Latest netapp clustered data ontap Vulnerabilities

CVE-2024-21985
Privilege Escalation Vulnerability in ONTAP 9
NetApp Clustered Data ONTAP>=9.0<9.9.1
NetApp Clustered Data ONTAP>=9.10.0<9.10.1
NetApp Clustered Data ONTAP>=9.11.0<9.11.1
NetApp Clustered Data ONTAP>=9.12.0<9.12.1
NetApp Clustered Data ONTAP>=9.13.0<9.13.1
NetApp Clustered Data ONTAP=9.9.1
and 4 more
CVE-2024-21982
CVE-2024-21982 Information Disclosure Vulnerability in ONTAP 9
NetApp Clustered Data ONTAP>=9.4<9.8
NetApp Clustered Data ONTAP=9.8
NetApp Clustered Data ONTAP=9.9.1
NetApp Clustered Data ONTAP=9.10.1
NetApp Clustered Data ONTAP=9.11.1
NetApp Clustered Data ONTAP=9.12.1
and 1 more
CVE-2023-27314
ONTAP 9 versions prior to 9.8P19, 9.9.1P16, 9.10.1P12, 9.11.1P8, 9.12.1P2 and 9.13.1 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to cause a crash of the HT...
NetApp Clustered Data ONTAP>=9.0<9.8
NetApp Clustered Data ONTAP=9.8
NetApp Clustered Data ONTAP=9.8-p7
NetApp Clustered Data ONTAP=9.9.1
NetApp Clustered Data ONTAP=9.9.1-p3
NetApp Clustered Data ONTAP=9.10.0
and 3 more
CVE-2023-36054
lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs becaus...
MIT Kerberos 5<1.20.2
MIT Kerberos 5=1.21
MIT Kerberos 5=1.21-beta1
Debian Debian Linux=10.0
Apple iPadOS
NetApp Clustered Data ONTAP=9.0
and 3 more
CVE-2023-3107
A set of carefully crafted ipv6 packets can trigger an integer overflow in the calculation of a fragment reassembled packet's payload length field. This allows an attacker to trigger a kernel panic, r...
FreeBSD FreeBSD=12.4
FreeBSD FreeBSD=12.4-p1
FreeBSD FreeBSD=12.4-p2
FreeBSD FreeBSD=12.4-p3
FreeBSD FreeBSD=12.4-rc2-p1
FreeBSD FreeBSD=12.4-rc2-p2
and 15 more
CVE-2023-38403
iperf3 before 3.14 allows peers to cause an integer overflow and heap corruption via a crafted length field.
Es Iperf3<3.14
Linux Linux kernel
Debian Debian Linux=10.0
Fedoraproject Fedora=37
Fedoraproject Fedora=38
Apple macOS Ventura<13.6.1
and 15 more
CVE-2023-2953
A vulnerability was found in openldap that can cause a null pointer dereference in the ber_memalloc_x() function.
Openldap Openldap=2.4
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux=9.0
Apple macOS>=11.0<11.7.9
Apple macOS>=12.0<12.6.8
Apple macOS>=13.0<13.5
and 33 more
CVE-2023-28320
A denial of service vulnerability exists in curl <v8.1.0 in the way libcurl provides several different backends for resolving host names, selected at build time. If it is built to use the synchronous ...
Haxx Curl<8.1.0
Apple macOS>=11.0<11.7.9
Apple macOS>=12.0<12.6.8
Apple macOS>=13.0<13.5
NetApp Clustered Data ONTAP
Apple macOS Big Sur
and 13 more
CVE-2023-28322
An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when...
Haxx Curl<8.1.0
Fedoraproject Fedora=37
Fedoraproject Fedora=38
Apple macOS>=11.0<11.7.9
Apple macOS>=12.0<12.6.8
Apple macOS>=13.0<13.5
and 34 more
CVE-2023-28321
An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. curl ...
Haxx Curl<8.1.0
Debian Debian Linux=10.0
Fedoraproject Fedora=37
Fedoraproject Fedora=38
NetApp Clustered Data ONTAP
Apple macOS Big Sur
and 35 more
CVE-2023-28319
A use after free vulnerability exists in curl <v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. When this check fails, libcurl would free the memor...
Haxx Curl<8.1.0
Apple macOS>=11.0<11.7.9
Apple macOS>=12.0<12.6.8
Apple macOS>=13.0<13.5
NetApp Clustered Data ONTAP
Apple macOS Big Sur
and 14 more
CVE-2023-27537
A double free vulnerability exists in libcurl <8.0.0 when sharing HSTS data between separate "handles". This sharing was introduced without considerations for do this sharing across separate threads b...
Haxx Libcurl=7.88.0
Haxx Libcurl=7.88.1
Apple iPadOS
NetApp Clustered Data ONTAP=9.0
Broadcom Brocade Fabric Operating System Firmware
Apple macOS Ventura
and 20 more
CVE-2023-27538
An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have pre...
Haxx Libcurl>=7.16.1<8.0.0
Fedoraproject Fedora=36
Debian Debian Linux=10.0
Apple iPadOS
NetApp Clustered Data ONTAP=9.0
Broadcom Brocade Fabric Operating System Firmware
and 22 more
CVE-2023-27533
A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server...
Haxx Curl>=7.0.0<=7.881
Fedoraproject Fedora=36
Apple iPadOS
NetApp Clustered Data ONTAP=9.0
Apple macOS Ventura
Apple macOS Big Sur
and 20 more
CVE-2023-23916
cURL libcurl is vulnerable to a denial of service, caused by a flaw in the decompression chain implementation. By sending a specially-crafted request, a remote attacker could exploit this vulnerabilit...
Haxx Curl>=7.57.0<7.88.0
Fedoraproject Fedora=36
Debian Debian Linux=10.0
Debian Debian Linux=11.0
Apple macOS Ventura
Apple macOS Big Sur
and 22 more
CVE-2023-23915
A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality to behave incorrectly when multiple URLs are requested in parallel. Using it...
Haxx Curl>=7.77.0<7.88.0
Apple iPadOS
NetApp Clustered Data ONTAP=9.0
Apple macOS Ventura
Apple macOS Big Sur
Apple macOS Big Sur
and 19 more
CVE-2023-23914
A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality fail when multiple URLs are requested serially. Using its HSTS support, curl...
Haxx Curl>=7.77.0<7.88.0
Apple iPadOS
NetApp Clustered Data ONTAP=9.0
Apple macOS Ventura
Apple macOS Big Sur
Apple macOS Big Sur
and 19 more
CVE-2022-35260
curl can be told to parse a `.netrc` file for credentials. If that file endsin a line with 4095 consecutive non-white space letters and no newline, curlwould first read past the end of the stack-based...
Haxx Curl>=7.84.0<7.86.0
NetApp Clustered Data ONTAP
Apple macOS Ventura
Apple macOS Big Sur
Apple macOS Big Sur
Apple macOS Ventura
and 18 more
CVE-2022-3602
A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either ...
rust/openssl-src>=300.0.0<300.0.11
OpenSSL OpenSSL>=3.0.0<3.0.7
Fedoraproject Fedora=36
Fedoraproject Fedora=37
NetApp Clustered Data ONTAP
Fedoraproject Fedora=26
and 7 more
CVE-2022-23241
Clustered Data ONTAP versions 9.11.1 through 9.11.1P2 with SnapLock configured FlexGroups are susceptible to a vulnerability which could allow an authenticated remote attacker to arbitrarily modify or...
NetApp Clustered Data ONTAP=9.11.1
NetApp Clustered Data ONTAP=9.11.1-p2
NetApp Clustered Data ONTAP=9.11.1-rc1
CVE-2022-32221
A vulnerability was found in curl. The issue occurs when doing HTTP(S) transfers, where curl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CU...
redhat/jbcs-httpd24-curl<0:7.86.0-2.el8
redhat/jbcs-httpd24-curl<0:7.86.0-2.el7
redhat/curl<0:7.76.1-19.el9_1.1
redhat/curl<0:7.76.1-14.el9_0.6
debian/curl<=7.64.0-4+deb10u2
Haxx Curl<7.86.0
and 27 more
CVE-2022-40303
A flaw was found in libxml2. Parsing a XML document with the XML_PARSE_HUGE option enabled can result in an integer overflow because safety checks were missing in some functions. Also, the xmlParseEnt...
