Clustered data ontap

This hub aggregates every CVE we track for Clustered data ontap, a product in the hardware firmware space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Clustered data ontap.

• CVE-2024-38477Apache HTTP Server: Crash resulting in Denial of Service in mod_proxy via a malicious request7.5Jul 1, 2024
• CVE-2024-38476Apache HTTP Server may use exploitable/malicious backend application output to run local handlers via internal redirect9.8Jul 1, 2024
• CVE-2024-38474Apache HTTP Server weakness with encoded question marks in backreferences9.8Jul 1, 2024
• CVE-2024-21985Privilege Escalation Vulnerability in ONTAP 9 7.6Jan 26, 2024
• CVE-2024-21982 CVE-2024-21982 Information Disclosure Vulnerability in ONTAP 9 4.8Jan 11, 2024
• CVE-2023-27314Denial of Service Vulnerability in ONTAP 97.5Oct 12, 2023
• CVE-2023-36054lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs bec...6.5Aug 7, 2023
• CVE-2023-3107Remote denial of service in IPv6 fragment reassembly7.5Aug 1, 2023
• CVE-2023-38403iperf3 before 3.14 allows peers to cause an integer overflow and heap corruption via a crafted length field.7.5Jul 17, 2023
• CVE-2023-2953A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.7.5May 30, 2023
• CVE-2023-28322An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even w...3.7May 26, 2023
• CVE-2023-28320A denial of service vulnerability exists in curl <v8.1.0 in the way libcurl provides several different backends for resolving host names, selected at build time. If it is built to use the synchrono...5.9May 26, 2023
• CVE-2023-28319A use after free vulnerability exists in curl <v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. When this check fails, libcurl would free the me...7.5May 26, 2023
• CVE-2023-28321An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. cu...5.9May 26, 2023
• CVE-2023-27533A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during ser...8.8Mar 30, 2023