Ontap@9 Security Vulnerabilities and Issues — Ontap@9 CVE List

Lucene search

NetappOntap9

11 matches found

CVE•added 2024/03/10 5:15 a.m.•8295 views

CVE-2024-28757

libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).

7.5CVSS7.4AI score0.00474EPSS

CVE•added 2024/04/04 8:15 p.m.•4755 views

CVE-2023-38709

Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58.

7.3CVSS7.1AI score0.05161EPSS

CVE•added 2024/04/04 8:15 p.m.•3739 views

CVE-2024-24795

HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack. Users are recommended to upgrade to version 2.4.59, which fixes this issue.

6.3CVSS7AI score0.01914EPSS

CVE•added 2024/07/01 7:15 p.m.•3111 views

CVE-2024-36387

Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance.

5.4CVSS6.4AI score0.00108EPSS

CVE•added 2024/04/04 8:15 p.m.•2496 views

CVE-2024-27316

HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion.

7.5CVSS7.2AI score0.87121EPSS

CVE•added 2024/07/01 7:15 p.m.•800 views

CVE-2024-38473

Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests.Users are recommended to upgrade to version 2.4.60, which fixes this issue.

8.1CVSS8.8AI score0.85806EPSS

CVE•added 2024/07/01 7:15 p.m.•769 views

CVE-2024-39573

Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to be handled by mod_proxy.Users are recommended to upgrade to version 2.4.60, which fixes this issue.

7.5CVSS8.5AI score0.01025EPSS

CVE•added 2024/07/01 7:15 p.m.•715 views

CVE-2024-38472

SSRF in Apache HTTP Server on Windows allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or contentUsers are recommended to upgrade to version 2.4.60 which fixes this issue. Note: Existing configurations that access UNC paths will have to configure new dire...

7.5CVSS8.2AI score0.89465EPSS

CVE•added 2024/12/11 8:15 a.m.•355 views

CVE-2024-11053

When asked to both use a .netrc file for credentials and to follow HTTPredirects, curl could leak the password used for the first host to thefollowed-to host under certain circumstances. This flaw only manifests itself if the netrc file has an entry that matchesthe redirect target hostname but the ...

3.4CVSS7AI score0.00361EPSS

CVE•added 2024/03/27 8:15 a.m.•311 views

CVE-2024-2004

When a protocol selection parameter option disables all protocols without adding any then the default set of protocols would remain in the allowed set due to an error in the logic for removing protocols. The below command would perform a request to curl.se with a plaintext protocol which has been e...

3.5CVSS6AI score0.0091EPSS

CVE•added 2024/11/22 6:15 a.m.•296 views

CVE-2024-8932

In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape() function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write.

9.8CVSS9.4AI score0.00368EPSS