Lucene search
K
NetappOntap

24 matches found

CVE
CVE
added 2024/03/10 12:0 a.m.8333 views

CVE-2024-28757

The CVE-2024-28757 entry concerns libexpat up to version 2.6.1, where XML External Entity (XXE) processing can be triggered when isolated external parsers are used (XML_ExternalEntityParserCreate). The impact is denial of service or resource exhaustion (availability impact: HIGH) with CVSS v3.1 b...

7.5CVSS7.4AI score0.02006EPSS
CVE
CVE
added 2024/07/01 12:37 p.m.7753 views

CVE-2024-6387

CVE-2024-6387 is a remote code-execution vulnerability in OpenSSH’s server (sshd) caused by a race condition in a signal handler that may run after a client fails to authenticate within LoginGraceTime. The issue is exploitable by an unauthenticated, remote attacker on glibc-based Linux systems, p...

8.1CVSS8.5AI score0.99506EPSS
In wild
CVE
CVE
added 2024/04/04 7:19 p.m.4941 views

CVE-2023-38709

CVE-2023-38709 describes HTTP response splitting in the core of Apache HTTP Server caused by faulty input validation. It affects Apache HTTP Server up to version 2.4.58; multiple advisories (e.g., Astra Linux, AlmaLinux, Alpine Linux) note that upgrading to 2.4.64 fixes the issue. Some sources in...

7.3CVSS7.1AI score0.03914EPSS
CVE
CVE
added 2024/04/04 7:20 p.m.3871 views

CVE-2024-24795

CVE-2024-24795 (httpd) describes HTTP response splitting in multiple Apache HTTP Server modules when malicious response headers can be injected into backend applications, enabling HTTP desynchronization. The vulnerability is mitigated by upgrading to Apache HTTP Server 2.4.59, as indicated across...

6.3CVSS7AI score0.02874EPSS
CVE
CVE
added 2025/02/18 6:27 p.m.3731 views

CVE-2025-26465

The CVE-2025-26465 issue affects OpenSSH when VerifyHostKeyDNS is enabled. A remote attacker could perform a MITM impersonation by abusing error-code handling during host-key verification, with success contingent on exhausting the client’s memory resources. Affected context is OpenSSH implementat...

6.8CVSS6.7AI score0.06997EPSS
CVE
CVE
added 2024/07/01 6:10 p.m.3221 views

CVE-2024-36387

CVE-2024-36387 affects the Apache httpd mod_http2 component: when serving WebSocket protocol upgrades over HTTP/2, it can trigger a NULL pointer dereference and crash the server, degrading performance (DoS). Connected advisories indicate patches across distributions (e.g., Debian security update ...

5.4CVSS6.4AI score0.01715EPSS
CVE
CVE
added 2024/04/04 7:21 p.m.2681 views

CVE-2024-27316

CVE-2024-27316 affects the mod_http2 component used with Apache httpd; the issue occurs when HTTP/2 headers exceed the configured limit, causing nghttp2 to buffer headers and potentially leading to memory exhaustion if the client continues sending headers. Connected sources identify affected pack...

7.5CVSS7.2AI score0.91327EPSS
CVE
CVE
added 2025/03/30 5:57 a.m.1616 views

CVE-2025-1861

CVE-2025-1861 affects PHP across multiple branches (8.1.x up to 8.1.32, 8.2.x up to 8.2.28, 8.3.x up to 8.3.19, 8.4.x up to 8.4.5). Root cause: the HTTP redirect location is truncated due to a 1024-byte location buffer during redirect handling. Impact: redirects may resolve to an incorrect URL, p...

9.8CVSS6.3AI score0.00821EPSS
CVE
CVE
added 2025/03/30 5:49 a.m.1529 views

CVE-2025-1736

CVE-2025-1736 affects PHP 8.1.x before 8.1.32, 8.2.x before 8.2.28, 8.3.x before 8.3.19, and 8.4.x before 8.4.5. The issue is caused by insufficient validation of end-of-line characters in user-supplied headers, which may prevent certain headers from being sent or cause headers to be misinterpret...

7.3CVSS6.2AI score0.00531EPSS
CVE
CVE
added 2024/07/01 6:14 p.m.1013 views

CVE-2024-38473

The CVE-2024-38473 issue affects Apache HTTP Server (mod_proxy) in versions up to 2.4.59, where improper/encoded request URL handling can allow requests to reach backends and potentially bypass authentication. Public references and advisories state the vulnerability arises from encoding problems ...

8.1CVSS8.8AI score0.25878EPSS
CVE
CVE
added 2024/07/01 6:16 p.m.886 views

CVE-2024-39573

The CVE-2024-39573 entry corresponds to Apache HTTP Server mod_rewrite/mod_proxy SSRF-related risk and is confirmed by connected sources reporting the issue in Apache httpd 2.4.59 and earlier, with a fix in 2.4.60 (and later 2.4.61 in later advisories). Root cause: unsafe RewriteRules/Substitutio...

7.5CVSS8.5AI score0.35447EPSS
CVE
CVE
added 2024/07/01 6:12 p.m.861 views

CVE-2024-38472

CVE-2024-38472 : Apache HTTP Server on Windows is vulnerable to server-side request forgery (SSRF) that could leak NTLM hashes to a malicious server via crafted requests, due to improper validation of Windows UNC/UNC paths. The issue is addressed by upgrading to Apache HTTP Server 2.4.60 (as note...

