Ontap Security Vulnerabilities and Issues — Ontap CVE List

Lucene search

NetappOntap

10 matches found

CVE•added 2024/03/10 5:15 a.m.•8282 views

CVE-2024-28757

libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).

7.5CVSS7.4AI score0.00487EPSS

CVE•added 2024/04/04 8:15 p.m.•4703 views

CVE-2023-38709

Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58.

7.3CVSS7.1AI score0.03698EPSS

CVE•added 2024/04/04 8:15 p.m.•3711 views

CVE-2024-24795

HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack. Users are recommended to upgrade to version 2.4.59, which fixes this issue.

6.3CVSS7AI score0.01253EPSS

CVE•added 2024/07/01 7:15 p.m.•3058 views

CVE-2024-36387

Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance.

5.4CVSS6.4AI score0.01226EPSS

CVE•added 2024/04/04 8:15 p.m.•2461 views

CVE-2024-27316

HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion.

7.5CVSS7.2AI score0.89857EPSS

CVE•added 2024/07/01 7:15 p.m.•730 views

CVE-2024-38473

Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests.Users are recommended to upgrade to version 2.4.60, which fixes this issue.

8.1CVSS8.8AI score0.81196EPSS

CVE•added 2024/07/01 7:15 p.m.•709 views

CVE-2024-39573

Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to be handled by mod_proxy.Users are recommended to upgrade to version 2.4.60, which fixes this issue.

7.5CVSS8.5AI score0.00442EPSS

CVE•added 2024/07/01 7:15 p.m.•657 views

CVE-2024-38472

SSRF in Apache HTTP Server on Windows allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or contentUsers are recommended to upgrade to version 2.4.60 which fixes this issue. Note: Existing configurations that access UNC paths will have to configure new dire...

7.5CVSS8.2AI score0.81852EPSS

CVE•added 2024/02/13 2:15 p.m.•471 views

CVE-2023-4408

The DNS message parsing code in named includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queries and responses may cause excessive CPU load on the affected named instance by exploiting this flaw. This issue affects both ...

7.5CVSS7.5AI score0.00224EPSS

CVE•added 2024/11/22 6:15 a.m.•237 views

CVE-2024-8932

In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape() function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write.

9.8CVSS9.4AI score0.00199EPSS