Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ontap_9
(Netapp)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 8 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-03-30 | CVE-2023-27535 | An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current setup. However, certain FTP settings such as CURLOPT_FTP_ACCOUNT, CURLOPT_FTP_ALTERNATIVE_TO_USER, CURLOPT_FTP_SSL_CCC, and CURLOPT_USE_SSL were not included in the configuration match checks, causing them to match too... | Debian_linux, Fedora, Libcurl, Active_iq_unified_manager, H300s_firmware, H410s_firmware, H500s_firmware, H700s_firmware, Ontap_9, Universal_forwarder | 5.9 | ||
| 2024-09-03 | CVE-2024-6119 | Issue summary: Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process. Impact summary: Abnormal termination of an application can a cause a denial of service. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address when comparing the expected name with an... | 500f_firmware, A250_firmware, Active_iq_unified_manager, Bootstrap_os, Brocade_fabric_operating_system, C250_firmware, H300s_firmware, H410c_firmware, H410s_firmware, H500s_firmware, H610c_firmware, H610s_firmware, H615c, H700s_firmware, Management_services_for_element_software_and_netapp_hci, Ontap_9, Ontap_select_deploy_administration_utility, Ontap_tools, Openssl | 7.5 | ||
| 2024-02-29 | CVE-2024-26458 | Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c. | Kerberos_5, Active_iq_unified_manager, Cloud_volumes_ontap_mediator, H610c_firmware, H610s_firmware, H615c_firmware, Management_services_for_element_software_and_netapp_hci, Ontap_9, Ontap_select_deploy_administration_utility | N/A | ||
| 2024-02-29 | CVE-2024-26461 | Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c. | Kerberos_5, Active_iq_unified_manager, Cloud_volumes_ontap_mediator, H610c_firmware, H610s_firmware, H615c_firmware, Management_services_for_element_software_and_netapp_hci, Ontap_9, Ontap_select_deploy_administration_utility | N/A | ||
| 2024-02-29 | CVE-2024-26458 | Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c. | Kerberos_5, Active_iq_unified_manager, Cloud_volumes_ontap_mediator, H610c_firmware, H610s_firmware, H615c_firmware, Management_services_for_element_software_and_netapp_hci, Ontap_9, Ontap_select_deploy_administration_utility | N/A | ||
| 2024-02-29 | CVE-2024-26461 | Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c. | Kerberos_5, Active_iq_unified_manager, Cloud_volumes_ontap_mediator, H610c_firmware, H610s_firmware, H615c_firmware, Management_services_for_element_software_and_netapp_hci, Ontap_9, Ontap_select_deploy_administration_utility | N/A | ||
| 2022-10-29 | CVE-2022-42915 | curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTP(S) URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels the rest of the protocol through. An HTTP proxy might refuse this request (HTTP proxies often only allow outgoing connections to specific port numbers, like 443 for HTTPS) and instead return a non-200 status code to the client. Due to flaws in the error/cleanup handling,... | Macos, Fedora, Curl, H300s_firmware, H410s_firmware, H500s_firmware, H700s_firmware, Ontap_9, Universal_forwarder | 8.1 | ||
| 2024-07-01 | CVE-2024-38475 | Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure. Substitutions in server context that use a backreferences or variables as the first segment of the substitution are affected. Some unsafe RewiteRules will be broken by this change and the rewrite... | Http_server, Ontap_9 | N/A |