Vulnerabilities > Netapp > Clustered Data Ontap > High

DATE CVE VULNERABILITY TITLE RISK
2024-07-01 CVE-2024-38477 null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request. Users are recommended to upgrade to version 2.4.60, which fixes this issue.
network
low complexity
apache netapp
7.5
2024-01-26 CVE-2024-21985 Unspecified vulnerability in Netapp Clustered Data Ontap
ONTAP 9 versions prior to 9.9.1P18, 9.10.1P16, 9.11.1P13, 9.12.1P10 and 9.13.1P4 are susceptible to a vulnerability which could allow an authenticated user with multiple remote accounts with differing roles to perform actions via REST API beyond their intended privilege.
network
low complexity
netapp
7.6
2023-10-12 CVE-2023-27314 Unspecified vulnerability in Netapp Clustered Data Ontap
ONTAP 9 versions prior to 9.8P19, 9.9.1P16, 9.10.1P12, 9.11.1P8, 9.12.1P2 and 9.13.1 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to cause a crash of the HTTP service.
network
low complexity
netapp
7.5
2023-08-01 CVE-2023-3107 Integer Overflow or Wraparound vulnerability in multiple products
A set of carefully crafted ipv6 packets can trigger an integer overflow in the calculation of a fragment reassembled packet's payload length field.
network
low complexity
freebsd netapp CWE-190
7.5
2023-07-17 CVE-2023-38403 Integer Overflow or Wraparound vulnerability in multiple products
iperf3 before 3.14 allows peers to cause an integer overflow and heap corruption via a crafted length field.
network
low complexity
es debian fedoraproject netapp apple CWE-190
7.5
2023-05-30 CVE-2023-2953 NULL Pointer Dereference vulnerability in multiple products
A vulnerability was found in openldap.
network
low complexity
openldap redhat apple netapp CWE-476
7.5
2023-05-26 CVE-2023-28319 Use After Free vulnerability in multiple products
A use after free vulnerability exists in curl <v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash.
network
low complexity
haxx apple netapp CWE-416
7.5
2023-03-30 CVE-2023-27533 Injection vulnerability in multiple products
A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation.
network
low complexity
haxx fedoraproject netapp splunk CWE-74
8.8
2022-11-23 CVE-2022-40304 Double Free vulnerability in multiple products
An issue was discovered in libxml2 before 2.10.3.
local
low complexity
xmlsoft netapp apple CWE-415
7.8
2022-11-23 CVE-2022-40303 Integer Overflow or Wraparound vulnerability in multiple products
An issue was discovered in libxml2 before 2.10.3.
network
low complexity
xmlsoft netapp apple CWE-190
7.5