CVE-2024-38477

all versions

null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malici

7.5HIGH

CVE-2024-38476

all versions

Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script exec

9.8CRITICAL

CVE-2024-38474

all versions

Substitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in director

9.8CRITICAL

CVE-2024-21985

>= 9.0 and < 9.9.1

ONTAP 9 versions prior to 9.9.1P18, 9.10.1P16, 9.11.1P13, 9.12.1P10 and 9.13.1P4 are susceptible to a vulnerability which could a

7.6HIGH

CVE-2024-21982

>= 9.4 and < 9.8

ONTAP versions 9.4 and higher are susceptible to a vulnerability which when successfully exploited could lead to disclosure of se

4.8MEDIUM

CVE-2023-27314

>= 9.0 and < 9.8

ONTAP 9 versions prior to 9.8P19, 9.9.1P16, 9.10.1P12, 9.11.1P8, 9.12.1P2 and 9.13.1 are susceptible to a vulnerability which cou

7.5HIGH

CVE-2023-36054

all versions

lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A rem

6.5MEDIUM

CVE-2023-3107

all versions

A set of carefully crafted ipv6 packets can trigger an integer overflow in the calculation of a fragment reassembled packet's payl

7.5HIGH

CVE-2023-38403

all versions

iperf3 before 3.14 allows peers to cause an integer overflow and heap corruption via a crafted length field.

7.5HIGH

CVE-2023-2953

all versions

A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.

7.5HIGH

CVE-2023-28322

all versions

An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the rea

3.7LOW

CVE-2023-28321

all versions

An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when

5.9MEDIUM

CVE-2023-28320

all versions

A denial of service vulnerability exists in curl <v8.1.0 in the way libcurl provides several different backends for resolving host

5.9MEDIUM

CVE-2023-28319

all versions

A use after free vulnerability exists in curl <v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key usi

7.5HIGH

CVE-2023-27538

all versions

An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection d

5.5MEDIUM

CVE-2023-27537

all versions

A double free vulnerability exists in libcurl <8.0.0 when sharing HSTS data between separate "handles". This sharing was introduce

5.9MEDIUM

CVE-2023-27533

all versions

A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pa

8.8HIGH

CVE-2023-23916

all versions

An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the "chained" HTTP compress

6.5MEDIUM

CVE-2023-23915

all versions

A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality to beh

6.5MEDIUM

CVE-2023-23914

all versions

A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality fail w

9.1CRITICAL

CVE-2022-35260

all versions

curl can be told to parse a .netrc file for credentials. If that file endsin a line with 4095 consecutive non-white space letter

6.5MEDIUM

CVE-2022-32221

all versions

When doing HTTP(S) transfers, libcurl might erroneously use the read callback (CURLOPT_READFUNCTION) to ask for data to send, ev

9.8CRITICAL

CVE-2022-40304

all versions

An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially

7.8HIGH

CVE-2022-40303

all versions

An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option

7.5HIGH

CVE-2022-3602

all versions

A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occu

7.5HIGH

CVE-2022-23241

all versions

Clustered Data ONTAP versions 9.11.1 through 9.11.1P2 with SnapLock configured FlexGroups are susceptible to a vulnerability which

8.1HIGH

CVE-2022-35252

all versions

When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are s

3.7LOW

CVE-2022-32208

all versions

When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possib

5.9MEDIUM

CVE-2022-32207

all versions

When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation

9.8CRITICAL

CVE-2022-32206

all versions

curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and p

6.5MEDIUM

CVE-2022-32205

all versions

A malicious server can serve excessive amounts of Set-Cookie: headers in a HTTP response to curl and curl < 7.84.0 stores all of

4.3MEDIUM

CVE-2022-31813

all versions

Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection

9.8CRITICAL

CVE-2022-30556

all versions

Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage

7.5HIGH

CVE-2022-30522

all versions

If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very l

7.5HIGH

CVE-2022-29404

all versions

In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of serv

7.5HIGH

CVE-2022-28615

all versions

Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when prov

9.1CRITICAL

CVE-2022-28614

all versions

The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server t

5.3MEDIUM

CVE-2022-26377

all versions

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allow

7.5HIGH

CVE-2022-30115

all versions

Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure clear-text HTTP step even when HT

4.3MEDIUM

CVE-2022-27781

all versions

libcurl provides the CURLOPT_CERTINFO option to allow applications torequest details to be returned about a server's certificate

