Skip to main content

Clustered Data Ontap

159 CVEs product

Monthly

CVE-2024-21985 HIGH This Week

ONTAP 9 versions prior to 9.9.1P18, 9.10.1P16, 9.11.1P13, 9.12.1P10 and 9.13.1P4 are susceptible to a vulnerability which could allow an authenticated user with multiple remote accounts with. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Clustered Data Ontap
NVD
CVSS 3.1
7.6
EPSS
0.3%
CVE-2024-21982 MEDIUM Monitor

ONTAP versions 9.4 and higher are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information to unprivileged attackers when the object-store. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Clustered Data Ontap
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-27314 HIGH This Week

ONTAP 9 versions prior to 9.8P19, 9.9.1P16, 9.10.1P12, 9.11.1P8, 9.12.1P2 and 9.13.1 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to cause a crash of the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Clustered Data Ontap
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-36054 MEDIUM PATCH This Month

lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Memory Corruption Denial Of Service Kerberos 5 Debian Linux Active Iq Unified Manager +4
NVD GitHub
CVSS 3.1
6.5
EPSS
2.8%
CVE-2023-3107 HIGH This Week

A set of carefully crafted ipv6 packets can trigger an integer overflow in the calculation of a fragment reassembled packet's payload length field. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Freebsd Clustered Data Ontap
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-38403 HIGH PATCH This Week

iperf3 before 3.14 allows peers to cause an integer overflow and heap corruption via a crafted length field. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Buffer Overflow Iperf3 Debian Linux Fedora +3
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2023-2953 HIGH This Week

A vulnerability was found in openldap. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Openldap Enterprise Linux macOS +8
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2023-28322 LOW POC Monitor

An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Curl Fedora macOS Clustered Data Ontap +5
NVD
CVSS 3.1
3.7
EPSS
2.2%
CVE-2023-28321 MEDIUM POC This Month

An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Curl Debian Linux Fedora Clustered Data Ontap +6
NVD
CVSS 3.1
5.9
EPSS
1.8%
CVE-2023-28320 MEDIUM POC This Month

A denial of service vulnerability exists in curl <v8.1.0 in the way libcurl provides several different backends for resolving host names, selected at build time. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Denial Of Service Curl macOS Clustered Data Ontap Ontap Antivirus Connector +4
NVD
CVSS 3.1
5.9
EPSS
2.7%
CVE-2023-28319 HIGH POC This Week

A use after free vulnerability exists in curl <v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption Curl macOS +6
NVD
CVSS 3.1
7.5
EPSS
2.5%
CVE-2023-27538 MEDIUM POC This Month

An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Libcurl Fedora Debian Linux Active Iq Unified Manager +7
NVD
CVSS 3.1
5.5
EPSS
1.2%
CVE-2023-27537 MEDIUM POC This Month

A double free vulnerability exists in libcurl <8.0.0 when sharing HSTS data between separate "handles". Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Libcurl Active Iq Unified Manager Clustered Data Ontap Brocade Fabric Operating System Firmware +5
NVD
CVSS 3.1
5.9
EPSS
1.9%
CVE-2023-27533 HIGH POC This Week

A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Curl Fedora Active Iq Unified Manager Clustered Data Ontap +5
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2023-23916 MEDIUM POC This Month

An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the "chained" HTTP compression algorithms, meaning that a server response can be compressed. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Curl Fedora Debian Linux H300s Firmware +5
NVD
CVSS 3.1
6.5
EPSS
1.7%
CVE-2023-23915 MEDIUM This Month

A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality to behave incorrectly when multiple URLs are requested in parallel. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Curl Active Iq Unified Manager Clustered Data Ontap H300s Firmware +4
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-23914 CRITICAL POC Act Now

A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality fail when multiple URLs are requested serially. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Curl Active Iq Unified Manager Clustered Data Ontap H300s Firmware +4
NVD
CVSS 3.1
9.1
EPSS
0.9%
CVE-2022-35260 MEDIUM POC This Month

curl can be told to parse a `.netrc` file for credentials. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Curl Clustered Data Ontap H300s Firmware +5
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2022-32221 CRITICAL POC Act Now

When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Curl Clustered Data Ontap H300s Firmware H500s Firmware +5
NVD
CVSS 3.1
9.8
EPSS
4.3%
CVE-2022-40304 HIGH PATCH This Week

An issue was discovered in libxml2 before 2.10.3. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Libxml2 Active Iq Unified Manager Clustered Data Ontap Clustered Data Ontap Antivirus Connector +13
NVD
CVSS 3.1
7.8
EPSS
6.8%
CVE-2022-40303 HIGH PATCH This Week

An issue was discovered in libxml2 before 2.10.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Buffer Overflow Libxml2 Active Iq Unified Manager Clustered Data Ontap +14
NVD
CVSS 3.1
7.5
EPSS
22.8%
CVE-2022-3602 Cargo HIGH PATCH Act Now

A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 83.2%.

