Vulnerabilities > Netapp > Data Ontap Edge > High

DATE CVE VULNERABILITY TITLE RISK
2019-01-16 CVE-2018-5740 Reachable Assertion vulnerability in multiple products
"deny-answer-aliases" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers.
network
low complexity
isc redhat debian netapp canonical hp opensuse CWE-617
7.5
2019-01-16 CVE-2018-5737 Reachable Assertion vulnerability in multiple products
A problem with the implementation of the new serve-stale feature in BIND 9.12 can lead to an assertion failure in rbtdb.c, even when stale-answer-enable is off.
network
low complexity
isc netapp CWE-617
7.5
2019-01-16 CVE-2018-5734 Reachable Assertion vulnerability in multiple products
While handling a particular type of malformed packet BIND erroneously selects a SERVFAIL rcode instead of a FORMERR rcode.
network
low complexity
isc netapp CWE-617
7.5
2019-01-16 CVE-2017-3145 Use After Free vulnerability in multiple products
BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named.
network
low complexity
isc redhat debian netapp juniper CWE-416
7.5
2019-01-16 CVE-2017-3137 Reachable Assertion vulnerability in multiple products
Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could lead to a situation in which named would exit with an assertion failure when processing a response in which records occurred in an unusual order.
network
low complexity
isc redhat netapp debian CWE-617
7.5
2018-06-07 CVE-2018-12015 Link Following vulnerability in multiple products
In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.
network
low complexity
canonical debian perl archive apple netapp CWE-59
7.5
2018-05-18 CVE-2018-11237 Out-of-bounds Write vulnerability in multiple products
An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper.
local
low complexity
gnu redhat oracle netapp canonical CWE-787
7.8
2018-01-21 CVE-2016-10708 NULL Pointer Dereference vulnerability in multiple products
sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c.
network
low complexity
openbsd debian canonical netapp CWE-476
7.5
2017-11-13 CVE-2016-8610 A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. 7.5
2017-01-12 CVE-2016-9131 Improper Input Validation vulnerability in multiple products
named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed response to an RTYPE ANY query.
network
low complexity
isc debian redhat netapp CWE-20
7.5