different responses for invalid authentication attempts due to not delaying bailout until after the request packet is parsed (auth2-gss.c, auth2-hostbased.c, auth2-p...

5.9CVSS5.8AI score0.98631EPSS
cve
cve
added 2019/08/13 8:50 p.m.5317 views

CVE-2019-9517

CVE-2019-9517 describes an attack against some HTTP/2 implementations where unconstrained internal data buffering can cause a denial of service. The vulnerability arises when an attacker floods a connection with a large number of requests for a large response object while manipulating HTTP/2 flow...

7.8CVSS7.7AI score0.27004EPSS
cve
cve
added 2018/03/26 3:0 p.m.4819 views

CVE-2017-15715

CVE-2017-15715 affects Apache HTTP Server 2.4.0–2.4.29. The issue: the expression could treat a trailing '$' as a newline in a malicious filename, bypassing filename-end checks and potentially allowing uploads that would otherwise be blocked. Documents consistently describe this as a bypass vuln...

8.1CVSS7.2AI score0.86006EPSS
In wild
cve
cve
added 2021/09/16 2:40 p.m.4729 views

CVE-2021-40438

CVE-2021-40438 is an SSRF flaw in Apache HTTP Server 2.4.x through older revisions where a crafted request URI path can cause mod_proxy to forward the request to an origin server chosen by the remote user. The issue affects Apache httpd 2.4.48 and earlier; the CVSSv3.1 base score is 9.0 (CRITICAL...

9CVSS9.5AI score0.99999EPSS
In wild
cve
cve
added 2018/01/21 10:0 p.m.4218 views

CVE-2016-10708

OpenSSH sshd before 7.4 is vulnerable to a denial of service caused by a NULL pointer dereference when processing an out-of-sequence NEWKEYS message (kex.c/packet.c). This affects the OpenSSH server; exploitation leads to daemon crash as demonstrated by Honggfuzz. Affected products include OpenSS...

7.5CVSS5.9AI score0.15716EPSS
cve
cve
added 2022/06/08 10:0 a.m.3627 views

CVE-2022-28615

CVE-2022-28615 affects Apache HTTP Server 2.4.53 and earlier, where a read beyond bounds can occur in ap_strcmp_match() when given a very large input buffer. The issue may affect third‑party modules or lua scripts that call this function. Advisories in connected documents reference an official fi...

9.1CVSS9AI score0.05729EPSS
cve
cve
added 2018/03/26 3:0 p.m.3578 views

CVE-2018-1283

In Apache httpd (mod_session) versions 2.4.0–2.4.29, when SessionEnv forwarding is enabled to CGI applications, a remote attacker can influence their content by sending a crafted Session header. This arises from mod_session forwarding data using the HTTP_SESSION variable name, which overlaps with...

5.3CVSS7AI score0.10118EPSS
cve
cve
added 2019/04/08 8:11 p.m.3448 views

CVE-2019-0217

This CVE affects Apache HTTP Server 2.4.x up to 2.4.38, where a race condition in mod_auth_digest could allow an authenticated user to act as another user and bypass access control. The issue is tied to running in threaded MPMs; the underlying cause is a race condition in authentication handling....

7.5CVSS7.5AI score0.17666EPSS
cve
cve
added 2019/09/26 2:7 p.m.3429 views

CVE-2019-10092

The CVE-2019-10092 entry concerns Apache HTTP Server 2.4.0–2.4.39 with a limited cross-site scripting in the mod_proxy error page. The vulnerability lets an attacker craft a link on the error page that could mislead users by pointing to a page of the attacker’s choosing, but exploitation requires...

6.1CVSS7.3AI score0.81466EPSS
cve
cve
added 2020/08/07 3:32 p.m.3082 views

CVE-2020-11993

CVE-2020-11993 affects Apache HTTP Server 2.4.20–2.4.43: when trace/debug is enabled for the HTTP/2 module and certain traffic patterns, logging can be performed on the wrong connection, leading to concurrent use of memory pools. Mitigation in public advisories: set LogLevel for mod_http2 above i...

7.5CVSS8.6AI score0.58716EPSS
In wild
cve
cve
added 2024/07/01 6:14 p.m.3037 views

CVE-2024-38474

CVE-2024-38474 affects Apache HTTP Server’s mod_rewrite: substitutions that capture and substitute unsafely can be mis-encoded, enabling unintended access paths. The issue is fixed by upgrading to Apache HTTP Server 2.4.60 (and related advisories note versions 2.4.61+ as subsequent fixes). Connec...

