Product:

Ontap_tools

(Netapp)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 21
Date Id Summary Products Score Patch Annotated
2024-07-04 CVE-2024-39884 A regression in the core of Apache HTTP Server 2.4.60 ignores some use of the legacy content-type based configuration of handlers.   "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example, PHP scripts may be served instead of interpreted. Users are recommended to upgrade to version 2.4.61, which fixes this issue. Http_server, Ontap_tools N/A
2024-04-04 CVE-2023-38709 Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58. Http_server, Macos, Fabric_operating_system, Debian_linux, Fedora, Ontap, Ontap_tools N/A
2024-04-04 CVE-2024-24795 HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack. Users are recommended to upgrade to version 2.4.59, which fixes this issue. Http_server, Macos, Fabric_operating_system, Debian_linux, Fedora, Ontap, Ontap_tools N/A
2024-03-15 CVE-2024-28752 A SSRF vulnerability using the Aegis DataBinding in versions of Apache CXF before 4.0.4, 3.6.3 and 3.5.8 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type. Users of other data bindings (including the default databinding) are not impacted. Cxf, Oncommand_workflow_automation, Ontap_tools N/A
2024-05-07 CVE-2024-34397 An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This could lead to the GDBus-based client behaving incorrectly, with an application-dependent impact. Debian_linux, Fedora, Glib, Ontap_tools N/A
2024-11-11 CVE-2024-52533 gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\0' character. Debian_linux, Glib, Active_iq_unified_manager, Ontap_tools N/A
2024-07-03 CVE-2024-34750 Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn led to the use of an incorrect infinite timeout which allowed connections to remain open which should have been closed. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through... Tomcat, Ontap_tools N/A
2024-09-03 CVE-2024-6119 Issue summary: Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process. Impact summary: Abnormal termination of an application can a cause a denial of service. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address when comparing the expected name with an... 500f_firmware, A250_firmware, Active_iq_unified_manager, Bootstrap_os, Brocade_fabric_operating_system, C250_firmware, H300s_firmware, H410c_firmware, H410s_firmware, H500s_firmware, H610c_firmware, H610s_firmware, H615c, H700s_firmware, Management_services_for_element_software_and_netapp_hci, Ontap_9, Ontap_select_deploy_administration_utility, Ontap_tools, Openssl 7.5
2020-06-04 CVE-2020-13817 ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim's ntpd instance. M10\-1_firmware, M10\-4_firmware, M10\-4s_firmware, M12\-1_firmware, M12\-2_firmware, M12\-2s_firmware, Cloud_backup, Clustered_data_ontap, Data_ontap, Element_software, H300e_firmware, H300s_firmware, H410c_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H700e_firmware, H700s_firmware, Hci_compute_node_firmware, Hci_management_node, Ontap_tools, Solidfire, Steelstore_cloud_integrated_storage, Ntp, Leap 7.4
2024-03-21 CVE-2024-29131 Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1. Users are recommended to upgrade to version 2.10.1, which fixes the issue. Commons_configuration, Fedora, Ontap_tools, Snapcenter N/A