Filtered by vendor Netapp Subscriptions
Filtered by product Ontap Subscriptions
Total 4 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-27316 4 Apache, Fedoraproject, Netapp and 1 more 7 Http Server, Fedora, Ontap and 4 more 2024-11-21 7.5 High
HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion.
CVE-2023-4408 4 Fedoraproject, Isc, Netapp and 1 more 8 Fedora, Bind, Ontap and 5 more 2024-11-21 7.5 High
The DNS message parsing code in `named` includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queries and responses may cause excessive CPU load on the affected `named` instance by exploiting this flaw. This issue affects both authoritative servers and recursive resolvers. This issue affects BIND 9 versions 9.0.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.
CVE-2023-27536 6 Debian, Fedoraproject, Haxx and 3 more 16 Debian Linux, Fedora, Libcurl and 13 more 2024-11-21 5.9 Medium
An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the CURLOPT_GSSAPI_DELEGATION option has been changed.
CVE-2023-27317 1 Netapp 1 Ontap 2024-11-21 4.3 Medium
ONTAP 9 versions 9.12.1P8, 9.13.1P4, and 9.13.1P5 are susceptible to a vulnerability which will cause all SAS-attached FIPS 140-2 drives to become unlocked after a system reboot or power cycle or a single SAS-attached FIPS 140-2 drive to become unlocked after reinsertion. This could lead to disclosure of sensitive information to an attacker with physical access to the unlocked drives.