9.8CVSS9.8AI score0.02456EPSS
cve
cve
added 2018/03/26 3:0 p.m.3002 views

CVE-2017-15710

The CVE-2017-15710 issue affects Apache httpd when mod_authnz_ldap is used with AuthLDAPCharsetConfig. A crafted Accept-Language header is looked up in a charset table; if not present, it is truncated to two characters, and values shorter than two characters trigger an out-of-bounds write of a NU...

7.5CVSS7.5AI score0.18197EPSS
cve
cve
added 2017/07/27 9:0 p.m.2284 views

CVE-2016-8743

The CVE-2016-8743 issue affects Apache HTTP Server. It concerns how whitespace is accepted in requests and sent in response lines and headers in all releases before 2.2.32 and 2.4.25. The root problem is liberal whitespace handling, which can enable request smuggling, response splitting, and cach...

7.5CVSS7.7AI score0.13252EPSS
cve
cve
added 2022/06/08 10:0 a.m.2166 views

CVE-2022-30556

The CVE-2022-30556 issue affects Apache HTTP Server (2.4.53 and earlier) where the wsread path may return a pointer past the end of the buffer, enabling information disclosure via websockets. Public references in connected sources corroborate: (1) industry advisories note an information disclosur...

7.5CVSS8.8AI score0.04687EPSS
cve
cve
added 2021/09/16 2:40 p.m.2030 views

CVE-2021-34798

CVE-2021-34798 is a vulnerability in Apache HTTP Server where malformed requests may cause a NULL pointer dereference in the httpd core. The issue affects Apache HTTP Server 2.4.48 and earlier, and the resulting crash can lead to a Denial of Service. Multiple connected advisories confirm the same...

7.5CVSS8.8AI score0.64509EPSS
cve
cve
added 2022/06/08 10:0 a.m.1844 views

CVE-2022-26377

CVE-2022-26377 is a real HTTP Request Smuggling vulnerability in the mod_proxy_ajp module of Apache HTTP Server. Affected: Apache httpd 2.4.53 and earlier. Description across sources confirms that an attacker can smuggle requests to the AJP server to which httpd forwards traffic. Patches/updates ...

7.5CVSS8.9AI score0.19008EPSS
cve
cve
added 2022/06/08 10:0 a.m.1700 views

CVE-2022-28614

CVE-2022-28614 affects Apache HTTP Server 2.4.53 and earlier. The vulnerability stems from ap_rwrite() potentially reading unintended memory when reflecting very large input via ap_rwrite() or ap_rputs(), notably with mod_luas r:puts(). Modules compiled against older headers that use ap_rputs may...

5.3CVSS7.5AI score0.04428EPSS
cve
cve
added 2020/10/02 2:14 p.m.1685 views

CVE-2020-7069

CVE-2020-7069 affects PHP AES-CCM encryption: when using openssl_encrypt() with a 12-byte IV, only the first 7 bytes are used in versions 7.2.x < 7.2.34, 7.3.x < 7.3.23, and 7.4.x

6.5CVSS6.2AI score0.02055EPSS
cve
cve
added 2022/06/08 10:0 a.m.1681 views

CVE-2022-29404

CVE-2022-29404 affects Apache HTTP Server 2.4.53 and earlier. The vulnerability lies in the mod_lua code path: a malicious request to a Lua script calling r:parsebody(0) can cause a denial of service due to no default input size limit. Impact is DoS (availability) with network exposure; no data c...

7.5CVSS8.5AI score0.05678EPSS
cve
cve
added 2021/10/25 5:40 a.m.1593 views

CVE-2021-21703

CVE-2021-21703 affects PHP with PHP-FPM: when main FPM daemon runs as root and workers run as lower-privilege users, a child process can access shared memory and modify it, enabling root-level privilege escalation. Affected ranges: PHP 7.3.x up to 7.3.31, 7.4.x below 7.4.25, and 8.0.x below 8.0.1...

