Netapp

Clustered Data Ontap

144 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2017-15906

  • EPSS 2.76%
  • Published 26.10.2017 03:29:00
  • Last modified 20.04.2025 01:37:25

The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.

8.8

CVE-2017-12421

  • EPSS 1.73%
  • Published 01.09.2017 21:29:00
  • Last modified 20.04.2025 01:37:25

NetApp Clustered Data ONTAP 8.3.x before 8.3.2P12 allows remote authenticated users to execute arbitrary code on the storage controller via unspecified vectors.

7.7

CVE-2017-12423

  • EPSS 0.22%
  • Published 01.09.2017 21:29:00
  • Last modified 20.04.2025 01:37:25

NetApp Clustered Data ONTAP 8.3.x before 8.3.2P12 allows remote authenticated users to read data on other Storage Virtual Machines (SVMs) via unspecified vectors.

8.8

CVE-2017-12420

  • EPSS 1.95%
  • Published 18.08.2017 17:29:01
  • Last modified 20.04.2025 01:37:25

Heap-based buffer overflow in the SMB implementation in NetApp Clustered Data ONTAP before 8.3.2P8 and 9.0 before P2 allows remote authenticated users to cause a denial of service or execute arbitrary code.

7.5

CVE-2016-8743

  • EPSS 8.41%
  • Published 27.07.2017 21:29:00
  • Last modified 20.04.2025 01:37:25

Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in...

6.5

CVE-2017-7947

  • EPSS 0.29%
  • Published 17.07.2017 21:29:00
  • Last modified 20.04.2025 01:37:25

NetApp Clustered Data ONTAP before 8.3.2P11, 9.0 before P4, and 9.1 before P5 allow attackers to obtain sensitive password information by leveraging logging of passwords entered non-interactively on the command line.

9.1

CVE-2017-11147

Exploit
  • EPSS 2.86%
  • Published 10.07.2017 14:29:00
  • Last modified 20.04.2025 01:37:25

In PHP before 5.6.30 and 7.x before 7.0.15, the PHAR archive handler could be used by attackers supplying malicious archive files to crash the PHP interpreter or potentially disclose information due to a buffer over-read in the phar_parse_pharfile fu...

7.5

CVE-2016-3997

  • EPSS 0.43%
  • Published 03.07.2017 16:29:00
  • Last modified 20.04.2025 01:37:25

NetApp Clustered Data ONTAP allows man-in-the-middle attackers to obtain sensitive information, gain privileges, or cause a denial of service by leveraging failure to enable SMB signing enforcement in its default state.

9.8

CVE-2017-3167

  • EPSS 9.44%
  • Published 20.06.2017 01:29:00
  • Last modified 20.04.2025 01:37:25

In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed.

7.5

CVE-2017-7668

  • EPSS 65.46%
  • Published 20.06.2017 01:29:00
  • Last modified 20.04.2025 01:37:25

The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacke...