Vulnerabilities > Netapp > Clustered Data Ontap > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-08-07 | CVE-2015-7705 | Improper Input Validation vulnerability in multiple products The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests. | 9.8 |
2017-08-07 | CVE-2015-7853 | Classic Buffer Overflow vulnerability in multiple products The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative input value. | 9.8 |
2017-08-07 | CVE-2015-7871 | Improper Authentication vulnerability in multiple products Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication. | 9.8 |
2017-07-10 | CVE-2017-11147 | Out-of-bounds Read vulnerability in multiple products In PHP before 5.6.30 and 7.x before 7.0.15, the PHAR archive handler could be used by attackers supplying malicious archive files to crash the PHP interpreter or potentially disclose information due to a buffer over-read in the phar_parse_pharfile function in ext/phar/phar.c. | 9.1 |
2017-06-20 | CVE-2017-3167 | Improper Authentication vulnerability in multiple products In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed. | 9.8 |
2017-05-21 | CVE-2017-9119 | Resource Exhaustion vulnerability in multiple products The i_zval_ptr_dtor function in Zend/zend_variables.h in PHP 7.1.5 allows attackers to cause a denial of service (memory consumption and application crash) or possibly have unspecified other impact by triggering crafted operations on array data structures. | 9.8 |
2017-01-24 | CVE-2016-10160 | Off-by-one Error vulnerability in multiple products Off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PHAR archive with an alias mismatch. | 9.8 |
2017-01-11 | CVE-2016-7480 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access) via crafted serialized data. | 9.8 |
2017-01-11 | CVE-2017-5340 | Integer Overflow or Wraparound vulnerability in multiple products Zend/zend_hash.c in PHP before 7.0.15 and 7.1.x before 7.1.1 mishandles certain cases that require large array allocations, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow, uninitialized memory access, and use of arbitrary destructor function pointers) via crafted serialized data. | 9.8 |