Vulnerabilities > Netapp
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-01-11 | CVE-2017-5340 | Integer Overflow or Wraparound vulnerability in multiple products Zend/zend_hash.c in PHP before 7.0.15 and 7.1.x before 7.1.1 mishandles certain cases that require large array allocations, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow, uninitialized memory access, and use of arbitrary destructor function pointers) via crafted serialized data. | 9.8 |
| 2016-12-21 | CVE-2016-7172 | Information Exposure vulnerability in Netapp Snap Creator Framework NetApp Snap Creator Framework before 4.3.1 discloses sensitive information which could be viewed by an unauthorized user. | 7.5 |
| 2016-12-05 | CVE-2016-7171 | Improper Certificate Validation vulnerability in Netapp Plug-In 2.0 NetApp Plug-in for Symantec NetBackup prior to version 2.0.1 makes use of a non-unique server certificate, making it vulnerable to impersonation. | 5.6 |
| 2016-11-10 | CVE-2016-5195 | Race Condition vulnerability in multiple products Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW." | 7.0 |
| 2016-11-02 | CVE-2016-8864 | Reachable Assertion vulnerability in multiple products named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNAME record in the answer section of a response to a recursive query, related to db.c and resolver.c. | 7.5 |
| 2016-09-21 | CVE-2015-8960 | Improper Certificate Validation vulnerability in multiple products The TLS protocol 1.2 and earlier supports the rsa_fixed_dh, dss_fixed_dh, rsa_fixed_ecdh, and ecdsa_fixed_ecdh values for ClientCertificateType but does not directly document the ability to compute the master secret in certain situations with a client secret key and server public key but not a server secret key, which makes it easier for man-in-the-middle attackers to spoof TLS servers by leveraging knowledge of the secret key for an arbitrary installed client X.509 certificate, aka the "Key Compromise Impersonation (KCI)" issue. | 8.1 |
| 2016-09-01 | CVE-2016-5047 | Unspecified vulnerability in Netapp Oncommand System Manager 8.3/8.3.1/8.3.2 NetApp OnCommand System Manager 8.3.x before 8.3.2P5 allows remote authenticated users to cause a denial of service via unspecified vectors. | 6.5 |
| 2016-09-01 | CVE-2016-3064 | Information Exposure vulnerability in Netapp Clustered Data Ontap NetApp Clustered Data ONTAP before 8.2.4P4 and 8.3.x before 8.3.2P2 allows remote authenticated users to obtain sensitive cluster and tenant information via unspecified vectors. | 6.5 |
| 2016-04-21 | CVE-2016-3427 | Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. | 9.8 |
| 2016-04-07 | CVE-2016-1563 | Improper Input Validation vulnerability in Netapp Clustered Data Ontap 8.3.1 NetApp Clustered Data ONTAP 8.3.1 does not properly verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 6.8 |