Netapp Clustered_data_ontap
52 CVEs affecting Netapp Clustered_data_ontap. Latest disclosed: 2022-06-02. Critical: 9, High: 25.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2015-7871 | Critical | 9.8 | 2017-08-07 | Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication. |
CVE-2015-7853 | Critical | 9.8 | 2017-08-07 | The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitrary code or cause a… |
CVE-2015-7705 | Critical | 9.8 | 2017-08-07 | The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted re… |
CVE-2017-3167 | Critical | 9.8 | 2017-06-20 | In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may l… |
CVE-2017-9119 | Critical | 9.8 | 2017-05-21 | The i_zval_ptr_dtor function in Zend/zend_variables.h in PHP 7.1.5 allows attackers to cause a denial of service (memory consumption and application crash) or… |
CVE-2016-10160 | Critical | 9.8 | 2017-01-24 | Off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial… |
CVE-2016-7480 | Critical | 9.8 | 2017-01-11 | The SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote att… |
CVE-2017-5340 | Critical | 9.8 | 2017-01-11 | Zend/zend_hash.c in PHP before 7.0.15 and 7.1.x before 7.1.1 mishandles certain cases that require large array allocations, which allows remote attackers to ex… |
CVE-2017-11147 | Critical | 9.1 | 2017-07-10 | In PHP before 5.6.30 and 7.x before 7.0.15, the PHAR archive handler could be used by attackers supplying malicious archive files to crash the PHP interpreter… |
CVE-2017-12421 | High | 8.8 | 2017-09-01 | NetApp Clustered Data ONTAP 8.3.x before 8.3.2P12 allows remote authenticated users to execute arbitrary code on the storage controller via unspecified vectors. |
CVE-2017-12420 | High | 8.8 | 2017-08-18 | Heap-based buffer overflow in the SMB implementation in NetApp Clustered Data ONTAP before 8.3.2P8 and 9.0 before P2 allows remote authenticated users to cause… |
CVE-2015-7854 | High | 8.8 | 2017-08-07 | Buffer overflow in the password management functionality in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a deni… |
CVE-2015-7849 | High | 8.8 | 2017-08-07 | Use-after-free vulnerability in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to possibly execute arbitrary code… |
CVE-2022-22576 | High | 8.1 | 2022-05-26 | An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properl… |
CVE-2017-12423 | High | 7.7 | 2017-09-01 | NetApp Clustered Data ONTAP 8.3.x before 8.3.2P12 allows remote authenticated users to read data on other Storage Virtual Machines (SVMs) via unspecified vecto… |
CVE-2015-7974 | High | 7.7 | 2016-01-26 | NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attacker… |
CVE-2022-27781 | High | 7.5 | 2022-06-02 | libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous fu… |
CVE-2022-27775 | High | 7.5 | 2022-06-02 | An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a… |
CVE-2022-0778 | High | 7.5 | 2022-03-15 | The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this functi… |
CVE-2021-22926 | High | 7.5 | 2021-08-05 | libcurl-using applications can ask for a specific client certificate to be used in a transfer. This is done with the `CURLOPT_SSLCERT` option (`--cert` with th… |