redhat/libxml2<0:2.9.7-15.el8_7.1
redhat/libxml2<0:2.9.13-3.el9_1
Apple tvOS<16.2
Apple watchOS<9.2
Apple macOS Big Sur<11.7.2
Apple macOS Monterey<12.6.2
and 29 more
CVE-2022-40304
A flaw was found in libxml2. When a reference cycle is detected in the XML entity cleanup function the XML entity data can be stored in a dictionary. In this case, the dictionary becomes corrupted res...
redhat/libxml2<0:2.9.7-15.el8_7.1
redhat/libxml2<0:2.9.13-3.el9_1
redhat/libxml2<2.10.3
Apple macOS Ventura<13.0.1
Apple iOS<16.1.1
Apple iPadOS<16.1.1
and 29 more
CVE-2022-35252
A vulnerability found in curl. This security flaw happens when curl is used to retrieve and parse cookies from an HTTP(S) server, where it accepts cookies using control codes (byte values below 32), a...
redhat/jbcs-httpd24-curl<0:7.86.0-2.el8
redhat/jbcs-httpd24-curl<0:7.86.0-2.el7
redhat/curl<0:7.61.1-30.el8
redhat/curl<0:7.76.1-23.el9
Haxx Curl<7.85.0
NetApp Clustered Data ONTAP
and 33 more
CVE-2022-32205
A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them. A sufficiently large amount of (big) cookies make subsequent HT...
debian/curl
Haxx Curl>=7.71.0<7.84.0
Fedoraproject Fedora=35
Debian Debian Linux=11.0
NetApp Clustered Data ONTAP
Netapp Element Software
and 47 more
CVE-2022-32208
curl. Multiple issues were addressed by updating to curl version 7.84.0.
redhat/jbcs-httpd24-curl<0:7.86.0-2.el8
redhat/jbcs-httpd24-curl<0:7.86.0-2.el7
redhat/curl<0:7.61.1-22.el8_6.4
redhat/curl<0:7.76.1-14.el9_0.5
debian/curl<=7.64.0-4+deb10u2
Haxx Curl>=7.16.4<7.84.0
and 33 more
CVE-2022-32207
curl. Multiple issues were addressed by updating to curl version 7.84.0.
redhat/jbcs-httpd24-curl<0:7.86.0-2.el8
redhat/jbcs-httpd24-curl<0:7.86.0-2.el7
redhat/curl<0:7.76.1-14.el9_0.5
debian/curl
Haxx Curl>=7.69.0<7.84.0
Fedoraproject Fedora=35
and 31 more
CVE-2022-32206
A vulnerability was found in curl. This issue occurs because the number of acceptable "links" in the "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited nu...
redhat/jbcs-httpd24-curl<0:7.86.0-2.el8
redhat/jbcs-httpd24-curl<0:7.86.0-2.el7
redhat/curl<0:7.61.1-22.el8_6.4
redhat/curl<0:7.61.1-18.el8_4.3
redhat/curl<0:7.76.1-14.el9_0.5
debian/curl<=7.64.0-4+deb10u2
and 57 more
CVE-2022-28615
An out-of-bounds read vulnerability was found in httpd. A very large input to the ap_strcmp_match function can lead to an integer overflow and result in an out-of-bounds read.
Apache HTTP server<=2.4.53
Fedoraproject Fedora=35
Fedoraproject Fedora=36
NetApp Clustered Data ONTAP
redhat/jbcs-httpd24-httpd<0:2.4.51-37.el8
redhat/jbcs-httpd24-httpd<0:2.4.51-37.el7
and 2 more
CVE-2022-29404
A flaw was found in the mod_lua module of httpd. A malicious request to a Lua script that calls parsebody(0) can lead to a denial of service due to no default limit on the possible input size.
redhat/httpd<2.4.54
redhat/httpd<0:2.4.53-7.el9
redhat/httpd24-httpd<0:2.4.34-23.el7.5
Apache HTTP server<=2.4.53
Fedoraproject Fedora=35
Fedoraproject Fedora=36
and 1 more
CVE-2022-30522
A flaw was found in the mod_sed module of httpd. A very large input to the mod_sed module can result in a denial of service due to excessively large memory allocations.
Apache HTTP server=2.4.53
NetApp Clustered Data ONTAP
Fedoraproject Fedora=35
Fedoraproject Fedora=36
redhat/jbcs-httpd24-httpd<0:2.4.51-37.el8
redhat/jbcs-httpd24-httpd<0:2.4.51-37.el7
and 2 more
CVE-2022-31813
A flaw was found in the mod_proxy module of httpd. The server may remove the X-Forwarded-* headers from a request based on the client-side Connection header hop-by-hop mechanism.