7.5HIGH

CVE-2022-27780

all versions

The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a

7.5HIGH

CVE-2022-27779

all versions

libcurl wrongly allows cookies to be set for Top Level Domains (TLDs) if thehost name is provided with a trailing dot.curl can be

5.3MEDIUM

CVE-2022-27778

all versions

A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when --no-clobber is used together

8.1HIGH

CVE-2022-27776

all versions

A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HT

6.5MEDIUM

CVE-2022-27775

all versions

An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in t

7.5HIGH

CVE-2022-27774

all versions

An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow

5.7MEDIUM

CVE-2022-22576

all versions

An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticate

8.1HIGH

CVE-2022-1473

all versions

The OPENSSL_LH_flush() function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the remov

7.5HIGH

CVE-2022-1434

all versions

The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This makes the MAC key tri

5.9MEDIUM

CVE-2022-1343

all versions

The function OCSP_basic_verify verifies the signer certificate on an OCSP response. In the case where the (non-default) flag OCS

5.3MEDIUM

CVE-2022-1292

all versions

The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by so

7.3HIGH

CVE-2022-29824

all versions

In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf) and tree.c (xmlBuffer) don't check for integer ove

6.5MEDIUM

CVE-2022-0778

all versions

The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime m

7.5HIGH

CVE-2022-23308

all versions

valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.

7.5HIGH

CVE-2021-0127

all versions

Insufficient control flow management in some Intel(R) Processors may allow an authenticated user to potentially enable a denial of

5.5MEDIUM

CVE-2022-23852

all versions

Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BY

9.8CRITICAL

CVE-2021-46143

all versions

In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.

8.1HIGH

CVE-2021-21707

all versions

In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_

5.3MEDIUM

CVE-2021-21703

all versions

In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main F

7.8HIGH

CVE-2021-27001

>= 9.0 and <= 9.4

Clustered Data ONTAP versions 9.x prior to 9.5P18, 9.6P16, 9.7P16, 9.8P7 and 9.9.1P2 are susceptible to a vulnerability which coul

5.5MEDIUM

CVE-2021-27003

< 9.5

Clustered Data ONTAP versions prior to 9.5P18, 9.6P15, 9.7P14, 9.8P5 and 9.9.1 are missing an X-Frame-Options header which could a

4.7MEDIUM

CVE-2021-21705

all versions

In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using URL validation functionality via filter_v

4.3MEDIUM

CVE-2021-21704

all versions

In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using Firebird PDO driver extension, a maliciou

5.0MEDIUM

CVE-2021-22947

all versions

When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, t

5.9MEDIUM

CVE-2021-22946

all versions

A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (

7.5HIGH

CVE-2021-41617

all versions

sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because

7.0HIGH

CVE-2021-22945

all versions

When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an alr

9.1CRITICAL

CVE-2021-40438

all versions

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue a

9.0CRITICAL

CVE-2021-39275

all versions

ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to the

9.8CRITICAL

CVE-2021-36160

all versions

A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affe

7.5HIGH

CVE-2021-34798

all versions

Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.

7.5HIGH

CVE-2016-20012

all versions

OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known t

5.3MEDIUM

CVE-2021-3712

all versions

ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string dat

7.4HIGH

CVE-2021-3711

all versions

In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an applic

9.8CRITICAL

CVE-2021-22926

all versions

libcurl-using applications can ask for a specific client certificate to be used in a transfer. This is done with the `CURLOPT_SSLC

7.5HIGH

CVE-2021-22925

all versions

curl supports the -t command line option, known as CURLOPT_TELNETOPTIONSin libcurl. This rarely used option is used to send va

5.3MEDIUM

CVE-2021-22924

all versions

libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.

3.7LOW

CVE-2021-22923

all versions

When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink

5.3MEDIUM

CVE-2021-22922

all versions

When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the met

6.5MEDIUM

CVE-2021-3541

all versions

A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and lea

6.5MEDIUM

CVE-2020-7469

all versions

In FreeBSD 12.2-STABLE before r367402, 11.4-STABLE before r368202, 12.2-RELEASE before p1, 12.1-RELEASE before p11 and 11.4-RELEAS

7.5HIGH

CVE-2021-26994

< 9.7

Clustered Data ONTAP versions prior to 9.7P13 and 9.8P3 are susceptible to a vulnerability which could allow single workloads to c

6.5MEDIUM

CVE-2021-3516

all versions

There's a flaw in libxml2's xmllint in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by

