Total
190 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-11147 | 2 Netapp, Php | 2 Clustered Data Ontap, Php | 2025-04-20 | 6.4 MEDIUM | 9.1 CRITICAL |
| In PHP before 5.6.30 and 7.x before 7.0.15, the PHAR archive handler could be used by attackers supplying malicious archive files to crash the PHP interpreter or potentially disclose information due to a buffer over-read in the phar_parse_pharfile function in ext/phar/phar.c. | |||||
| CVE-2015-7854 | 2 Netapp, Ntp | 6 Clustered Data Ontap, Data Ontap, Oncommand Balance and 3 more | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| Buffer overflow in the password management functionality in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted key file. | |||||
| CVE-2015-7702 | 5 Debian, Netapp, Ntp and 2 more | 13 Debian Linux, Clustered Data Ontap, Data Ontap and 10 more | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750. | |||||
| CVE-2015-7973 | 5 Canonical, Freebsd, Netapp and 2 more | 9 Ubuntu Linux, Freebsd, Clustered Data Ontap and 6 more | 2025-04-20 | 5.8 MEDIUM | 6.5 MEDIUM |
| NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in broadcast mode, allows man-in-the-middle attackers to conduct replay attacks by sniffing the network. | |||||
| CVE-2015-8020 | 1 Netapp | 1 Clustered Data Ontap | 2025-04-20 | 4.3 MEDIUM | 3.7 LOW |
| Clustered Data ONTAP versions 8.0, 8.3.1, and 8.3.2 contain a default privileged account which under certain conditions can be used for unauthorized information disclosure. | |||||
| CVE-2017-5201 | 1 Netapp | 1 Clustered Data Ontap | 2025-04-20 | 2.7 LOW | 5.7 MEDIUM |
| NetApp Clustered Data ONTAP before 8.3.2P8 and 9.0 before P2 allow remote authenticated users to obtain sensitive cluster and tenant information via unspecified vectors, a different vulnerability than CVE-2016-3064. | |||||
| CVE-2016-3997 | 1 Netapp | 1 Clustered Data Ontap | 2025-04-20 | 6.8 MEDIUM | 7.5 HIGH |
| NetApp Clustered Data ONTAP allows man-in-the-middle attackers to obtain sensitive information, gain privileges, or cause a denial of service by leveraging failure to enable SMB signing enforcement in its default state. | |||||
| CVE-2015-7703 | 5 Debian, Netapp, Ntp and 2 more | 13 Debian Linux, Clustered Data Ontap, Data Ontap and 10 more | 2025-04-20 | 4.3 MEDIUM | 7.5 HIGH |
| The "pidfile" or "driftfile" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, when ntpd is configured to allow remote configuration, allows remote attackers with an IP address that is allowed to send configuration requests, and with knowledge of the remote configuration password to write to arbitrary files via the :config command. | |||||
| CVE-2015-7691 | 5 Debian, Netapp, Ntp and 2 more | 13 Debian Linux, Clustered Data Ontap, Data Ontap and 10 more | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted packets containing particular autokey operations. NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750. | |||||
| CVE-2017-14583 | 1 Netapp | 1 Clustered Data Ontap | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| NetApp Clustered Data ONTAP versions 9.x prior to 9.1P10 and 9.2P2 are susceptible to a vulnerability which allows an attacker to cause a Denial of Service (DoS) in SMB environments. | |||||
| CVE-2016-10160 | 3 Debian, Netapp, Php | 3 Debian Linux, Clustered Data Ontap, Php | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PHAR archive with an alias mismatch. | |||||
| CVE-2015-7849 | 2 Netapp, Ntp | 6 Clustered Data Ontap, Data Ontap, Oncommand Balance and 3 more | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| Use-after-free vulnerability in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to possibly execute arbitrary code or cause a denial of service (crash) via crafted packets. | |||||
| CVE-2017-12423 | 1 Netapp | 1 Clustered Data Ontap | 2025-04-20 | 4.0 MEDIUM | 7.7 HIGH |
| NetApp Clustered Data ONTAP 8.3.x before 8.3.2P12 allows remote authenticated users to read data on other Storage Virtual Machines (SVMs) via unspecified vectors. | |||||
| CVE-2017-5988 | 1 Netapp | 1 Clustered Data Ontap | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| NetApp Clustered Data ONTAP 8.1 through 9.1P1, when NFS or SMB is enabled, allows remote attackers to cause a denial of service via unspecified vectors. | |||||
| CVE-2017-7947 | 1 Netapp | 1 Clustered Data Ontap | 2025-04-20 | 5.0 MEDIUM | 6.5 MEDIUM |
| NetApp Clustered Data ONTAP before 8.3.2P11, 9.0 before P4, and 9.1 before P5 allow attackers to obtain sensitive password information by leveraging logging of passwords entered non-interactively on the command line. | |||||
| CVE-2015-7692 | 5 Debian, Netapp, Ntp and 2 more | 13 Debian Linux, Clustered Data Ontap, Data Ontap and 10 more | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750. | |||||
| CVE-2015-7705 | 4 Citrix, Netapp, Ntp and 1 more | 10 Xenserver, Clustered Data Ontap, Data Ontap and 7 more | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests. | |||||
| CVE-2015-7855 | 4 Debian, Netapp, Ntp and 1 more | 11 Debian Linux, Clustered Data Ontap, Data Ontap and 8 more | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (assertion failure) via a 6 or mode 7 packet containing a long data value. | |||||
| CVE-2017-12420 | 1 Netapp | 1 Clustered Data Ontap | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| Heap-based buffer overflow in the SMB implementation in NetApp Clustered Data ONTAP before 8.3.2P8 and 9.0 before P2 allows remote authenticated users to cause a denial of service or execute arbitrary code. | |||||
| CVE-2016-2518 | 7 Debian, Freebsd, Netapp and 4 more | 18 Debian Linux, Freebsd, Clustered Data Ontap and 15 more | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value. | |||||