RCE Denial Of Service OpenSSL Buffer Overflow Memory Corruption +3
NVD VulDB
CVSS 3.1
7.5
EPSS
83.2%
Threat
4.0
CVE-2022-23241 HIGH This Week

Clustered Data ONTAP versions 9.11.1 through 9.11.1P2 with SnapLock configured FlexGroups are susceptible to a vulnerability which could allow an authenticated remote attacker to arbitrarily modify. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Clustered Data Ontap
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2022-35252 LOW POC Monitor

When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Curl Clustered Data Ontap Element Software Hci Management Node +9
NVD
CVSS 3.1
3.7
EPSS
1.8%
CVE-2022-32208 MEDIUM POC This Month

When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Code Injection Curl Fedora Debian Linux Clustered Data Ontap +10
NVD
CVSS 3.1
5.9
EPSS
6.8%
CVE-2022-32207 CRITICAL POC Act Now

When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Curl Fedora Debian Linux Clustered Data Ontap +10
NVD
CVSS 3.1
9.8
EPSS
6.8%
CVE-2022-32206 MEDIUM POC PATCH THREAT This Month

curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Curl Fedora Debian Linux Clustered Data Ontap +15
NVD
CVSS 3.1
6.5
EPSS
32.0%
CVE-2022-32205 MEDIUM POC PATCH THREAT This Month

A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Curl Fedora Debian Linux Clustered Data Ontap +15
NVD
CVSS 3.1
4.3
EPSS
26.9%
CVE-2022-31813 CRITICAL POC Act Now

Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Apache Http Server Clustered Data Ontap Fedora
NVD
CVSS 3.1
9.8
EPSS
3.1%
CVE-2022-30556 HIGH This Week

Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Http Server Clustered Data Ontap Fedora
NVD
CVSS 3.1
7.5
EPSS
4.7%
CVE-2022-30522 HIGH This Week

If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large, mod_sed may make excessively large memory allocations and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Http Server Clustered Data Ontap Fedora
NVD
CVSS 3.1
7.5
EPSS
90.4%
CVE-2022-29404 HIGH This Week

In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apache Http Server Fedora Clustered Data Ontap
NVD
CVSS 3.1
7.5
EPSS
5.7%
CVE-2022-28615 CRITICAL Act Now

Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Integer Overflow Apache Http Server Fedora +1
NVD
CVSS 3.1
9.1
EPSS
5.7%
CVE-2022-28614 MEDIUM This Month

The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Apache Information Disclosure Http Server Fedora +1
NVD
CVSS 3.1
5.3
EPSS
4.4%
CVE-2022-26377 HIGH This Week

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apache Request Smuggling Http Server Fedora +1
NVD
CVSS 3.1
7.5
EPSS
19.0%
CVE-2022-30115 MEDIUM POC PATCH This Month

Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure clear-text HTTP step even when HTTP is provided in theURL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Curl Hci Bootstrap Os Clustered Data Ontap Solidfire Enterprise Sds Hci Storage Node +6
NVD
CVSS 3.1
4.3
EPSS
1.1%
CVE-2022-27780 HIGH POC This Week

The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a *different* URL usingthe wrong host name when it is later. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Curl Hci Bootstrap Os Clustered Data Ontap Solidfire Enterprise Sds Hci Storage Node +6
NVD
CVSS 3.1
7.5
EPSS
2.2%
CVE-2022-27779 MEDIUM POC This Month

libcurl wrongly allows cookies to be set for Top Level Domains (TLDs) if thehost name is provided with a trailing dot.curl can be told to receive and send cookies. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Curl Hci Bootstrap Os Clustered Data Ontap Solidfire Enterprise Sds Hci Storage Node +7
NVD
CVSS 3.1
5.3
EPSS
2.4%
CVE-2022-27778 HIGH POC PATCH This Week

