Filtered by vendor Netapp Subscriptions
Filtered by product Data Ontap Subscriptions
Total 42 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2016-8610 7 Debian, Fujitsu, Netapp and 4 more 55 Debian Linux, M10-1, M10-1 Firmware and 52 more 2024-08-06 7.5 High
A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.
CVE-2016-6495 1 Netapp 1 Data Ontap 2024-08-06 N/A
NetApp Data ONTAP before 8.2.4P5, when operating in 7-Mode, allows remote attackers to obtain information about the volumes configured for HTTP access.
CVE-2016-5374 1 Netapp 1 Data Ontap 2024-08-06 N/A
NetApp Data ONTAP 9.0 and 9.1 before 9.1P1 allows remote authenticated users that own SMB-hosted data to bypass intended sharing restrictions by leveraging improper handling of the owner_rights ACL entry.
CVE-2016-3400 1 Netapp 1 Data Ontap 2024-08-05 N/A
NetApp Data ONTAP 8.1 and 8.2, when operating in 7-Mode, allows man-in-the-middle attackers to obtain sensitive information, gain privileges, or cause a denial of service via vectors related to the SMB protocol.
CVE-2016-2518 7 Debian, Freebsd, Netapp and 4 more 20 Debian Linux, Freebsd, Clustered Data Ontap and 17 more 2024-08-05 5.3 Medium
The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value.
CVE-2016-1895 1 Netapp 1 Data Ontap 2024-08-05 N/A
NetApp Data ONTAP before 8.2.5 and 8.3.x before 8.3.2P12 allow remote authenticated users to cause a denial of service via vectors related to unsafe user input string handling.
CVE-2017-12859 1 Netapp 1 Data Ontap 2024-08-05 N/A
NetApp Data ONTAP before 8.2.5, when operating in 7-Mode in NFS environments, allows remote attackers to cause a denial of service via unspecified vectors.
CVE-2018-18607 3 Debian, Gnu, Netapp 3 Debian Linux, Binutils, Data Ontap 2024-08-05 N/A
An issue was discovered in elf_link_input_bfd in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in elf_link_input_bfd when used for finding STT_TLS symbols without any TLS section. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.
CVE-2018-18605 3 Debian, Gnu, Netapp 3 Debian Linux, Binutils, Data Ontap 2024-08-05 N/A
A heap-based buffer over-read issue was discovered in the function sec_merge_hash_lookup in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, because _bfd_add_merge_section mishandles section merges when size is not a multiple of entsize. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.
CVE-2018-18606 3 Debian, Gnu, Netapp 3 Debian Linux, Binutils, Data Ontap 2024-08-05 N/A
An issue was discovered in the merge_strings function in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in _bfd_add_merge_section when attempting to merge sections with large alignments. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.
CVE-2018-18066 3 Net-snmp, Netapp, Redhat 9 Net-snmp, Cloud Backup, Data Ontap and 6 more 2024-08-05 N/A
snmp_oid_compare in snmplib/snmp_api.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an unauthenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.
CVE-2018-18065 5 Canonical, Debian, Net-snmp and 2 more 10 Ubuntu Linux, Debian Linux, Net-snmp and 7 more 2024-08-05 N/A
_set_key in agent/helpers/table_container.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.
CVE-2018-15473 7 Canonical, Debian, Netapp and 4 more 25 Ubuntu Linux, Debian Linux, Aff Baseboard Management Controller and 22 more 2024-08-05 5.3 Medium
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.
CVE-2018-5496 1 Netapp 1 Data Ontap 2024-08-05 N/A
Data ONTAP operating in 7-Mode versions prior to 8.2.5P2 are susceptible to a vulnerability which discloses sensitive information to an unauthorized user.
CVE-2019-8936 5 Fedoraproject, Hpe, Netapp and 2 more 6 Fedora, Hpux-ntp, Clustered Data Ontap and 3 more 2024-08-04 7.5 High
NTP through 4.2.8p12 has a NULL Pointer Dereference.
CVE-2019-5501 1 Netapp 1 Data Ontap 2024-08-04 N/A
Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 may disclose sensitive LDAP account information to unauthenticated remote attackers.
CVE-2019-5502 1 Netapp 1 Data Ontap 2024-08-04 N/A
SMB in Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 has weak cryptography which when exploited could lead to information disclosure or addition or modification of data.
CVE-2019-5493 1 Netapp 1 Data Ontap 2024-08-04 N/A
Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 are susceptible to a vulnerability which discloses information to an unauthenticated attacker. A successful attack requires that multiple non-default options be enabled.
CVE-2020-13817 5 Fujitsu, Netapp, Ntp and 2 more 41 M10-1, M10-1 Firmware, M10-4 and 38 more 2024-08-04 7.4 High
ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim's ntpd instance.
CVE-2020-11868 5 Debian, Netapp, Ntp and 2 more 24 Debian Linux, All Flash Fabric-attached Storage 8300, All Flash Fabric-attached Storage 8300 Firmware and 21 more 2024-08-04 7.5 High
ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packet lacks a valid origin timestamp.