Vulnerabilities > Netapp > Ontap Tools

DATE CVE VULNERABILITY TITLE RISK
2024-11-07 CVE-2024-38286 Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.13 through 9.0.89.
network
low complexity
apache netapp
7.5
7.5
2024-10-28 CVE-2024-49761 REXML is an XML toolkit for Ruby.
network
low complexity
ruby-lang netapp
7.5
7.5
2024-07-05 CVE-2024-39689 Insufficient Verification of Data Authenticity vulnerability in multiple products
Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts.
network
low complexity
certifi netapp CWE-345
7.5
7.5
2024-07-01 CVE-2024-6387 Race Condition vulnerability in multiple products
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). 		8.1
8.1
2024-03-10 CVE-2024-28757 XML Entity Expansion vulnerability in multiple products
libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).
network
low complexity
libexpat-project fedoraproject netapp CWE-776
7.5
7.5
2024-03-07 CVE-2024-1351 Improper Certificate Validation vulnerability in multiple products
Under certain configurations of --tlsCAFile and tls.CAFile, MongoDB Server may skip peer certificate validation which may result in untrusted connections to succeed.
network
low complexity
mongodb netapp CWE-295
critical
 9.8
9.8
2024-01-15 CVE-2024-0565 Integer Underflow (Wrap or Wraparound) vulnerability in multiple products
An out-of-bounds memory read flaw was found in receive_encrypted_standard in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux Kernel.
low complexity
linux netapp CWE-191
7.4
7.4
2023-08-07 CVE-2023-36054 Access of Uninitialized Pointer vulnerability in multiple products
lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer.
network
low complexity
mit debian netapp CWE-824
6.5
6.5
2023-05-30 CVE-2023-2953 NULL Pointer Dereference vulnerability in multiple products
A vulnerability was found in openldap.
network
low complexity
openldap redhat apple netapp CWE-476
7.5
7.5
2021-12-10 CVE-2021-44228 Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. 10.0
10