Netapp

Ontap

20 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2024-36387

  • EPSS 0.13%
  • Published 01.07.2024 19:15:03
  • Last modified 10.07.2025 22:13:43

Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance.

8.1

CVE-2024-6387

Media report Exploit
  • EPSS 38.58%
  • Published 01.07.2024 13:15:06
  • Last modified 30.09.2025 13:52:23

A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to aut...

7.5

CVE-2024-27316

  • EPSS 88.86%
  • Published 04.04.2024 20:15:08
  • Last modified 21.11.2024 09:04:18

HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion.

6.3

CVE-2024-24795

  • EPSS 1.22%
  • Published 04.04.2024 20:15:08
  • Last modified 30.06.2025 12:55:47

HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack. Users are recommended to upgrade to version 2.4.59, ...

7.3

CVE-2023-38709

  • EPSS 5.8%
  • Published 04.04.2024 20:15:08
  • Last modified 30.06.2025 12:59:08

Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58.

3.5

CVE-2024-2004

Exploit
  • EPSS 0.91%
  • Published 27.03.2024 08:15:41
  • Last modified 30.07.2025 19:42:14

When a protocol selection parameter option disables all protocols without adding any then the default set of protocols would remain in the allowed set due to an error in the logic for removing protocols. The below command would perform a request to c...

7.5

CVE-2024-28757

Exploit
  • EPSS 0.64%
  • Published 10.03.2024 05:15:06
  • Last modified 28.03.2025 19:15:21

libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).

7.5

CVE-2023-4408

  • EPSS 0.3%
  • Published 13.02.2024 14:15:45
  • Last modified 14.03.2025 17:15:40

The DNS message parsing code in `named` includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queries and responses may cause excessive CPU load on the affected `named` insta...

4.6

CVE-2023-27317

  • EPSS 0.34%
  • Published 15.12.2023 23:15:07
  • Last modified 21.11.2024 07:52:38

ONTAP 9 versions 9.12.1P8, 9.13.1P4, and 9.13.1P5 are susceptible to a vulnerability which will cause all SAS-attached FIPS 140-2 drives to become unlocked after a system reboot or power cycle or a single SAS-attached FIPS 140-2 drive to become un...

5.9

CVE-2023-27536

Exploit
  • EPSS 0.01%
  • Published 30.03.2023 20:15:07
  • Last modified 14.02.2025 16:15:33

An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION opt...