Vulnerabilities > Netapp > Clustered Data Ontap > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-26 | CVE-2018-1302 | NULL Pointer Dereference vulnerability in multiple products When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. | 5.9 |
| 2018-03-26 | CVE-2018-1301 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. | 5.9 |
| 2018-03-26 | CVE-2018-1283 | In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a "Session" header. | 5.3 |
| 2017-12-18 | CVE-2017-14583 | Improper Input Validation vulnerability in Netapp Clustered Data Ontap 9.0/9.2 NetApp Clustered Data ONTAP versions 9.x prior to 9.1P10 and 9.2P2 are susceptible to a vulnerability which allows an attacker to cause a Denial of Service (DoS) in SMB environments. | 6.5 |
| 2017-11-10 | CVE-2017-5201 | Information Exposure vulnerability in Netapp Clustered Data Ontap 8.1.4/9.0 NetApp Clustered Data ONTAP before 8.3.2P8 and 9.0 before P2 allow remote authenticated users to obtain sensitive cluster and tenant information via unspecified vectors, a different vulnerability than CVE-2016-3064. | 5.7 |
| 2017-10-26 | CVE-2017-15906 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files. | 5.3 |
| 2017-08-07 | CVE-2015-7855 | Improper Input Validation vulnerability in multiple products The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (assertion failure) via a 6 or mode 7 packet containing a long data value. | 6.5 |
| 2017-08-07 | CVE-2015-7852 | Improper Input Validation vulnerability in multiple products ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted mode 6 response packets. | 5.9 |
| 2017-08-07 | CVE-2015-7850 | Infinite Loop vulnerability in multiple products ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (infinite loop or crash) by pointing the key file at the log file. | 6.5 |
| 2017-08-07 | CVE-2015-7702 | Improper Input Validation vulnerability in multiple products The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). | 6.5 |