Vulnerabilities > Netapp > Data Ontap Edge > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-01-16 | CVE-2018-5736 | Reachable Assertion vulnerability in multiple products An error in zone database reference counting can lead to an assertion failure if a server which is running an affected version of BIND attempts several transfers of a slave zone in quick succession. | 5.3 |
2019-01-16 | CVE-2017-3140 | Resource Exhaustion vulnerability in multiple products If named is configured to use Response Policy Zones (RPZ) an error processing some rule types can lead to a condition where BIND will endlessly loop while handling a query. | 5.9 |
2019-01-16 | CVE-2017-3138 | Reachable Assertion vulnerability in multiple products named contains a feature which allows operators to issue commands to a running server by communicating with the server process over a control channel, using a utility program such as rndc. | 5.3 |
2019-01-16 | CVE-2017-3136 | Reachable Assertion vulnerability in multiple products A query with a specific set of characteristics could cause a server using DNS64 to encounter an assertion failure and terminate. | 5.9 |
2019-01-16 | CVE-2017-3135 | NULL Pointer Dereference vulnerability in multiple products Under some conditions when using both DNS64 and RPZ to rewrite query responses, query processing can resume in an inconsistent state leading to either an INSIST assertion failure or an attempt to read through a NULL pointer. | 5.9 |
2019-01-16 | CVE-2016-9778 | 7PK - Errors vulnerability in multiple products An error in handling certain queries can cause an assertion failure when a server is using the nxdomain-redirect feature to cover a zone for which it is also providing authoritative service. | 5.9 |
2018-08-28 | CVE-2018-15919 | Information Exposure vulnerability in multiple products Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. | 5.3 |
2018-08-17 | CVE-2018-15473 | Race Condition vulnerability in multiple products OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. | 5.3 |
2017-10-26 | CVE-2017-15906 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files. | 5.3 |