Vulnerabilities > Netapp > Clustered Data Ontap > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-08-07 | CVE-2015-7692 | Improper Input Validation vulnerability in NTP The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). | 5.0 |
| 2017-08-07 | CVE-2015-7691 | Improper Input Validation vulnerability in NTP The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted packets containing particular autokey operations. | 5.0 |
| 2017-07-24 | CVE-2015-7703 | Improper Input Validation vulnerability in NTP The "pidfile" or "driftfile" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, when ntpd is configured to allow remote configuration, allows remote attackers with an IP address that is allowed to send configuration requests, and with knowledge of the remote configuration password to write to arbitrary files via the :config command. | 4.3 |
| 2017-07-17 | CVE-2017-7947 | Information Exposure vulnerability in Netapp Clustered Data Ontap 8.3.2/9.0/9.1 NetApp Clustered Data ONTAP before 8.3.2P11, 9.0 before P4, and 9.1 before P5 allow attackers to obtain sensitive password information by leveraging logging of passwords entered non-interactively on the command line. | 5.0 |
| 2017-07-03 | CVE-2016-3997 | 7PK - Security Features vulnerability in Netapp Clustered Data Ontap 8.3.1 NetApp Clustered Data ONTAP allows man-in-the-middle attackers to obtain sensitive information, gain privileges, or cause a denial of service by leveraging failure to enable SMB signing enforcement in its default state. | 6.8 |
| 2017-04-10 | CVE-2017-7345 | Information Exposure vulnerability in Netapp Clustered Data Ontap NetApp OnCommand Performance Manager and OnCommand Unified Manager for Clustered Data ONTAP before 7.1P1 improperly bind the Java Management Extension Remote Method Invocation (aka JMX RMI) service to the network, which allows remote attackers to obtain sensitive information via unspecified vectors. | 5.0 |
| 2017-04-10 | CVE-2017-5988 | Denial of Service vulnerability in NetApp Clustered Data ONTAP NetApp Clustered Data ONTAP 8.1 through 9.1P1, when NFS or SMB is enabled, allows remote attackers to cause a denial of service via unspecified vectors. | 5.0 |
| 2017-02-07 | CVE-2016-4341 | Information Exposure vulnerability in Netapp Clustered Data Ontap NetApp Clustered Data ONTAP before 8.3.2P7 allows remote attackers to obtain SMB share information via unspecified vectors. | 5.0 |
| 2017-01-30 | CVE-2016-2518 | Out-of-bounds Read vulnerability in multiple products The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value. | 5.0 |
| 2017-01-30 | CVE-2015-7977 | NULL Pointer Dereference vulnerability in multiple products ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference) via a ntpdc reslist command. | 4.3 |