Vulnerabilities > Netapp > Clustered Data Ontap > High

DATE CVE VULNERABILITY TITLE RISK
2018-03-26 CVE-2017-15715 Improper Input Validation vulnerability in multiple products
In Apache httpd 2.4.0 to 2.4.29, the expression specified in <FilesMatch> could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename.
network
high complexity
apache debian canonical netapp redhat CWE-20
8.1
2018-03-26 CVE-2017-15710 Out-of-bounds Write vulnerability in multiple products
In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials.
network
low complexity
apache debian canonical netapp redhat CWE-787
7.5
2018-01-21 CVE-2016-10708 NULL Pointer Dereference vulnerability in multiple products
sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c.
network
low complexity
openbsd debian canonical netapp CWE-476
7.5
2017-11-13 CVE-2016-8610 A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. 7.5
2017-11-07 CVE-2017-16642 Out-of-bounds Read vulnerability in multiple products
In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension's timelib_meridian handling of 'front of' and 'back of' directives could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function.
network
low complexity
php debian canonical netapp CWE-125
7.5
2017-09-01 CVE-2017-12423 Unspecified vulnerability in Netapp Clustered Data Ontap
NetApp Clustered Data ONTAP 8.3.x before 8.3.2P12 allows remote authenticated users to read data on other Storage Virtual Machines (SVMs) via unspecified vectors.
network
low complexity
netapp
7.7
2017-09-01 CVE-2017-12421 Unspecified vulnerability in Netapp Clustered Data Ontap
NetApp Clustered Data ONTAP 8.3.x before 8.3.2P12 allows remote authenticated users to execute arbitrary code on the storage controller via unspecified vectors.
network
low complexity
netapp
8.8
2017-08-18 CVE-2017-12420 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Netapp Clustered Data Ontap
Heap-based buffer overflow in the SMB implementation in NetApp Clustered Data ONTAP before 8.3.2P8 and 9.0 before P2 allows remote authenticated users to cause a denial of service or execute arbitrary code.
network
low complexity
netapp CWE-119
8.8
2017-08-07 CVE-2015-7854 Classic Buffer Overflow vulnerability in multiple products
Buffer overflow in the password management functionality in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted key file.
network
low complexity
ntp netapp CWE-120
8.8
2017-08-07 CVE-2015-7849 Use After Free vulnerability in multiple products
Use-after-free vulnerability in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to possibly execute arbitrary code or cause a denial of service (crash) via crafted packets.
network
low complexity
ntp netapp CWE-416
8.8