📦 Clustered Data Ontap

A substitution encoding vulnerability in Apache HTTP Server's mod_rewrite module allows attackers to bypass security restrictions and execute scripts in directories that should be protected. This affe...

Apache HTTP Server 2.4.59 and earlier contain a vulnerability where malicious response headers from backend applications can lead to information disclosure, server-side request forgery (SSRF), or loca...

A vulnerability in curl versions before 7.88.0 causes HSTS (HTTP Strict Transport Security) to fail when processing multiple URLs sequentially on the same command line. This allows sensitive informati...

This vulnerability in libcurl allows an attacker to cause memory corruption or data leakage when reusing a handle from a PUT to a POST request. Applications using libcurl for HTTP(S) transfers with re...

CVE-2022-32207 is a privilege escalation vulnerability in curl versions before 7.84.0 where file permission widening occurs during atomic file operations. When curl saves cookies, alt-svc, or hsts dat...

This vulnerability in Apache HTTP Server 2.4.53 and earlier could cause crashes or information disclosure due to a buffer overflow in the ap_strcmp_match() function. Only systems using third-party mod...

This vulnerability in Apache HTTP Server allows attackers to bypass IP-based authentication by manipulating the Connection header to prevent X-Forwarded-* headers from reaching origin servers. It affe...

CVE-2022-23852 is a signed integer overflow vulnerability in Expat (libexpat) XML parser that can lead to buffer overflow. When XML_CONTEXT_BYTES is configured to a nonzero value, XML_GetBuffer can ov...

CVE-2021-39275 is a critical buffer overflow vulnerability in Apache HTTP Server's ap_escape_quotes() function that could allow remote code execution or denial of service. The vulnerability affects Ap...

This vulnerability in NetApp ONTAP allows authenticated users with multiple remote accounts to perform REST API actions beyond their intended privileges. Affected users can view configuration details,...

This vulnerability in OpenLDAP causes a null pointer dereference in the ber_memalloc_x() function, which can lead to denial of service (DoS) by crashing the LDAP service. Any system running vulnerable...

CVE-2023-28319 is a use-after-free vulnerability in curl/libcurl versions before 8.1.0 that occurs during SSH server public key verification. When verification fails, curl frees memory containing the ...

A vulnerability in curl versions before 8.0 allows attackers to inject malicious content during TELNET protocol negotiation when user input is accepted. This could lead to arbitrary code execution on ...

This HTTP request smuggling vulnerability in Apache HTTP Server's mod_proxy_ajp module allows attackers to bypass security controls and smuggle malicious requests to backend AJP servers. It affects Ap...

CVE-2022-30556 is a buffer overflow vulnerability in Apache HTTP Server's r:wsread() function that can cause memory corruption. It affects Apache HTTP Server versions 2.4.53 and earlier. Attackers cou...

The curl URL parser incorrectly accepts percent-encoded URL separators like '/' in hostnames, allowing attackers to bypass filters and checks by making malicious URLs appear legitimate. This affects a...

This curl vulnerability allows information disclosure when an attacker can force curl to reuse an existing IPv6 connection from the pool with a different zone identifier, potentially exposing sensitiv...

This vulnerability in curl versions before 7.83.1 could cause the wrong file to be deleted when using the --no-clobber option with --remove-on-error. It affects systems using curl with these specific ...

CVE-2022-1292 is a command injection vulnerability in the c_rehash script distributed with OpenSSL. It allows attackers to execute arbitrary commands with script privileges when the script processes u...

A memory leak vulnerability in OpenSSL's OPENSSL_LH_flush() function causes unbounded memory growth when processing certificates or keys. This affects long-lived processes like TLS clients/servers usi...

CVE-2022-0778 is a denial-of-service vulnerability in OpenSSL's BN_mod_sqrt() function that can cause infinite loops when parsing specially crafted certificates or private keys containing invalid elli...

CVE-2022-23308 is a use-after-free vulnerability in libxml2's validation component that allows attackers to potentially execute arbitrary code or cause denial of service. It affects applications that ...

CVE-2021-46143 is an integer overflow vulnerability in Expat's XML parser that can lead to heap memory corruption. Attackers can exploit this by providing specially crafted XML input, potentially caus...

CVE-2021-36160 is an out-of-bounds read vulnerability in Apache HTTP Server's mod_proxy_uwsgi module. A specially crafted URI path can cause the server to read beyond allocated memory boundaries, lead...

This OpenSSL vulnerability allows attackers to cause buffer overruns when applications directly construct ASN.1 strings without proper NUL termination. Exploitation can lead to denial of service or me...

This vulnerability allows attackers to trick libcurl applications into using a malicious client certificate instead of the intended one when running in writable directories like /tmp. It affects appli...

This is a use-after-free vulnerability in FreeBSD's ICMPv6 network stack that allows attackers to potentially execute arbitrary code or cause denial of service. It affects FreeBSD systems with IPv6 en...

CVE-2021-3516 is a use-after-free vulnerability in libxml2's xmllint tool that allows attackers to execute arbitrary code or cause denial of service by submitting specially crafted XML files. This aff...

A use-after-free vulnerability in libxml2 versions before 2.9.11 allows attackers to submit crafted XML files to applications using this library, potentially leading to arbitrary code execution. This ...

This vulnerability in curl versions before 8.1.0 causes information disclosure when reusing a handle between PUT and POST requests. It affects applications using libcurl for HTTP(S) transfers where th...