Vulnerabilities > Netapp > Data Ontap Edge > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-01-16 | CVE-2018-5740 | Reachable Assertion vulnerability in multiple products "deny-answer-aliases" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers. | 7.5 |
2019-01-16 | CVE-2018-5737 | Reachable Assertion vulnerability in multiple products A problem with the implementation of the new serve-stale feature in BIND 9.12 can lead to an assertion failure in rbtdb.c, even when stale-answer-enable is off. | 7.5 |
2019-01-16 | CVE-2018-5734 | Reachable Assertion vulnerability in multiple products While handling a particular type of malformed packet BIND erroneously selects a SERVFAIL rcode instead of a FORMERR rcode. | 7.5 |
2019-01-16 | CVE-2017-3145 | Use After Free vulnerability in multiple products BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named. | 7.5 |
2019-01-16 | CVE-2017-3137 | Reachable Assertion vulnerability in multiple products Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could lead to a situation in which named would exit with an assertion failure when processing a response in which records occurred in an unusual order. | 7.5 |
2018-06-07 | CVE-2018-12015 | Link Following vulnerability in multiple products In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name. | 7.5 |
2018-05-18 | CVE-2018-11237 | Out-of-bounds Write vulnerability in multiple products An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper. | 7.8 |
2018-01-21 | CVE-2016-10708 | NULL Pointer Dereference vulnerability in multiple products sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c. | 7.5 |
2017-11-13 | CVE-2016-8610 | A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. | 7.5 |
2017-01-12 | CVE-2016-9131 | Improper Input Validation vulnerability in multiple products named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed response to an RTYPE ANY query. | 7.5 |