7.5CVSS8.2AI score0.6795EPSS
CVE
CVE
added 2025/03/30 5:43 a.m.772 views

CVE-2025-1734

CVE-2025-1734 affects PHP’s HTTP stream wrapper header parsing: headers missing a colon are treated as valid, potentially letting applications accept invalid headers. Affected branches include PHP 8.1.x before 8.1.32, 8.2.x before 8.2.28, 8.3.x before 8.3.19, and 8.4.x before 8.4.5. Mitigations/u...

6.3CVSS6.2AI score0.00481EPSS
CVE
CVE
added 2024/02/13 2:4 p.m.706 views

CVE-2023-4408

The CVE-2023-4408 issue is a vulnerability in the DNS message parsing of BIND's named where the parsing path has an overly high computational complexity. A crafted large or malformed DNS message can cause high CPU usage on affected BIND 9 releases, potentially impacting both authoritative servers...

7.5CVSS7.5AI score0.01327EPSS
CVE
CVE
added 2024/12/11 7:34 a.m.489 views

CVE-2024-11053

CVE-2024-11053 affects curl. When both a .netrc credential file and HTTP redirects are used, curl could leak the password for the initial host to the redirected host if the netrc entry matches the redirect target and omits login/password. The issue is triggered under specific netrc/redirect condi...

3.4CVSS7AI score0.01378EPSS
CVE
CVE
added 2024/03/27 7:54 a.m.375 views

CVE-2024-2004

CVE-2024-2004 affects curl/libcurl: a logic error in protocol selection fails to remove all explicitly disabled protocols, leaving the default protocol set active. This could allow using a disabled protocol in certain requests (e.g., curl --proto -all,-http). Concrete details appear across multip...

3.5CVSS6AI score0.01681EPSS
CVE
CVE
added 2024/11/22 6:3 a.m.366 views

CVE-2024-8932

CVE-2024-8932 affects PHP 8.1.x up to 8.1.31, PHP 8.2.x up to 8.2.26, and PHP 8.3.x up to 8.3.14. The issue arises from unchecked, very long inputs to ldap_escape() on 32‑bit systems, causing an integer overflow and an out‑of‑bounds write. Impact is information disclosure/DoS potential as describ...

9.8CVSS9.4AI score0.01284EPSS
CVE
CVE
added 2025/02/05 9:15 a.m.364 views

CVE-2025-0167

The CVE-2025-0167 issue affects curl (libcurl) and arises when both using a .netrc for credentials and following HTTP redirects. The root cause, as described across connected documents, is that the netrc entry can omit login and password (or a default entry omits both), which may allow the passwo...

3.4CVSS7AI score0.00663EPSS
CVE
CVE
added 2025/02/18 12:0 a.m.342 views

CVE-2024-56171

CVE-2024-56171 affects libxml2 up to 2.12.9 and 2.13.x up to 2.13.5. It is a use-after-free in the functions xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables (in xmlschemas.c). To exploit, a crafted XML document must be validated against an XML schema with certain identity constraints,...

9.8CVSS7.2AI score0.0113EPSS
CVE
CVE
added 2025/02/18 12:0 a.m.288 views

CVE-2025-24928

CVE-2025-24928 affects libxml2 (versions before 2.12.10 and 2.13.x before 2.13.6) with a stack-based buffer overflow in xmlSnprintfElements (valid.c) that requires DTD validation for exploitation. Remediation per connected docs: upgrade libxml2 to 2.12.10+ or 2.13.6+ (e.g., via libxml2 update) an...

7.8CVSS7.5AI score0.00375EPSS
CVE
CVE
added 2023/03/30 12:0 a.m.276 views

CVE-2023-27536

CVE-2023-27536 affects libcurl

5.9CVSS7AI score0.01566EPSS
CVE
CVE
added 2023/12/15 10:59 p.m.52 views

CVE-2023-27317

CVE-2023-27317 affects NetApp ONTAP 9.12.1P8, 9.13.1P4 and 9.13.1P5. The issue causes SAS-attached FIPS 140-2 drives to become unlocked after a reboot/power cycle or after reinsertion, enabling potential disclosure of sensitive information to an attacker with physical access. The documents do not...

4.6CVSS4.4AI score0.00396EPSS
CVE
CVE
added 2026/01/12 5:15 p.m.35 views

CVE-2026-22050

CVE-2026-22050 affects NetApp ONTAP 9.16.1 (before 9.16.1P9) and 9.17.1 (before 9.17.1P2) when snapshot locking is enabled. A privileged remote attacker could set the snapshot expiry time to none. This is supported by multiple connected documents (ONTAP advisory NTAP-20260112-0001 and Nessus/PT-S...

6.9CVSS6.4AI score0.00188EPSS
CVE
CVE
added 2026/03/04 11:22 p.m.30 views

CVE-2026-22052

ONTAP 9.12.1+ with S3 NAS buckets is vulnerable to information disclosure. An authenticated attacker could view directory listings they lack permission for. Base CVSS 4.0/5.3 MEDIUM severity (PR:L, UI:N, VC:L). See NTAP advisory NTAP-20260304-0001 for details; exploitation status is not provided ...

5.3CVSS5.9AI score0.00192EPSS