Clustered Data Ontap

clustered_data_ontap

Vendor: Netapp • 187 CVEs

CVEs (187)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2018-1283 5Apache CanonicalDebian+2 more 8Clustered Data Ontap Debian LinuxEnterprise Linux+5 more Nov 21, 2024 Mar 26, 2018 N/A· v4 5.3 MEDIUM· v3 3.5 LOW· v2 In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a "Session" header. Thi...Show more In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a "Session" header. This comes from the "HTTP_SESSION" variable name used by mod_session to forward its data to CGIs, since the prefix "HTTP_" is also used by the Apache HTTP Server to pass HTTP header fields, per CGI specifications.Show less
CVE-2017-15715 5Apache CanonicalDebian+2 more 8Clustered Data Ontap Debian LinuxEnterprise Linux+5 more Nov 21, 2024 Mar 26, 2018 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 In Apache httpd 2.4.0 to 2.4.29, the expression specified in <FilesMatch> could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in envi...Show more In Apache httpd 2.4.0 to 2.4.29, the expression specified in <FilesMatch> could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the trailing portion of the filename.Show less
CVE-2017-15710 5Apache CanonicalDebian+2 more 8Clustered Data Ontap Debian LinuxEnterprise Linux+5 more Nov 21, 2024 Mar 26, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying...Show more In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not present in the charset conversion table, a fallback mechanism is used to truncate it to a two characters value to allow a quick retry (for example, 'en-US' is truncated to 'en'). A header value of less than two characters forces an out of bound write of one NUL byte to a memory location that is not part of the string. In the worst case, quite unlikely, the process would crash which could be used as a Denial of Service attack. In the more likely case, this memory is already reserved for future use and the issue has no effect at all.Show less
CVE-2016-10708 4Canonical DebianNetapp+1 more 12Cloud Backup Clustered Data OntapData Ontap+9 more Apr 29, 2026 Jan 21, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packe...Show more sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c.Show less
CVE-2017-14583 1Netapp 1Clustered Data Ontap May 13, 2026 Dec 18, 2017 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 NetApp Clustered Data ONTAP versions 9.x prior to 9.1P10 and 9.2P2 are susceptible to a vulnerability which allows an attacker to cause a Denial of Service (DoS) in SMB environments.
CVE-2016-8610 7Debian FujitsuNetapp+4 more 45Adaptive Access Manager Application Testing SuiteClustered Data Ontap+42 more May 13, 2026 Nov 13, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use t...Show more A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.Show less
CVE-2017-5201 1Netapp 1Clustered Data Ontap May 13, 2026 Nov 10, 2017 N/A· v4 5.7 MEDIUM· v3 2.7 LOW· v2 NetApp Clustered Data ONTAP before 8.3.2P8 and 9.0 before P2 allow remote authenticated users to obtain sensitive cluster and tenant information via unspecified vectors, a different vulnerability than CVE-2016-3064.
CVE-2017-16642 4Canonical DebianNetapp+1 more 5Clustered Data Ontap Debian LinuxPhp+2 more May 13, 2026 Nov 7, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension's timelib_meridian handling of 'front of' and 'back of' directives could be used by attackers able to supply date strings t...Show more In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension's timelib_meridian handling of 'front of' and 'back of' directives could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function. NOTE: this is a different issue than CVE-2017-11145.Show less
CVE-2017-15906 5Debian NetappOpenbsd+2 more 21Active Iq Unified Manager Cloud BackupClustered Data Ontap+18 more May 28, 2026 Oct 26, 2017 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.
CVE-2017-12423 1Netapp 1Clustered Data Ontap May 13, 2026 Sep 1, 2017 N/A· v4 7.7 HIGH· v3 4.0 MEDIUM· v2 NetApp Clustered Data ONTAP 8.3.x before 8.3.2P12 allows remote authenticated users to read data on other Storage Virtual Machines (SVMs) via unspecified vectors.
CVE-2017-12421 1Netapp 1Clustered Data Ontap May 13, 2026 Sep 1, 2017 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 NetApp Clustered Data ONTAP 8.3.x before 8.3.2P12 allows remote authenticated users to execute arbitrary code on the storage controller via unspecified vectors.
CVE-2017-12420 1Netapp 1Clustered Data Ontap May 13, 2026 Aug 18, 2017 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Heap-based buffer overflow in the SMB implementation in NetApp Clustered Data ONTAP before 8.3.2P8 and 9.0 before P2 allows remote authenticated users to cause a denial of service or execute arbitrary code.
CVE-2015-7871 3Debian NetappNtp 7Clustered Data Ontap Data OntapDebian Linux+4 more May 13, 2026 Aug 7, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication.
CVE-2015-7855 4Debian NetappNtp+1 more 9Clustered Data Ontap Data OntapDebian Linux+6 more May 13, 2026 Aug 7, 2017 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (assertion failure) via a 6 or mode 7 packet containing a long data value.
CVE-2015-7854 2Netapp Ntp 6Clustered Data Ontap Data OntapNtp+3 more May 13, 2026 Aug 7, 2017 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Buffer overflow in the password management functionality in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary co...Show more Buffer overflow in the password management functionality in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted key file.Show less
CVE-2015-7853 2Netapp Ntp 6Clustered Data Ontap Data OntapNtp+3 more May 13, 2026 Aug 7, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative input value.
CVE-2015-7852 5Debian NetappNtp+2 more 14Clustered Data Ontap Data OntapDebian Linux+11 more May 13, 2026 Aug 7, 2017 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted mode 6 response packets.
CVE-2015-7850 3Debian NetappNtp 7Clustered Data Ontap Data OntapDebian Linux+4 more May 13, 2026 Aug 7, 2017 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (infinite loop or crash) by pointing the key file at the log file.
CVE-2015-7849 2Netapp Ntp 6Clustered Data Ontap Data OntapNtp+3 more May 13, 2026 Aug 7, 2017 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Use-after-free vulnerability in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to possibly execute arbitrary code or cause a denial of service (crash) via crafted packets.
CVE-2015-7705 4Citrix NetappNtp+1 more 8Clustered Data Ontap Data OntapNtp+5 more May 13, 2026 Aug 7, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests.

Previous 1...6 789 10 Next