Vulnerabilities > Netapp
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-01-30 | CVE-2015-7973 | 7PK - Security Features vulnerability in multiple products NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in broadcast mode, allows man-in-the-middle attackers to conduct replay attacks by sniffing the network. | 6.5 |
| 2017-01-24 | CVE-2016-10160 | Off-by-one Error vulnerability in multiple products Off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PHAR archive with an alias mismatch. | 9.8 |
| 2017-01-12 | CVE-2016-9131 | Improper Input Validation vulnerability in multiple products named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed response to an RTYPE ANY query. | 7.5 |
| 2017-01-11 | CVE-2016-6820 | Information Exposure vulnerability in Netapp Metrocluster Tiebreaker 1.1 MetroCluster Tiebreaker for clustered Data ONTAP in versions before 1.2 discloses sensitive information in cleartext which may be viewed by an unauthenticated user. | 7.5 |
| 2017-01-11 | CVE-2015-8020 | Information Exposure vulnerability in Netapp Clustered Data Ontap 8.0/8.3.1/8.3.2 Clustered Data ONTAP versions 8.0, 8.3.1, and 8.3.2 contain a default privileged account which under certain conditions can be used for unauthorized information disclosure. | 3.7 |
| 2017-01-11 | CVE-2016-7480 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access) via crafted serialized data. | 9.8 |
| 2017-01-11 | CVE-2017-5340 | Integer Overflow or Wraparound vulnerability in multiple products Zend/zend_hash.c in PHP before 7.0.15 and 7.1.x before 7.1.1 mishandles certain cases that require large array allocations, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow, uninitialized memory access, and use of arbitrary destructor function pointers) via crafted serialized data. | 9.8 |
| 2016-12-21 | CVE-2016-7172 | Information Exposure vulnerability in Netapp Snap Creator Framework NetApp Snap Creator Framework before 4.3.1 discloses sensitive information which could be viewed by an unauthorized user. | 7.5 |
| 2016-12-05 | CVE-2016-7171 | Improper Certificate Validation vulnerability in Netapp Plug-In 2.0 NetApp Plug-in for Symantec NetBackup prior to version 2.0.1 makes use of a non-unique server certificate, making it vulnerable to impersonation. | 5.6 |
| 2016-11-10 | CVE-2016-5195 | Race Condition vulnerability in multiple products Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW." | 7.0 |