7.8HIGH

CVE-2021-3517

all versions

There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a

8.6HIGH

CVE-2021-3518

all versions

There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an applic

8.8HIGH

CVE-2021-3537

all versions

A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content,

5.9MEDIUM

CVE-2021-21702

all versions

In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to connect to a SOAP serve

5.3MEDIUM

CVE-2020-7071

all versions

In PHP versions 7.3.x below 7.3.26, 7.4.x below 7.4.14 and 8.0.0, when validating URL with functions like filter_var($url, FILTER_

5.3MEDIUM

CVE-2020-8590

< 9.1

Clustered Data ONTAP versions prior to 9.1P18 and 9.3P12 are susceptible to a vulnerability which could allow an attacker to disco

3.3LOW

CVE-2020-8578

< 9.3

Clustered Data ONTAP versions prior to 9.3P20 are susceptible to a vulnerability which could allow an attacker to discover node na

3.3LOW

CVE-2020-8589

< 9.3

Clustered Data ONTAP versions prior to 9.3P20 and 9.5P15 are susceptible to a vulnerability which could allow unauthorized tenant

3.5LOW

CVE-2020-8588

< 9.3

Clustered Data ONTAP versions prior to 9.3P20 and 9.5P15 are susceptible to a vulnerability which could allow unauthorized tenant

3.5LOW

CVE-2020-8581

< 9.3

Clustered Data ONTAP versions prior to 9.3P20 and 9.5 are susceptible to a vulnerability which could allow an authenticated but un

6.5MEDIUM

CVE-2020-8286

all versions

curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the O

7.5HIGH

CVE-2020-8285

all versions

curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match pa

7.5HIGH

CVE-2020-8284

all versions

A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and p

3.7LOW

CVE-2020-8698

all versions

Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable informati

5.5MEDIUM

CVE-2020-8696

all versions

Improper removal of sensitive information before storage or transfer in some Intel(R) Processors may allow an authenticated user t

5.5MEDIUM

CVE-2020-0590

all versions

Improper input validation in BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable esca

7.8HIGH

CVE-2020-8579

all versions

Clustered Data ONTAP versions 9.7 through 9.7P7 are susceptible to a vulnerability which allows an attacker with access to an inte

7.5HIGH

CVE-2020-7070

all versions

In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values,

4.3MEDIUM

CVE-2020-7069

all versions

In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() fu

5.4MEDIUM

CVE-2020-24718

all versions

bhyve, as used in FreeBSD through 12.1 and illumos (e.g., OmniOS CE through r151034 and OpenIndiana through Hipster 2020.04), does

8.2HIGH

CVE-2020-24977

all versions

GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The

6.5MEDIUM

CVE-2020-8576

<= 9.3

Clustered Data ONTAP versions prior to 9.3P19, 9.5P14, 9.6P9 and 9.7 are susceptible to a vulnerability which when successfully ex

5.4MEDIUM

CVE-2020-11993

all versions

Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patter

7.5HIGH

CVE-2020-11984

all versions

Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE

9.8CRITICAL

CVE-2020-14155

all versions

libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.

5.3MEDIUM

CVE-2020-7456

all versions

In FreeBSD 12.1-STABLE before r361918, 12.1-RELEASE before p6, 11.4-STABLE before r361919, 11.3-RELEASE before p10, and 11.4-RC2 b

6.8MEDIUM

CVE-2020-13817

all versions

ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system t

7.4HIGH

CVE-2019-5614

all versions

In FreeBSD 12.1-STABLE before r356035, 12.1-RELEASE before 12.1-RELEASE-p4, 11.3-STABLE before r356036, and 11.3-RELEASE before 11

9.8CRITICAL

CVE-2019-15874

all versions

In FreeBSD 12.1-STABLE before r356035, 12.1-RELEASE before 12.1-RELEASE-p4, 11.3-STABLE before r356036, and 11.3-RELEASE before 11

9.8CRITICAL

CVE-2020-11868

all versions

ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a se

7.5HIGH

CVE-2020-7595

all versions

xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.

7.5HIGH

CVE-2019-20388

all versions

xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.

7.5HIGH

CVE-2019-19956

all versions

xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc-oldNs.