Apache HTTP server<=2.4.53
NetApp Clustered Data ONTAP
Fedoraproject Fedora=35
Fedoraproject Fedora=36
redhat/jbcs-httpd24-httpd<0:2.4.51-37.el8
redhat/jbcs-httpd24-httpd<0:2.4.51-37.el7
and 2 more
CVE-2022-30556
Apache HTTP Server could allow a remote attacker to obtain sensitive information, caused by an error in mod_lua with websockets. An attacker could exploit this vulnerability to return lengths to appli...
redhat/httpd<2.4.54
redhat/httpd<0:2.4.53-7.el9
redhat/httpd24-httpd<0:2.4.34-23.el7.5
Apache HTTP server<=2.4.53
NetApp Clustered Data ONTAP
Fedoraproject Fedora=35
and 1 more
CVE-2022-28614
An out-of-bounds read vulnerability was found in httpd. A very large input to the ap_rputs and ap_rwrite functions can lead to an integer overflow and result in an out-of-bounds read.
redhat/jbcs-httpd24-httpd<0:2.4.51-37.el8
redhat/jbcs-httpd24-httpd<0:2.4.51-37.el7
redhat/httpd<0:2.4.53-7.el9
redhat/httpd24-httpd<0:2.4.34-23.el7.5
Apache HTTP server<=2.4.53
Fedoraproject Fedora=35
and 2 more
CVE-2022-26377
An HTTP request smuggling vulnerability was found in the mod_proxy_ajp module of httpd. This flaw allows an attacker to smuggle requests to the AJP server, where it forwards requests.
redhat/httpd<2.4.54
redhat/jbcs-httpd24-httpd<0:2.4.51-37.el8
redhat/jbcs-httpd24-httpd<0:2.4.51-37.el7
redhat/httpd<0:2.4.53-7.el9
redhat/httpd24-httpd<0:2.4.34-23.el7.5
Apache HTTP server>=2.4.0<=2.4.53
and 3 more
CVE-2022-30115
Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure clear-text HTTP step even when HTTP is provided in theURL. This mechanism could be bypassed if the host...
Haxx Curl>=7.82.0<7.83.1
Netapp Hci Bootstrap Os
Netapp Hci Compute Node
NetApp Clustered Data ONTAP
IBM Cloud Pak for Business Automation
IBM Cloud Pak for Business Automation
and 21 more
CVE-2022-27780
The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a *different* URL usingthe wrong host name when it is later retrieved.Fo...
Haxx Curl>=7.80.0<7.83.1
Netapp Hci Bootstrap Os
Netapp Hci Compute Node
NetApp Clustered Data ONTAP
IBM Cloud Pak for Business Automation
IBM Cloud Pak for Business Automation
and 21 more
CVE-2022-27779
libcurl wrongly allows cookies to be set for Top Level Domains (TLDs) if thehost name is provided with a trailing dot.curl can be told to receive and send cookies. curl's "cookie engine" can bebuilt w...
Haxx Curl>=7.82.0<7.83.1
Netapp Hci Bootstrap Os
Netapp Hci Compute Node
NetApp Clustered Data ONTAP
IBM Cloud Pak for Business Automation
IBM Cloud Pak for Business Automation
and 22 more
CVE-2022-27778
A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with `--remove-on-error`.
Haxx Curl=7.83.0
Apple iPadOS
Apple watchOS
NetApp Clustered Data ONTAP
NetApp OnCommand Insight
NetApp OnCommand Workflow Automation
and 27 more
CVE-2022-27781
libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make lib...
redhat/jbcs-httpd24-curl<0:7.86.0-2.el8
redhat/jbcs-httpd24-curl<0:7.86.0-2.el7
debian/curl<=7.64.0-4+deb10u2
redhat/curl<7.83.1
Haxx Curl<7.83.1
Debian Debian Linux=10.0
and 28 more
CVE-2022-1473
A memory leak flaw was found in OpenSSL, resulting in TLS servers and clients being halted by out-of-memory conditions, leading to a denial of service. An attacker needs to repeat actions continuously...
