Netapp

Oncommand Balance

83 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2016-9841

  • EPSS 20.28%
  • Published 23.05.2017 04:29:01
  • Last modified 20.04.2025 01:37:25

inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.

10

CVE-2017-5638

Warning Media report Exploit
  • EPSS 94.27%
  • Published 11.03.2017 02:59:00
  • Last modified 20.04.2025 01:37:25

The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a...

7.1

CVE-2016-10165

  • EPSS 0.87%
  • Published 03.02.2017 19:59:00
  • Last modified 20.04.2025 01:37:25

The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read.

5.3

CVE-2016-2518

  • EPSS 1.47%
  • Published 30.01.2017 21:59:01
  • Last modified 20.04.2025 01:37:25

The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value.

5.9

CVE-2015-7977

  • EPSS 9.71%
  • Published 30.01.2017 21:59:00
  • Last modified 20.04.2025 01:37:25

ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference) via a ntpdc reslist command.

6.5

CVE-2015-7973

  • EPSS 4.59%
  • Published 30.01.2017 21:59:00
  • Last modified 20.04.2025 01:37:25

NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in broadcast mode, allows man-in-the-middle attackers to conduct replay attacks by sniffing the network.

7.5

CVE-2015-7848

Exploit
  • EPSS 0.85%
  • Published 06.01.2017 21:59:00
  • Last modified 23.05.2025 02:15:39

An integer overflow can occur in NTP-dev.4.3.70 leading to an out-of-bounds memory copy operation when processing a specially crafted private mode packet. The crafted packet needs to have the correct message authentication code and a valid timestamp....

7.2

CVE-2016-5195

Warning Exploit
  • EPSS 94.25%
  • Published 10.11.2016 21:59:00
  • Last modified 12.04.2025 10:46:40

Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in Oc...

10

CVE-2016-3427

Warning
  • EPSS 93.75%
  • Published 21.04.2016 11:00:21
  • Last modified 12.04.2025 10:46:40

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.

7.7

CVE-2015-7974

Exploit
  • EPSS 3.67%
  • Published 26.01.2016 19:59:00
  • Last modified 12.04.2025 10:46:40

NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key."