Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
NetappOntap

16 matches found

CVE
CVEadded 2024/03/10 5:15 a.m.8282 views

CVE-2024-28757

libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).

7.5CVSS7.4AI score0.00487EPSS
CVE
CVEadded 2024/04/04 8:15 p.m.4703 views

CVE-2023-38709

Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58.

7.3CVSS7.1AI score0.03698EPSS
CVE
CVEadded 2024/04/04 8:15 p.m.3711 views

CVE-2024-24795

HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack. Users are recommended to upgrade to version 2.4.59, which fixes this issue.

6.3CVSS7AI score0.01253EPSS
CVE
CVEadded 2024/07/01 7:15 p.m.3058 views

CVE-2024-36387

Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance.

5.4CVSS6.4AI score0.01226EPSS
CVE
CVEadded 2024/04/04 8:15 p.m.2461 views

CVE-2024-27316

HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion.

7.5CVSS7.2AI score0.89857EPSS
CVE
CVEadded 2025/02/18 7:15 p.m.2320 views

CVE-2025-26465

A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For ...

6.8CVSS6.7AI score0.52936EPSS
CVE
CVEadded 2025/03/30 6:15 a.m.1168 views

CVE-2025-1861

In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when parsing HTTP redirect in the response to an HTTP request, there is currently limit on the location value size caused by limited size of the location buffer to 1024. However as per RFC9...

9.8CVSS6.3AI score0.00086EPSS
CVE
CVEadded 2025/03/30 6:15 a.m.1094 views

CVE-2025-1736

In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when user-supplied headers are sent, the insufficient validation of the end-of-line characters may prevent certain headers from being sent or lead to certain headers be misinterpreted.

7.3CVSS6.2AI score0.00147EPSS
CVE
CVEadded 2024/07/01 7:15 p.m.730 views

CVE-2024-38473

Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests.Users are recommended to upgrade to version 2.4.60, which fixes this issue.

8.1CVSS8.8AI score0.81196EPSS
CVE
CVEadded 2024/07/01 7:15 p.m.709 views

CVE-2024-39573

Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to be handled by mod_proxy.Users are recommended to upgrade to version 2.4.60, which fixes this issue.

7.5CVSS8.5AI score0.00442EPSS
CVE
CVEadded 2024/07/01 7:15 p.m.657 views

CVE-2024-38472

SSRF in Apache HTTP Server on Windows allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or contentUsers are recommended to upgrade to version 2.4.60 which fixes this issue. Note: Existing configurations that access UNC paths will have to configure new dire...

7.5CVSS8.2AI score0.81852EPSS
CVE
CVEadded 2024/02/13 2:15 p.m.471 views

CVE-2023-4408

The DNS message parsing code in named includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queries and responses may cause excessive CPU load on the affected named instance by exploiting this flaw. This issue affects both ...

7.5CVSS7.5AI score0.00224EPSS
CVE
CVEadded 2025/03/30 6:15 a.m.375 views

CVE-2025-1734

In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when receiving headers from HTTP server, the headers missing a colon (:) are treated as valid headers even though they are not. This may confuse applications into accepting invalid headers.

6.3CVSS6.2AI score0.00114EPSS
CVE
CVEadded 2024/11/22 6:15 a.m.237 views

CVE-2024-8932

In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape() function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write.

9.8CVSS9.4AI score0.00199EPSS
CVE
CVEadded 2023/03/30 8:15 p.m.230 views

CVE-2023-27536

An authentication bypass vulnerability exists libcurl

5.9CVSS7AI score0.00007EPSS
CVE
CVEadded 2023/12/15 11:15 p.m.33 views

CVE-2023-27317

ONTAP 9 versions 9.12.1P8, 9.13.1P4, and 9.13.1P5 are susceptible to avulnerability which will cause all SAS-attached FIPS 140-2 drives tobecome unlocked after a system reboot or power cycle or a singleSAS-attached FIPS 140-2 drive to become unlocked after reinsertion. Thiscould lead to disclosure ...

4.6CVSS4.4AI score0.00337EPSS