Vulnerabilities > Netapp > Clustered Data Ontap
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-01-24 | CVE-2016-10160 | Off-by-one Error vulnerability in multiple products Off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PHAR archive with an alias mismatch. | 7.5 |
2017-01-11 | CVE-2015-8020 | Information Exposure vulnerability in Netapp Clustered Data Ontap 8.0/8.3.1/8.3.2 Clustered Data ONTAP versions 8.0, 8.3.1, and 8.3.2 contain a default privileged account which under certain conditions can be used for unauthorized information disclosure. | 4.3 |
2017-01-11 | CVE-2016-7480 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access) via crafted serialized data. | 7.5 |
2017-01-11 | CVE-2017-5340 | Integer Overflow or Wraparound vulnerability in multiple products Zend/zend_hash.c in PHP before 7.0.15 and 7.1.x before 7.1.1 mishandles certain cases that require large array allocations, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow, uninitialized memory access, and use of arbitrary destructor function pointers) via crafted serialized data. | 7.5 |
2016-09-01 | CVE-2016-3064 | Information Exposure vulnerability in Netapp Clustered Data Ontap NetApp Clustered Data ONTAP before 8.2.4P4 and 8.3.x before 8.3.2P2 allows remote authenticated users to obtain sensitive cluster and tenant information via unspecified vectors. | 4.0 |
2016-04-07 | CVE-2016-1563 | Improper Input Validation vulnerability in Netapp Clustered Data Ontap 8.3.1 NetApp Clustered Data ONTAP 8.3.1 does not properly verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.8 |
2016-01-26 | CVE-2015-7974 | Improper Authentication vulnerability in multiple products NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key." | 4.0 |