7.8CVSS7.2AI score0.01337EPSS
cve
cve
added 2021/09/16 2:40 p.m.1525 views

CVE-2021-36160

CVE-2021-36160 affects Apache HTTP Server mod_proxy_uwsgi. A crafted request URI-path can cause mod_proxy_uwsgi to read beyond allocated memory, triggering a DoS. The issue is reported for Apache httpd versions 2.4.30–2.4.48. Public sources in connected documents corroborate the impact as an out-...

7.5CVSS8.5AI score0.62887EPSS
In wild
cve
cve
added 2021/11/29 6:25 a.m.1462 views

CVE-2021-21707

CVE-2021-21707 affects PHP 7.3.x < 7.3.33, 7.4.x < 7.4.26, and 8.0.x

5.3CVSS6.9AI score0.25951EPSS
cve
cve
added 2022/03/15 5:5 p.m.1361 views

CVE-2022-0778

CVE-2022-0778 describes an infinite loop in BN_mod_sqrt() when parsing certain ASN.1 elliptic-curve parameters, enabling DoS during certificate or key processing. Affected OpenSSL versions include 1.0.2, 1.1.1, and 3.0 (specific ranges: 1.0.2 (1.0.2–1.0.2zc), 1.1.1 (1.1.1–1.1.1m), 3.0 (3.0.0–3.0....

7.5CVSS7.8AI score0.70561EPSS
In wildWeb
cve
cve
added 2022/05/03 3:15 p.m.1287 views

CVE-2022-1292

CVE-2022-1292 describes a command-injection risk in the OpenSSL c_rehash script due to improper sanitization of shell metacharacters. The issue can allow local attackers to run arbitrary commands with the script’s privileges on systems where c_rehash runs automatically. Fixes are published in Ope...

10CVSS9AI score0.83223EPSS
Web
cve
cve
added 2020/10/02 2:14 p.m.1285 views

CVE-2020-7070

CVE-2020-7070 affects PHP 7.2.x < 7.2.34, 7.3.x < 7.3.23 and 7.4.x

5.3CVSS6.5AI score0.05029EPSS
cve
cve
added 2024/07/01 6:16 p.m.1248 views

CVE-2024-38477

CVE-2024-38477 affects Apache HTTP Server 2.4.59 and earlier. The issue is a null pointer dereference in mod_proxy triggered by a malicious request, which can crash the server (Denial of Service). The published remediation is to upgrade to Apache HTTP Server 2.4.60, which fixes the issue. The CVE...

7.5CVSS8.7AI score0.03153EPSS
cve
cve
added 2022/11/01 12:0 a.m.1239 views

CVE-2022-3602

OpenSSL CVE-2022-3602 is a stack-based buffer overrun in X.509 name-contraint verification that can crash a TLS client/server or, potentially, allow RCE. The issue is triggered by crafting an email address and affects OpenSSL 3.0.x (3.0.0–3.0.6). Mitigation is upgrading to OpenSSL 3.0.7 or later ...

7.5CVSS8.2AI score0.9077EPSS
cve
cve
added 2018/03/26 3:0 p.m.1183 views

CVE-2018-1301

CVE-2018-1301 affects the Apache HTTP Server (httpd) prior to 2.4.30, caused by an out-of-bounds access after a size limit is reached when reading the HTTP header. Impact described as a crash (low risk for normal usage). Affected component is httpd’s HTTP header parsing; root cause is an out-of-b...

5.9CVSS7.5AI score0.15564EPSS
cve
cve
added 2018/03/26 3:0 p.m.1175 views

CVE-2018-1303

CVE-2018-1303: An out-of-bounds read in mod_cache_socache could crash the Apache HTTP Server prior to 2.4.30, enabling a DoS against users of httpd. The issue is discussed across multiple advisories (Debian/ALT Linux/Arch Linux security notes and CentOS RH advisories) and is attributed to imprope...

7.5CVSS7.3AI score0.70783EPSS
cve
cve
added 2018/03/26 3:0 p.m.1073 views

CVE-2018-1302

Apache HTTP Server (httpd) before 2.4.30 may write a NULL pointer to freed memory when an HTTP/2 stream is destroyed after handling. This is described as low risk and hard to trigger in standard configurations, with no reproducibility outside debug builds. Affected releases include older 2.4.x li...

