Vulnerabilities > Netapp > Oncommand Balance

DATE CVE VULNERABILITY TITLE RISK
2019-01-16 CVE-2017-3140 Resource Exhaustion vulnerability in multiple products
If named is configured to use Response Policy Zones (RPZ) an error processing some rule types can lead to a condition where BIND will endlessly loop while handling a query.
network
high complexity
isc netapp CWE-400
5.9
2019-01-16 CVE-2017-3138 Reachable Assertion vulnerability in multiple products
named contains a feature which allows operators to issue commands to a running server by communicating with the server process over a control channel, using a utility program such as rndc.
network
high complexity
isc netapp debian CWE-617
5.3
2019-01-16 CVE-2017-3137 Reachable Assertion vulnerability in multiple products
Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could lead to a situation in which named would exit with an assertion failure when processing a response in which records occurred in an unusual order.
network
low complexity
isc redhat netapp debian CWE-617
7.5
2019-01-16 CVE-2017-3136 Reachable Assertion vulnerability in multiple products
A query with a specific set of characteristics could cause a server using DNS64 to encounter an assertion failure and terminate.
network
high complexity
isc redhat netapp debian CWE-617
5.9
2018-02-06 CVE-2017-7525 Incomplete Blacklist vulnerability in multiple products
A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.
network
low complexity
fasterxml debian netapp redhat oracle CWE-184
critical
9.8
2018-02-06 CVE-2017-15095 Deserialization of Untrusted Data vulnerability in multiple products
A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.
network
low complexity
fasterxml debian redhat netapp oracle CWE-502
critical
9.8
2017-12-01 CVE-2017-15707 Improper Input Validation vulnerability in multiple products
In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an outdated JSON-lib library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted JSON payload.
local
low complexity
apache netapp oracle CWE-20
6.2
2017-11-13 CVE-2016-8610 Resource Exhaustion vulnerability in multiple products
A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake.
7.5
2017-10-19 CVE-2017-10388 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries).
network
high complexity
oracle redhat netapp debian
7.5
2017-10-19 CVE-2017-10384 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL).
network
low complexity
oracle mariadb debian netapp redhat
6.5