Total
178 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-14583 | 1 Netapp | 1 Clustered Data Ontap | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
NetApp Clustered Data ONTAP versions 9.x prior to 9.1P10 and 9.2P2 are susceptible to a vulnerability which allows an attacker to cause a Denial of Service (DoS) in SMB environments. | |||||
CVE-2016-3997 | 1 Netapp | 1 Clustered Data Ontap | 2024-02-04 | 6.8 MEDIUM | 7.5 HIGH |
NetApp Clustered Data ONTAP allows man-in-the-middle attackers to obtain sensitive information, gain privileges, or cause a denial of service by leveraging failure to enable SMB signing enforcement in its default state. | |||||
CVE-2017-5201 | 1 Netapp | 1 Clustered Data Ontap | 2024-02-04 | 2.7 LOW | 5.7 MEDIUM |
NetApp Clustered Data ONTAP before 8.3.2P8 and 9.0 before P2 allow remote authenticated users to obtain sensitive cluster and tenant information via unspecified vectors, a different vulnerability than CVE-2016-3064. | |||||
CVE-2017-12421 | 1 Netapp | 1 Clustered Data Ontap | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
NetApp Clustered Data ONTAP 8.3.x before 8.3.2P12 allows remote authenticated users to execute arbitrary code on the storage controller via unspecified vectors. | |||||
CVE-2017-9119 | 2 Netapp, Php | 3 Clustered Data Ontap, Storage Automation Store, Php | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
The i_zval_ptr_dtor function in Zend/zend_variables.h in PHP 7.1.5 allows attackers to cause a denial of service (memory consumption and application crash) or possibly have unspecified other impact by triggering crafted operations on array data structures. | |||||
CVE-2017-7345 | 1 Netapp | 1 Clustered Data Ontap | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
NetApp OnCommand Performance Manager and OnCommand Unified Manager for Clustered Data ONTAP before 7.1P1 improperly bind the Java Management Extension Remote Method Invocation (aka JMX RMI) service to the network, which allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
CVE-2016-4341 | 1 Netapp | 1 Clustered Data Ontap | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
NetApp Clustered Data ONTAP before 8.3.2P7 allows remote attackers to obtain SMB share information via unspecified vectors. | |||||
CVE-2017-5340 | 2 Netapp, Php | 2 Clustered Data Ontap, Php | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
Zend/zend_hash.c in PHP before 7.0.15 and 7.1.x before 7.1.1 mishandles certain cases that require large array allocations, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow, uninitialized memory access, and use of arbitrary destructor function pointers) via crafted serialized data. | |||||
CVE-2016-2518 | 7 Debian, Freebsd, Netapp and 4 more | 18 Debian Linux, Freebsd, Clustered Data Ontap and 15 more | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value. | |||||
CVE-2015-7977 | 8 Canonical, Debian, Fedoraproject and 5 more | 12 Ubuntu Linux, Debian Linux, Fedora and 9 more | 2024-02-04 | 4.3 MEDIUM | 5.9 MEDIUM |
ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference) via a ntpdc reslist command. | |||||
CVE-2015-7973 | 5 Canonical, Freebsd, Netapp and 2 more | 9 Ubuntu Linux, Freebsd, Clustered Data Ontap and 6 more | 2024-02-04 | 5.8 MEDIUM | 6.5 MEDIUM |
NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in broadcast mode, allows man-in-the-middle attackers to conduct replay attacks by sniffing the network. | |||||
CVE-2016-10160 | 3 Debian, Netapp, Php | 3 Debian Linux, Clustered Data Ontap, Php | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
Off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PHAR archive with an alias mismatch. | |||||
CVE-2016-7480 | 2 Netapp, Php | 2 Clustered Data Ontap, Php | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
The SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access) via crafted serialized data. | |||||
CVE-2017-5988 | 1 Netapp | 1 Clustered Data Ontap | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
NetApp Clustered Data ONTAP 8.1 through 9.1P1, when NFS or SMB is enabled, allows remote attackers to cause a denial of service via unspecified vectors. | |||||
CVE-2015-8020 | 1 Netapp | 1 Clustered Data Ontap | 2024-02-04 | 4.3 MEDIUM | 3.7 LOW |
Clustered Data ONTAP versions 8.0, 8.3.1, and 8.3.2 contain a default privileged account which under certain conditions can be used for unauthorized information disclosure. | |||||
CVE-2016-1563 | 1 Netapp | 1 Clustered Data Ontap | 2024-02-04 | 5.8 MEDIUM | 6.8 MEDIUM |
NetApp Clustered Data ONTAP 8.3.1 does not properly verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2016-3064 | 1 Netapp | 1 Clustered Data Ontap | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
NetApp Clustered Data ONTAP before 8.2.4P4 and 8.3.x before 8.3.2P2 allows remote authenticated users to obtain sensitive cluster and tenant information via unspecified vectors. | |||||
CVE-2015-7974 | 4 Debian, Netapp, Ntp and 1 more | 8 Debian Linux, Clustered Data Ontap, Oncommand Balance and 5 more | 2024-02-04 | 4.0 MEDIUM | 7.7 HIGH |
NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key." |