Vulnerabilities > Netapp > Clustered Data Ontap

DATE CVE VULNERABILITY TITLE RISK
2017-01-24 CVE-2016-10160 Off-by-one Error vulnerability in multiple products
Off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PHAR archive with an alias mismatch.
network
low complexity
php netapp debian CWE-193
7.5
2017-01-11 CVE-2015-8020 Information Exposure vulnerability in Netapp Clustered Data Ontap 8.0/8.3.1/8.3.2
Clustered Data ONTAP versions 8.0, 8.3.1, and 8.3.2 contain a default privileged account which under certain conditions can be used for unauthorized information disclosure.
network
netapp CWE-200
4.3
2017-01-11 CVE-2016-7480 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access) via crafted serialized data.
network
low complexity
php netapp CWE-119
7.5
2017-01-11 CVE-2017-5340 Integer Overflow or Wraparound vulnerability in multiple products
Zend/zend_hash.c in PHP before 7.0.15 and 7.1.x before 7.1.1 mishandles certain cases that require large array allocations, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow, uninitialized memory access, and use of arbitrary destructor function pointers) via crafted serialized data.
network
low complexity
php netapp CWE-190
7.5
2016-09-01 CVE-2016-3064 Information Exposure vulnerability in Netapp Clustered Data Ontap
NetApp Clustered Data ONTAP before 8.2.4P4 and 8.3.x before 8.3.2P2 allows remote authenticated users to obtain sensitive cluster and tenant information via unspecified vectors.
network
low complexity
netapp CWE-200
4.0
2016-04-07 CVE-2016-1563 Improper Input Validation vulnerability in Netapp Clustered Data Ontap 8.3.1
NetApp Clustered Data ONTAP 8.3.1 does not properly verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
network
netapp CWE-20
5.8
2016-01-26 CVE-2015-7974 Improper Authentication vulnerability in multiple products
NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key."
network
low complexity
ntp siemens netapp debian CWE-287
4.0