7.5HIGH

CVE-2019-5508

>= 9.2 and <= 9.4

Clustered Data ONTAP versions 9.2 through 9.4 are susceptible to a vulnerability which allows an attacker to use l2ping to cause a

7.5HIGH

CVE-2019-5506

>= 9.0 and <= 9.6

Clustered Data ONTAP versions 9.0 and higher do not enforce hostname verification under certain circumstances making them suscepti

5.9MEDIUM

CVE-2019-10092

<= 9.5

In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attac

6.1MEDIUM

CVE-2019-5612

all versions

In FreeBSD 12.0-STABLE before r351264, 12.0-RELEASE before 12.0-RELEASE-p10, 11.3-STABLE before r351265, 11.3-RELEASE before 11.3-

7.5HIGH

CVE-2019-5611

all versions

In FreeBSD 12.0-STABLE before r350828, 12.0-RELEASE before 12.0-RELEASE-p10, 11.3-STABLE before r350829, 11.3-RELEASE before 11.3-

7.5HIGH

CVE-2019-5610

all versions

In FreeBSD 12.0-STABLE before r350637, 12.0-RELEASE before 12.0-RELEASE-p9, 11.3-STABLE before r350638, 11.3-RELEASE before 11.3-R

7.5HIGH

CVE-2019-5608

all versions

In FreeBSD 12.0-STABLE before r350648, 12.0-RELEASE before 12.0-RELEASE-p9, 11.3-STABLE before r350650, 11.3-RELEASE before 11.3-R

9.8CRITICAL

CVE-2019-9517

all versions

Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. Th

7.5HIGH

CVE-2019-5497

all versions

NetApp AFF A700s Baseboard Management Controller (BMC) firmware versions 1.22 and higher were shipped with a default account enabl

9.8CRITICAL

CVE-2019-13118

all versions

In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid char

5.3MEDIUM

CVE-2019-8936

< 9.2

NTP through 4.2.8p12 has a NULL Pointer Dereference.

7.5HIGH

CVE-2019-0217

all versions

In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could al

7.5HIGH

CVE-2019-5491

>= 9.0 and < 9.1

Clustered Data ONTAP versions prior to 9.1P15 and 9.3 prior to 9.3P7 are susceptible to a vulnerability which discloses sensitive

7.5HIGH

CVE-2019-3823

all versions

libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response

4.3MEDIUM

CVE-2019-3822

all versions

libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing N

9.8CRITICAL

CVE-2018-16890

all versions

libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NT

7.5HIGH

CVE-2018-5498

>= 9.0 and <= 9.4

Clustered Data ONTAP versions 9.0 through 9.4 are susceptible to a vulnerability which allows remote authenticated attackers to ca

4.4MEDIUM

CVE-2018-5497

<= 9.1

Clustered Data ONTAP versions prior to 9.1P16, 9.3P10 and 9.4P5 are susceptible to a vulnerability which discloses sensitive infor

4.4MEDIUM

CVE-2018-5490

< 8.3

Read-Only export policy rules are not correctly enforced in Clustered Data ONTAP 8.3 Release Candidate versions and therefore may

8.8HIGH

CVE-2018-1312

all versions

In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks

9.8CRITICAL

CVE-2018-1303

all versions

A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound r

7.5HIGH

CVE-2018-1302

all versions

When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL

5.9MEDIUM

CVE-2018-1301

all versions

A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after

5.9MEDIUM

CVE-2018-1283

all versions

In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to forward its session data to CGI applications (SessionEnv on, no

5.3MEDIUM

CVE-2017-15715

all versions

In Apache httpd 2.4.0 to 2.4.29, the expression specified in <FilesMatch> could match '$' to a newline character in a malicious fi

8.1HIGH

CVE-2017-15710

all versions

In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, mod_authnz_ldap, if configured with AuthLDAPCharsetConfig,

7.5HIGH

CVE-2017-14583

>= 9.0 and <= 9.1

NetApp Clustered Data ONTAP versions 9.x prior to 9.1P10 and 9.2P2 are susceptible to a vulnerability which allows an attacker to

6.5MEDIUM

CVE-2016-8610

all versions

A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol define

7.5HIGH

CVE-2017-5201

< 8.3.2

NetApp Clustered Data ONTAP before 8.3.2P8 and 9.0 before P2 allow remote authenticated users to obtain sensitive cluster and tena

5.7MEDIUM

CVE-2017-16642

all versions

In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension's timelib_meridian handling of 'f

7.5HIGH

CVE-2017-15906

all versions

The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, whic

5.3MEDIUM

CVE-2017-12423

all versions

NetApp Clustered Data ONTAP 8.3.x before 8.3.2P12 allows remote authenticated users to read data on other Storage Virtual Machines

7.7HIGH

CVE-2017-12421

all versions

NetApp Clustered Data ONTAP 8.3.x before 8.3.2P12 allows remote authenticated users to execute arbitrary code on the storage contr

8.8HIGH

CVE-2017-12420

<= 9.0

Heap-based buffer overflow in the SMB implementation in NetApp Clustered Data ONTAP before 8.3.2P8 and 9.0 before P2 allows remote

8.8HIGH

CVE-2015-7871

all versions

Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication.

