Vulnerabilities > Netapp > Ontap Tools
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-07 | CVE-2024-38286 | Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.13 through 9.0.89. | 7.5 |
| 2024-10-28 | CVE-2024-49761 | REXML is an XML toolkit for Ruby. | 7.5 |
| 2024-09-03 | CVE-2024-6119 | Type Confusion vulnerability in multiple products Issue summary: Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process. Impact summary: Abnormal termination of an application can a cause a denial of service. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address when comparing the expected name with an `otherName` subject alternative name of an X.509 certificate. | 7.5 |
| 2024-07-05 | CVE-2024-39689 | Insufficient Verification of Data Authenticity vulnerability in multiple products Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. | 7.5 |
| 2024-07-01 | CVE-2024-6387 | Race Condition vulnerability in multiple products A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). | 8.1 |
| 2024-03-10 | CVE-2024-28757 | XML Entity Expansion vulnerability in multiple products libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate). | 7.5 |
| 2024-03-07 | CVE-2024-1351 | Improper Certificate Validation vulnerability in multiple products Under certain configurations of --tlsCAFile and tls.CAFile, MongoDB Server may skip peer certificate validation which may result in untrusted connections to succeed. | 9.8 |
| 2024-01-15 | CVE-2024-0565 | Integer Underflow (Wrap or Wraparound) vulnerability in multiple products An out-of-bounds memory read flaw was found in receive_encrypted_standard in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux Kernel. | 7.4 |
| 2023-08-07 | CVE-2023-36054 | Access of Uninitialized Pointer vulnerability in multiple products lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. | 6.5 |
| 2023-05-30 | CVE-2023-2953 | NULL Pointer Dereference vulnerability in multiple products A vulnerability was found in openldap. | 7.5 |