5.9CVSS6.4AI score0.13436EPSS
cve
cve
added 2021/02/15 4:10 a.m.1073 views

CVE-2020-7071

CVE-2020-7071 affects PHP: the FILTER_VALIDATE_URL path could treat a URL with invalid userinfo (username:password) as valid. Affected: PHP 7.3.x < 7.3.26, 7.4.x

5.3CVSS6.5AI score0.02983EPSS
cve
cve
added 2022/12/05 12:0 a.m.1043 views

CVE-2022-32221

CVE-2022-32221 concerns curl/libcurl where the read callback (CURLOPT_READFUNCTION) may be used for POST data even after a PUT if the same handle was used for a PUT with that callback. This can cause sending the wrong data or memory errors on a subsequent POST. Connected advisories note this affe...

9.8CVSS8.6AI score0.04325EPSS
cve
cve
added 2022/06/08 10:0 a.m.928 views

CVE-2022-30522

CVE-2022-30522 affects Apache HTTP Server mod_sed; when input to mod_sed is very large, it can cause excessive memory allocations and aborts, impacting availability. The issue is documented across multiple feeds (e.g., CVE page for 2.4.53 context and later advisories) and is addressed by updating...

7.5CVSS8.7AI score0.90407EPSS
cve
cve
added 2021/02/15 4:10 a.m.898 views

CVE-2021-21702

In PHP, the SOAP extension is vulnerable to a null-pointer dereference when a SOAP server returns malformed XML, potentially crashing the interpreter. Affected versions are PHP 7.3.x < 7.3.27, 7.4.x < 7.4.15, and 8.0.x

7.5CVSS6.3AI score0.03179EPSS
cve
cve
added 2021/10/04 4:0 a.m.849 views

CVE-2021-21705

CVE-2021-21705 describes an SSRF bypass in PHP’s URL validation via filter_var(..., FILTER_VALIDATE_URL). Affected are PHP versions: 7.3.x below 7.3.29, 7.4.x below 7.4.21, and 8.0.x below 8.0.8. The issue allows a URL with an invalid password field to be accepted as valid, potentially causing in...

5.3CVSS6.1AI score0.01945EPSS
cve
cve
added 2021/08/24 2:50 p.m.766 views

CVE-2021-3711

CVE-2021-3711 involves a bug in OpenSSL SM2 decryption: the buffer-size calculation during EVP_PKEY_decrypt() first call can under-allocate, enabling a later second call with a too-small buffer and causing a buffer overflow (up to 62 bytes). The issue affects OpenSSL 1.1.1 up to 1.1.1k and is fix...

9.8CVSS9.9AI score0.87816EPSS
cve
cve
added 2021/08/24 2:50 p.m.713 views

CVE-2021-3712

The CVE-2021-3712 issue affects OpenSSL where ASN1_STRING data may not be NUL-terminated if constructed directly (or via ASN1_STRING_set0), causing read-buffer overreads when many OpenSSL print/name-constraining paths handle such ASN.1 strings. Exploitation could crash the application (DoS) or di...

7.4CVSS8AI score0.50445EPSS
cve
cve
added 2020/04/17 3:31 a.m.689 views

CVE-2020-11868

NTOP vulnerability CVE-2020-11868 affects ntp in ntp (before 4.2.8p14 and 4.3.x before 4.3.100). An off-path attacker can block unauthenticated synchronization by sending a server-mode packet with a spoofed source IP, because transmissions can be rescheduled even when the origin timestamp is inva...

7.5CVSS7.3AI score0.02081EPSS
cve
cve
added 2021/10/04 4:0 a.m.656 views

CVE-2021-21704

CVE-2021-21704 involves PHP’s Firebird PDO driver extension. When using affected PHP versions, a malicious server can cause crashes in database functions (e.g., getAttribute(), execute(), fetch()) by returning invalid response data not parsed correctly by the driver, leading to crashes, denial of...

5.9CVSS5.6AI score0.01724EPSS
cve
cve
added 2020/01/21 10:54 p.m.625 views

CVE-2020-7595

CVE-2020-7595 affects libxml2, specifically the xmlStringLenDecodeEntities function in parser.c of version 2.9.10, which can enter an infinite loop in certain end-of-file situations. Several connected advisories (e.g., ASA-202011-15) corroborate the issue and describe the impact as potential deni...

7.5CVSS7.6AI score0.07627EPSS
Total number of security vulnerabilities187