9.8CRITICAL

CVE-2015-7855

all versions

The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial o

6.5MEDIUM

CVE-2015-7854

all versions

Buffer overflow in the password management functionality in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authen

8.8HIGH

CVE-2015-7853

all versions

The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execu

9.8CRITICAL

CVE-2015-7852

all versions

ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted

5.9MEDIUM

CVE-2015-7850

all versions

ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (infinite

6.5MEDIUM

CVE-2015-7849

all versions

Use-after-free vulnerability in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to pos

8.8HIGH

CVE-2015-7705

all versions

The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via

9.8CRITICAL

CVE-2015-7704

all versions

The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a numbe

7.5HIGH

CVE-2015-7702

all versions

The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of

6.5MEDIUM

CVE-2015-7701

all versions

Memory leak in the CRYPTO_ASSOC function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to c

7.5HIGH

CVE-2015-7692

all versions

The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of

7.5HIGH

CVE-2015-7691

all versions

The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of

7.5HIGH

CVE-2016-8743

all versions

Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in r

7.5HIGH

CVE-2015-7703

all versions

The "pidfile" or "driftfile" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, when ntpd is configured to allo

7.5HIGH

CVE-2017-7947

all versions

NetApp Clustered Data ONTAP before 8.3.2P11, 9.0 before P4, and 9.1 before P5 allow attackers to obtain sensitive password informa

6.5MEDIUM

CVE-2017-11147

all versions

In PHP before 5.6.30 and 7.x before 7.0.15, the PHAR archive handler could be used by attackers supplying malicious archive files

9.1CRITICAL

CVE-2016-3997

all versions

NetApp Clustered Data ONTAP allows man-in-the-middle attackers to obtain sensitive information, gain privileges, or cause a denial

7.5HIGH

CVE-2017-7668

all versions

The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_fi

7.5HIGH

CVE-2017-3167

all versions

In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of t

9.8CRITICAL

CVE-2017-9119

all versions

The i_zval_ptr_dtor function in Zend/zend_variables.h in PHP 7.1.5 allows attackers to cause a denial of service (memory consumpti

9.8CRITICAL

CVE-2017-7345

<= 7.1

NetApp OnCommand Performance Manager and OnCommand Unified Manager for Clustered Data ONTAP before 7.1P1 improperly bind the Java

5.3MEDIUM

CVE-2017-5988

all versions

NetApp Clustered Data ONTAP 8.1 through 9.1P1, when NFS or SMB is enabled, allows remote attackers to cause a denial of service vi

7.5HIGH

CVE-2016-4341

<= 8.3.2

NetApp Clustered Data ONTAP before 8.3.2P7 allows remote attackers to obtain SMB share information via unspecified vectors.

7.5HIGH

CVE-2016-2518

all versions

The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds r

5.3MEDIUM

CVE-2015-7977

all versions

ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference)

5.9MEDIUM

CVE-2015-7973

all versions

NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in broadcast mode, allows man-in-the-middle attackers to conduct repla

6.5MEDIUM

CVE-2016-10160

all versions

Off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote

9.8CRITICAL

CVE-2015-8020

all versions

Clustered Data ONTAP versions 8.0, 8.3.1, and 8.3.2 contain a default privileged account which under certain conditions can be use

3.7LOW

CVE-2016-7480

all versions

The SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP before 7.0.12 does not verify that a key is an ob

9.8CRITICAL

CVE-2017-5340

all versions

Zend/zend_hash.c in PHP before 7.0.15 and 7.1.x before 7.1.1 mishandles certain cases that require large array allocations, which

9.8CRITICAL

CVE-2015-7848

all versions

An integer overflow can occur in NTP-dev.4.3.70 leading to an out-of-bounds memory copy operation when processing a specially craf

7.5HIGH

CVE-2016-3064

<= 8.2.4

NetApp Clustered Data ONTAP before 8.2.4P4 and 8.3.x before 8.3.2P2 allows remote authenticated users to obtain sensitive cluster

6.5MEDIUM

CVE-2016-1563

all versions

NetApp Clustered Data ONTAP 8.3.1 does not properly verify X.509 certificates from TLS servers, which allows man-in-the-middle att

6.8MEDIUM

CVE-2015-7974

all versions

NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, whic

7.7HIGH