A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with `--remove-on-error`. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Curl Active Iq Unified Manager Clustered Data Ontap Oncommand Insight +10
NVD
CVSS 3.1
8.1
EPSS
3.5%
CVE-2022-27776 MEDIUM POC This Month

A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Curl Fedora Debian Linux Hci Bootstrap Os +9
NVD
CVSS 3.1
6.5
EPSS
3.4%
CVE-2022-27775 HIGH POC This Week

An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Curl Debian Linux Hci Bootstrap Os Clustered Data Ontap +9
NVD VulDB
CVSS 3.1
7.5
EPSS
0.2%
CVE-2022-1473 Cargo HIGH PATCH This Week

The OPENSSL_LH_flush() function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service OpenSSL Active Iq Unified Manager Clustered Data Ontap Clustered Data Ontap Antivirus Connector +22
NVD
CVSS 3.1
7.5
EPSS
2.4%
CVE-2022-1434 Cargo MEDIUM PATCH This Month

The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

OpenSSL Information Disclosure Active Iq Unified Manager Clustered Data Ontap Clustered Data Ontap Antivirus Connector +22
NVD
CVSS 3.1
5.9
EPSS
1.0%
CVE-2022-1343 Cargo MEDIUM PATCH This Month

The function `OCSP_basic_verify` verifies the signer certificate on an OCSP response. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

OpenSSL Information Disclosure Active Iq Unified Manager Clustered Data Ontap Clustered Data Ontap Antivirus Connector +22
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2022-1292 HIGH This Week

The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Command Injection OpenSSL Brownfield Connectivity Gateway Debian Linux Active Iq Unified Manager +31
NVD
CVSS 3.1
7.3
EPSS
83.2%
CVE-2022-29824 MEDIUM POC PATCH This Month

In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Buffer Overflow Libxml2 Libxslt Fedora +16
NVD
CVSS 3.1
6.5
EPSS
3.6%
CVE-2022-0778 Cargo HIGH POC PATCH CISA Act Now

The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service OpenSSL Debian Linux Cloud Volumes Ontap Mediator Clustered Data Ontap +9
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
7.8%
Threat
5.2
CVE-2022-23308 HIGH PATCH This Week

valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Information Disclosure Libxml2 Fedora +33
NVD GitHub
CVSS 3.1
7.5
EPSS
6.0%
CVE-2021-21707 MEDIUM POC PATCH THREAT This Month

In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file(), URL-decode the filename passed to them. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP Information Disclosure Clustered Data Ontap Debian Linux Tenable Sc
NVD
CVSS 3.1
5.3
EPSS
26.0%
CVE-2021-21703 HIGH POC PATCH This Week

In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running. Rated high severity (CVSS 7.0). Public exploit code available.

PHP Authentication Bypass Debian Linux Fedora Clustered Data Ontap +1
NVD
CVSS 3.1
7.0
EPSS
1.3%
CVE-2021-27001 MEDIUM This Month

Clustered Data ONTAP versions 9.x prior to 9.5P18, 9.6P16, 9.7P16, 9.8P7 and 9.9.1P2 are susceptible to a vulnerability which could allow an authenticated privileged local attacker to arbitrarily. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Clustered Data Ontap
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-27003 MEDIUM This Month

Clustered Data ONTAP versions prior to 9.5P18, 9.6P15, 9.7P14, 9.8P5 and 9.9.1 are missing an X-Frame-Options header which could allow a clickjacking attack. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Clustered Data Ontap
NVD
CVSS 3.1
4.7
EPSS
0.6%
CVE-2021-21705 MEDIUM POC PATCH This Month

In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using URL validation functionality via filter_var() function with FILTER_VALIDATE_URL parameter, an URL with invalid. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP Information Disclosure Clustered Data Ontap Sd Wan Aware
NVD
CVSS 3.1
5.3
EPSS
1.9%
CVE-2021-21704 MEDIUM POC This Month

In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using Firebird PDO driver extension, a malicious database server could cause crashes in various database functions,. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service PHP Information Disclosure Clustered Data Ontap
NVD
CVSS 3.1
5.9
EPSS
1.7%
CVE-2021-22947 MEDIUM POC PATCH This Month

When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Code Injection Curl Fedora Debian Linux Cloud Backup +22
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2021-22946 HIGH POC PATCH This Week

A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Curl Debian Linux Fedora Cloud Backup +25
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2021-41617 HIGH PATCH This Week

sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Rated high severity (CVSS 7.0).

SSH Privilege Escalation Openssh Fedora Active Iq Unified Manager +9
NVD VulDB
CVSS 3.1
7.0
EPSS
0.3%
CVE-2021-22945 CRITICAL POC PATCH Act Now

When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Libcurl Fedora Cloud Backup Clustered Data Ontap +13
NVD
CVSS 3.1
9.1
EPSS
6.2%
CVE-2021-40438 CRITICAL POC KEV PATCH THREAT Act Now

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user.4.48 and earlier. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

Apache SSRF Rocky Linux Enterprise Linux Enterprise Linux Eus +35
NVD
CVSS 3.1
9.0
EPSS
100.0%
CVE-2021-39275 CRITICAL PATCH Act Now

ap_escape_quotes() may write beyond the end of a buffer when given malicious input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Apache Memory Corruption Http Server Fedora +8
NVD
CVSS 3.1
9.8
EPSS
36.3%
CVE-2021-36160 HIGH PATCH This Week

A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS).4.30 to 2.4.48 (inclusive). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Apache Information Disclosure Http Server Fedora +10
NVD
CVSS 3.1
7.5
EPSS
62.9%
CVE-2021-34798 HIGH PATCH This Week

Malformed requests may cause the server to dereference a NULL pointer.4.48 and earlier. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Apache Denial Of Service Http Server Fedora +15
NVD
CVSS 3.1
7.5
EPSS
64.5%
CVE-2016-20012 MEDIUM POC PATCH THREAT This Month

OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 14.6%.

SSH Information Disclosure Openssh Clustered Data Ontap Hci Management Node +2
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
14.6%
CVE-2021-3711 Cargo CRITICAL PATCH Act Now

In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow OpenSSL Debian Linux Active Iq Unified Manager Clustered Data Ontap +27
NVD
CVSS 3.1
9.8
EPSS
87.8%
CVE-2021-22926 HIGH POC PATCH This Week

libcurl-using applications can ask for a specific client certificate to be used in a transfer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Apple Curl Active Iq Unified Manager Clustered Data Ontap +16
NVD VulDB
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-22924 LOW POC PATCH Monitor

libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Libcurl Fedora Debian Linux Cloud Backup +29
NVD
CVSS 3.1
3.7
EPSS
6.3%
CVE-2021-22923 MEDIUM POC PATCH This Month

When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Curl Fedora Cloud Backup Clustered Data Ontap +12
NVD
CVSS 3.1
5.3
EPSS
1.8%
CVE-2021-22922 MEDIUM POC PATCH This Month

When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the client how to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Curl Fedora Cloud Backup Clustered Data Ontap +12
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2021-3541 MEDIUM PATCH This Month

A flaw was found in libxml2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Libxml2 Jboss Core Services Zfs Storage Appliance Kit Active Iq Unified Manager +15
NVD
CVSS 3.1
6.5
EPSS
1.9%
CVE-2021-26994 MEDIUM This Month

Clustered Data ONTAP versions prior to 9.7P13 and 9.8P3 are susceptible to a vulnerability which could allow single workloads to cause a Denial of Service (DoS) on a cluster node. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Clustered Data Ontap
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-3516 HIGH POC PATCH This Week

There's a flaw in libxml2's xmllint in versions before 2.9.11. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Use After Free Memory Corruption Information Disclosure Xmllint Debian Linux +7
NVD
CVSS 3.1
7.8
EPSS
2.0%
CVE-2021-3517 Ruby HIGH PATCH This Week

There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Libxml2 Jboss Core Services Enterprise Linux +25
NVD
CVSS 3.1
8.6
EPSS
8.3%
CVE-2021-3518 Ruby HIGH PATCH This Week

There's a flaw in libxml2 in versions before 2.9.11. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Information Disclosure Libxml2 Debian Linux +16
NVD
CVSS 3.1
8.8
EPSS
3.7%
CVE-2021-3537 Ruby MEDIUM PATCH This Month

