Netapp: >> Clustered Data Ontap Security Vulnerabilities
null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request.
Users are recommended to upgrade to version 2.4.60, which fixes this issue.
CVSS Score
7.5
EPSS Score
0.01
Published
2024-07-01
Substitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in
directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to be executed as CGI.
Users are recommended to upgrade to version 2.4.60, which fixes this issue.
Some RewriteRules that capture and substitute unsafely will now fail unless rewrite flag "UnsafeAllow3F" is specified.
CVSS Score
9.8
EPSS Score
0.004
Published
2024-07-01
Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable.
Users are recommended to upgrade to version 2.4.60, which fixes this issue.
CVSS Score
9.8
EPSS Score
0.007
Published
2024-07-01
ONTAP 9 versions prior to 9.9.1P18, 9.10.1P16, 9.11.1P13, 9.12.1P10
and 9.13.1P4 are susceptible to a vulnerability which could allow an
authenticated user with multiple remote accounts with differing roles to
perform actions via REST API beyond their intended privilege. Possible
actions include viewing limited configuration details and metrics or
modifying limited settings, some of which could result in a Denial of
Service (DoS).
CVSS Score
7.6
EPSS Score
0.001
Published
2024-01-26
ONTAP versions 9.4 and higher are susceptible to a vulnerability
which when successfully exploited could lead to disclosure of sensitive
information to unprivileged attackers when the object-store profiler
command is being run by an administrative user.
CVSS Score
4.8
EPSS Score
0.002
Published
2024-01-12
ONTAP 9 versions prior to 9.8P19, 9.9.1P16, 9.10.1P12, 9.11.1P8,
9.12.1P2 and 9.13.1 are susceptible to a vulnerability which could allow
a remote unauthenticated attacker to cause a crash of the HTTP service.
CVSS Score
7.5
EPSS Score
0.006
Published
2023-10-12
lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.
CVSS Score
6.5
EPSS Score
0.007
Published
2023-08-07
A set of carefully crafted ipv6 packets can trigger an integer overflow in the calculation of a fragment reassembled packet's payload length field. This allows an attacker to trigger a kernel panic, resulting in a denial of service.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-08-01
iperf3 before 3.14 allows peers to cause an integer overflow and heap corruption via a crafted length field.
CVSS Score
7.5
EPSS Score
0.011
Published
2023-07-17
A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.
CVSS Score
7.5
EPSS Score
0.011
Published
2023-05-30
Page 1