rust/openssl-src>=300.0.0<300.0.6
redhat/openssl<1:3.0.1-41.el9_0
OpenSSL OpenSSL>=3.0.0<3.0.3
Netapp Active Iq Unified Manager
NetApp Clustered Data ONTAP
Netapp Clustered Data Ontap Antivirus Connector
and 80 more
CVE-2022-1292
The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. O...
redhat/jbcs-httpd24-openssl<1:1.1.1k-13.el8
redhat/jbcs-httpd24-openssl<1:1.1.1k-13.el7
redhat/openssl<1:1.1.1k-7.el8_6
redhat/openssl<1:3.0.1-41.el9_0
redhat/jws5-tomcat-native<0:1.2.31-11.redhat_11.el7
redhat/jws5-tomcat-native<0:1.2.31-11.redhat_11.el8
and 108 more
CVE-2022-29824
In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation r...
redhat/libxml2<0:2.9.7-13.el8_6.1
redhat/libxml2<0:2.9.13-1.el9_0.1
debian/libxml2<=2.9.10+dfsg-6.7<=2.9.10+dfsg-6.7+deb11u1<=2.9.4+dfsg1-7+deb10u3<=2.9.13+dfsg-1<=2.9.4+dfsg1-7
debian/libxml2
redhat/libxml2<2.9.14
Xmlsoft Libxml2<2.9.14
and 27 more
CVE-2022-1434
The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This makes the MAC key trivially predictable. An attacker could exploit this issue by performing...
OpenSSL OpenSSL>=3.0.0<3.0.3
Netapp Active Iq Unified Manager
NetApp Clustered Data ONTAP
Netapp Clustered Data Ontap Antivirus Connector
Netapp Santricity Smi-s Provider
Netapp Smi-s Provider
and 77 more
CVE-2022-1343
The function `OCSP_basic_verify` verifies the signer certificate on an OCSP response. In the case where the (non-default) flag OCSP_NOCHECKS is used then the response will be positive (meaning a succe...
redhat/openssl<1:3.0.1-41.el9_0
OpenSSL OpenSSL>=3.0.0<3.0.3
Netapp Active Iq Unified Manager
NetApp Clustered Data ONTAP
Netapp Clustered Data Ontap Antivirus Connector
Netapp Santricity Smi-s Provider
and 79 more
CVE-2022-22576
An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was aut...
debian/curl<=7.64.0-4+deb10u2
debian/curl<=7.82.0-2<=7.74.0-1.3+deb11u1<=7.64.0-4+deb10u2
Haxx Curl>=7.33.0<7.83.0
Debian Debian Linux=10.0
Debian Debian Linux=11.0
NetApp Clustered Data ONTAP
and 26 more
CVE-2022-27774
An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is u...
debian/curl<=7.64.0-4+deb10u2
debian/curl<=7.64.0-4+deb10u2<=7.74.0-1.3+deb11u1<=7.82.0-2
Haxx Curl>=4.9<=7.82.0
Debian Debian Linux=10.0
Debian Debian Linux=11.0
Netapp Hci Bootstrap Os
and 26 more
CVE-2022-27775
An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a conne...
debian/curl
debian/curl<=7.74.0-1.3+deb11u1<=7.82.0-2
Haxx Curl>=7.65.0<=7.82.0
Debian Debian Linux=11.0
Netapp Hci Bootstrap Os
Netapp Hci Compute Node
and 25 more
CVE-2022-27776
A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number.
debian/curl<=7.64.0-4+deb10u2
debian/curl<=7.74.0-1.3+deb11u1<=7.64.0-4+deb10u2<=7.82.0-2
Haxx Curl<7.83.0
Fedoraproject Fedora=36
Fedoraproject Fedora=37
Debian Debian Linux=10.0
and 28 more
CVE-2022-0778
A flaw was found in OpenSSL. It is possible to trigger an infinite loop by crafting a certificate that has invalid elliptic curve parameters. Since certificate parsing happens before verification of t...
redhat/jbcs-httpd24-apr-util<0:1.6.1-91.el8
redhat/jbcs-httpd24-curl<0:7.78.0-3.el8
redhat/jbcs-httpd24-httpd<0:2.4.37-80.el8
redhat/jbcs-httpd24-nghttp2<0:1.39.2-41.el8
redhat/jbcs-httpd24-openssl<1:1.1.1g-11.el8
redhat/jbcs-httpd24-openssl-chil<0:1.0.0-11.el8
and 83 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203