A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Libxml2 Jboss Core Services Enterprise Linux +16
NVD
CVSS 3.1
5.9
EPSS
3.5%
CVE-2021-21702 HIGH PATCH This Week

In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to connect to a SOAP server, a malicious SOAP server could return malformed XML data as a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference PHP Denial Of Service Debian Linux Clustered Data Ontap +1
NVD
CVSS 3.1
7.5
EPSS
3.2%
CVE-2020-8286 HIGH POC PATCH This Week

curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Libcurl Fedora Debian Linux Clustered Data Ontap +13
NVD
CVSS 3.1
7.5
EPSS
4.6%
CVE-2020-8285 HIGH POC PATCH This Week

curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Libcurl Debian Linux Fedora Clustered Data Ontap +19
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2020-8284 LOW PATCH Monitor

A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Curl Fedora Debian Linux Clustered Data Ontap +19
NVD
CVSS 3.1
3.7
EPSS
0.1%
CVE-2020-8698 MEDIUM This Month

Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Intel Information Disclosure Microcode Clustered Data Ontap Hci Compute Node Bios +14
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-8696 MEDIUM This Month

Improper removal of sensitive information before storage or transfer in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Intel Information Disclosure Microcode Clustered Data Ontap Hcl Compute Node Bios +4
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-0590 HIGH PATCH This Week

Improper input validation in BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Intel Xeon Bronze 3206R Firmware Xeon Gold 5218R Firmware Xeon Gold 5220R Firmware +134
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-8579 HIGH This Week

Clustered Data ONTAP versions 9.7 through 9.7P7 are susceptible to a vulnerability which allows an attacker with access to an intercluster LIF to cause a Denial of Service (DoS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Clustered Data Ontap
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-7070 MEDIUM POC This Month

In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Fedora Debian Linux Leap +3
NVD
CVSS 3.1
5.3
EPSS
5.0%
CVE-2020-7069 MEDIUM PATCH This Month

In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure PHP Fedora Debian Linux Leap +4
NVD
CVSS 3.1
6.5
EPSS
2.1%
CVE-2020-24718 HIGH POC This Week

bhyve, as used in FreeBSD through 12.1 and illumos (e.g., OmniOS CE through r151034 and OpenIndiana through Hipster 2020.04), does not properly restrict VMCS and VMCB read/write operations, as. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Intel Authentication Bypass Freebsd Omnios Openindiana +1
NVD GitHub
CVSS 3.1
8.2
EPSS
0.6%
CVE-2020-24977 MEDIUM POC PATCH This Month

GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Libxml2 Debian Linux Fedora +15
NVD
CVSS 3.1
6.5
EPSS
3.7%
CVE-2020-8576 MEDIUM This Month

Clustered Data ONTAP versions prior to 9.3P19, 9.5P14, 9.6P9 and 9.7 are susceptible to a vulnerability which when successfully exploited could lead to addition or modification of data or disclosure. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Clustered Data Ontap
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-11993 HIGH POC PATCH THREAT This Week

Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Apache Request Smuggling Information Disclosure Http Server Clustered Data Ontap +11
NVD
CVSS 3.1
7.5
EPSS
58.7%
CVE-2020-11984 CRITICAL POC THREAT Act Now

Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Apache Http Server Clustered Data Ontap Ubuntu Linux +10
NVD
CVSS 3.1
9.8
EPSS
90.0%
CVE-2020-14155 MEDIUM PATCH This Month

libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Integer Overflow Pcre macOS Gitlab +12
NVD
CVSS 3.1
5.3
EPSS
4.2%
EPSS 0% CVSS 7.6
HIGH This Week

ONTAP 9 versions prior to 9.9.1P18, 9.10.1P16, 9.11.1P13, 9.12.1P10 and 9.13.1P4 are susceptible to a vulnerability which could allow an authenticated user with multiple remote accounts with. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Clustered Data Ontap
NVD
EPSS 0% CVSS 4.8
MEDIUM Monitor

ONTAP versions 9.4 and higher are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information to unprivileged attackers when the object-store. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Clustered Data Ontap
NVD
EPSS 1% CVSS 7.5
HIGH This Week

ONTAP 9 versions prior to 9.8P19, 9.9.1P16, 9.10.1P12, 9.11.1P8, 9.12.1P2 and 9.13.1 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to cause a crash of the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Clustered Data Ontap
NVD
EPSS 3% CVSS 6.5
MEDIUM PATCH This Month

lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Memory Corruption Denial Of Service Kerberos 5 +6
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

A set of carefully crafted ipv6 packets can trigger an integer overflow in the calculation of a fragment reassembled packet's payload length field. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Freebsd +1
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

iperf3 before 3.14 allows peers to cause an integer overflow and heap corruption via a crafted length field. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Buffer Overflow Iperf3 +5
NVD GitHub
EPSS 2% CVSS 7.5
HIGH This Week

A vulnerability was found in openldap. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Openldap +10
NVD
EPSS 2% CVSS 3.7
LOW POC Monitor

An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Curl Fedora +7
NVD
EPSS 2% CVSS 5.9
MEDIUM POC This Month

An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Curl Debian Linux +8
NVD
EPSS 3% CVSS 5.9
MEDIUM POC This Month

A denial of service vulnerability exists in curl <v8.1.0 in the way libcurl provides several different backends for resolving host names, selected at build time. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Denial Of Service Curl macOS +6
NVD
EPSS 2% CVSS 7.5
HIGH POC This Week

A use after free vulnerability exists in curl <v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption +8
NVD
EPSS 1% CVSS 5.5
MEDIUM POC This Month

An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Libcurl Fedora +9
NVD
EPSS 2% CVSS 5.9
MEDIUM POC This Month

A double free vulnerability exists in libcurl <8.0.0 when sharing HSTS data between separate "handles". Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Libcurl Active Iq Unified Manager +7
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Curl Fedora +7
NVD
EPSS 2% CVSS 6.5
MEDIUM POC This Month

An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the "chained" HTTP compression algorithms, meaning that a server response can be compressed. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Curl Fedora +7
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality to behave incorrectly when multiple URLs are requested in parallel. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Curl Active Iq Unified Manager +6
NVD
EPSS 1% CVSS 9.1
CRITICAL POC Act Now

A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality fail when multiple URLs are requested serially. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Curl Active Iq Unified Manager +6
NVD
EPSS 2% CVSS 6.5
MEDIUM POC This Month

curl can be told to parse a `.netrc` file for credentials. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Curl +7
NVD
EPSS 4% CVSS 9.8
CRITICAL POC Act Now

When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Curl Clustered Data Ontap +7
NVD
EPSS 7% CVSS 7.8
HIGH PATCH This Week

An issue was discovered in libxml2 before 2.10.3. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Libxml2 Active Iq Unified Manager +15
NVD
EPSS 23% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in libxml2 before 2.10.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Buffer Overflow Libxml2 +16
NVD
EPSS 83% 4.0 CVSS 7.5
HIGH PATCH Act Now

A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 83.2%.

RCE Denial Of Service OpenSSL +5
NVD VulDB
EPSS 1% CVSS 8.1
HIGH This Week

Clustered Data ONTAP versions 9.11.1 through 9.11.1P2 with SnapLock configured FlexGroups are susceptible to a vulnerability which could allow an authenticated remote attacker to arbitrarily modify. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Clustered Data Ontap
NVD
EPSS 2% CVSS 3.7
LOW POC Monitor

When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Curl Clustered Data Ontap +11
NVD
EPSS 7% CVSS 5.9
MEDIUM POC This Month

When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Code Injection Curl Fedora +12
NVD
EPSS 7% CVSS 9.8
CRITICAL POC Act Now

When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Curl Fedora +12
NVD
EPSS 32% CVSS 6.5
MEDIUM POC PATCH THREAT This Month

curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Curl Fedora +17
NVD
EPSS 27% CVSS 4.3
MEDIUM POC PATCH THREAT This Month

A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Curl Fedora +17
NVD
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Apache Http Server +2
NVD
EPSS 5% CVSS 7.5
HIGH This Week

Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Http Server +2
NVD
EPSS 90% CVSS 7.5
HIGH This Week

If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large, mod_sed may make excessively large memory allocations and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Http Server +2
NVD
EPSS 6% CVSS 7.5
HIGH This Week

In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apache Http Server +2
NVD
EPSS 6% CVSS 9.1
CRITICAL Act Now

Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Integer Overflow Apache +3
NVD
EPSS 4% CVSS 5.3
MEDIUM This Month

The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Apache Information Disclosure +3
NVD
EPSS 19% CVSS 7.5
HIGH This Week

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apache Request Smuggling +3
NVD
EPSS 1% CVSS 4.3
MEDIUM POC PATCH This Month

Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure clear-text HTTP step even when HTTP is provided in theURL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Curl Hci Bootstrap Os +8
NVD
EPSS 2% CVSS 7.5
HIGH POC This Week

The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a *different* URL usingthe wrong host name when it is later. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Curl Hci Bootstrap Os +8
NVD
EPSS 2% CVSS 5.3
MEDIUM POC This Month

libcurl wrongly allows cookies to be set for Top Level Domains (TLDs) if thehost name is provided with a trailing dot.curl can be told to receive and send cookies. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Curl Hci Bootstrap Os +9
NVD
EPSS 3% CVSS 8.1
HIGH POC PATCH This Week

A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with `--remove-on-error`. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Curl Active Iq Unified Manager +12
NVD
EPSS 3% CVSS 6.5
MEDIUM POC This Month

A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Curl Fedora +11
NVD
EPSS 0% CVSS 7.5
HIGH POC This Week

An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Curl Debian Linux +11
NVD VulDB
EPSS 2% CVSS 7.5
HIGH PATCH This Week

The OPENSSL_LH_flush() function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service OpenSSL Active Iq Unified Manager +24
NVD
EPSS 1% CVSS 5.9
MEDIUM PATCH This Month

The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

OpenSSL Information Disclosure Active Iq Unified Manager +24
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

The function `OCSP_basic_verify` verifies the signer certificate on an OCSP response. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

OpenSSL Information Disclosure Active Iq Unified Manager +24
NVD
EPSS 83% CVSS 7.3
HIGH This Week

The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Command Injection OpenSSL Brownfield Connectivity Gateway +33
NVD
EPSS 4% CVSS 6.5
MEDIUM POC PATCH This Month

In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Buffer Overflow Libxml2 +18
NVD
EPSS 8% 5.2 CVSS 7.5
HIGH POC PATCH Act Now

The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service OpenSSL Debian Linux +11
NVD GitHub VulDB
EPSS 6% CVSS 7.5
HIGH PATCH This Week

valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Information Disclosure +35
NVD GitHub
EPSS 26% CVSS 5.3
MEDIUM POC PATCH THREAT This Month

In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file(), URL-decode the filename passed to them. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP Information Disclosure Clustered Data Ontap +2
NVD
EPSS 1% CVSS 7.0
HIGH POC PATCH This Week

In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running. Rated high severity (CVSS 7.0). Public exploit code available.

PHP Authentication Bypass Debian Linux +3
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Clustered Data ONTAP versions 9.x prior to 9.5P18, 9.6P16, 9.7P16, 9.8P7 and 9.9.1P2 are susceptible to a vulnerability which could allow an authenticated privileged local attacker to arbitrarily. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Clustered Data Ontap
NVD
EPSS 1% CVSS 4.7
MEDIUM This Month

Clustered Data ONTAP versions prior to 9.5P18, 9.6P15, 9.7P14, 9.8P5 and 9.9.1 are missing an X-Frame-Options header which could allow a clickjacking attack. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Clustered Data Ontap
NVD
EPSS 2% CVSS 5.3
MEDIUM POC PATCH This Month

In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using URL validation functionality via filter_var() function with FILTER_VALIDATE_URL parameter, an URL with invalid. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP Information Disclosure Clustered Data Ontap +1
NVD
EPSS 2% CVSS 5.9
MEDIUM POC This Month

In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using Firebird PDO driver extension, a malicious database server could cause crashes in various database functions,. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service PHP +2
NVD
EPSS 0% CVSS 5.9
MEDIUM POC PATCH This Month

When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Code Injection Curl Fedora +24
NVD
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Curl Debian Linux +27
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Rated high severity (CVSS 7.0).

SSH Privilege Escalation Openssh +11
NVD VulDB
EPSS 6% CVSS 9.1
CRITICAL POC PATCH Act Now

When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Libcurl Fedora +15
NVD
EPSS 100% CVSS 9.0
CRITICAL POC KEV PATCH THREAT Act Now

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user.4.48 and earlier. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

Apache SSRF Rocky Linux +37
NVD
EPSS 36% CVSS 9.8
CRITICAL PATCH Act Now

ap_escape_quotes() may write beyond the end of a buffer when given malicious input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Apache Memory Corruption +10
NVD
EPSS 63% CVSS 7.5
HIGH PATCH This Week

A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS).4.30 to 2.4.48 (inclusive). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Apache Information Disclosure +12
NVD
EPSS 65% CVSS 7.5
HIGH PATCH This Week

Malformed requests may cause the server to dereference a NULL pointer.4.48 and earlier. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Apache Denial Of Service +17
NVD
EPSS 15% CVSS 5.3
MEDIUM POC PATCH THREAT This Month

OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 14.6%.

SSH Information Disclosure Openssh +4
NVD GitHub VulDB
EPSS 88% CVSS 9.8
CRITICAL PATCH Act Now

In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow OpenSSL Debian Linux +29
NVD
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

libcurl-using applications can ask for a specific client certificate to be used in a transfer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Apple Curl +18
NVD VulDB
EPSS 6% CVSS 3.7
LOW POC PATCH Monitor

libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Libcurl Fedora +31
NVD
EPSS 2% CVSS 5.3
MEDIUM POC PATCH This Month

When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Curl Fedora +14
NVD
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Month

When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the client how to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Curl Fedora +14
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

A flaw was found in libxml2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Libxml2 Jboss Core Services +17
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Clustered Data ONTAP versions prior to 9.7P13 and 9.8P3 are susceptible to a vulnerability which could allow single workloads to cause a Denial of Service (DoS) on a cluster node. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Clustered Data Ontap
NVD
EPSS 2% CVSS 7.8
HIGH POC PATCH This Week

There's a flaw in libxml2's xmllint in versions before 2.9.11. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Use After Free Memory Corruption Information Disclosure +9
NVD
EPSS 8% CVSS 8.6
HIGH PATCH This Week

There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Libxml2 +27
NVD
EPSS 4% CVSS 8.8
HIGH PATCH This Week

There's a flaw in libxml2 in versions before 2.9.11. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Information Disclosure +18
NVD
EPSS 4% CVSS 5.9
MEDIUM PATCH This Month

A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Libxml2 +18
NVD
EPSS 3% CVSS 7.5
HIGH PATCH This Week

In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to connect to a SOAP server, a malicious SOAP server could return malformed XML data as a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference PHP Denial Of Service +3
NVD
EPSS 5% CVSS 7.5
HIGH POC PATCH This Week

curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Libcurl Fedora +15
NVD
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Libcurl Debian Linux +21
NVD GitHub
EPSS 0% CVSS 3.7
LOW PATCH Monitor

A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Curl Fedora +21
NVD
EPSS 1% CVSS 5.5
MEDIUM This Month

Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Intel Information Disclosure Microcode +16
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Improper removal of sensitive information before storage or transfer in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Intel Information Disclosure Microcode +6
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Improper input validation in BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Intel Xeon Bronze 3206R Firmware +136
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Clustered Data ONTAP versions 9.7 through 9.7P7 are susceptible to a vulnerability which allows an attacker with access to an intercluster LIF to cause a Denial of Service (DoS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Clustered Data Ontap
NVD
EPSS 5% CVSS 5.3
MEDIUM POC This Month

In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Fedora +5
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure PHP Fedora +6
NVD
EPSS 1% CVSS 8.2
HIGH POC This Week

bhyve, as used in FreeBSD through 12.1 and illumos (e.g., OmniOS CE through r151034 and OpenIndiana through Hipster 2020.04), does not properly restrict VMCS and VMCB read/write operations, as. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Intel Authentication Bypass Freebsd +3
NVD GitHub
EPSS 4% CVSS 6.5
MEDIUM POC PATCH This Month

GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Libxml2 +17
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

Clustered Data ONTAP versions prior to 9.3P19, 9.5P14, 9.6P9 and 9.7 are susceptible to a vulnerability which when successfully exploited could lead to addition or modification of data or disclosure. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Clustered Data Ontap
NVD
EPSS 59% CVSS 7.5
HIGH POC PATCH THREAT This Week

Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Apache Request Smuggling Information Disclosure +13
NVD
EPSS 90% CVSS 9.8
CRITICAL POC THREAT Act Now

Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Apache Http Server +12
NVD
EPSS 4% CVSS 5.3
MEDIUM PATCH This Month

libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Integer Overflow Pcre +14
NVD
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy