Vulnerabilities (CVE)

Filtered by vendor Netapp Subscribe
Filtered by product Clustered Data Ontap
Total 190 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-7973 5 Canonical, Freebsd, Netapp and 2 more 9 Ubuntu Linux, Freebsd, Clustered Data Ontap and 6 more 2025-04-20 5.8 MEDIUM 6.5 MEDIUM
NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in broadcast mode, allows man-in-the-middle attackers to conduct replay attacks by sniffing the network.
CVE-2017-12421 1 Netapp 1 Clustered Data Ontap 2025-04-20 6.5 MEDIUM 8.8 HIGH
NetApp Clustered Data ONTAP 8.3.x before 8.3.2P12 allows remote authenticated users to execute arbitrary code on the storage controller via unspecified vectors.
CVE-2016-10160 3 Debian, Netapp, Php 3 Debian Linux, Clustered Data Ontap, Php 2025-04-20 7.5 HIGH 9.8 CRITICAL
Off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PHAR archive with an alias mismatch.
CVE-2016-8610 7 Debian, Fujitsu, Netapp and 4 more 53 Debian Linux, M10-1, M10-1 Firmware and 50 more 2025-04-20 5.0 MEDIUM 7.5 HIGH
A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.
CVE-2017-3167 6 Apache, Apple, Debian and 3 more 15 Http Server, Mac Os X, Debian Linux and 12 more 2025-04-20 7.5 HIGH 9.8 CRITICAL
In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed.
CVE-2016-3997 1 Netapp 1 Clustered Data Ontap 2025-04-20 6.8 MEDIUM 7.5 HIGH
NetApp Clustered Data ONTAP allows man-in-the-middle attackers to obtain sensitive information, gain privileges, or cause a denial of service by leveraging failure to enable SMB signing enforcement in its default state.
CVE-2015-7702 5 Debian, Netapp, Ntp and 2 more 13 Debian Linux, Clustered Data Ontap, Data Ontap and 10 more 2025-04-20 4.0 MEDIUM 6.5 MEDIUM
The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.
CVE-2015-7850 3 Debian, Netapp, Ntp 7 Debian Linux, Clustered Data Ontap, Data Ontap and 4 more 2025-04-20 4.0 MEDIUM 6.5 MEDIUM
ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (infinite loop or crash) by pointing the key file at the log file.
CVE-2017-16642 4 Canonical, Debian, Netapp and 1 more 5 Ubuntu Linux, Debian Linux, Clustered Data Ontap and 2 more 2025-04-20 5.0 MEDIUM 7.5 HIGH
In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension's timelib_meridian handling of 'front of' and 'back of' directives could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function. NOTE: this is a different issue than CVE-2017-11145.
CVE-2017-15906 5 Debian, Netapp, Openbsd and 2 more 22 Debian Linux, Active Iq Unified Manager, Cloud Backup and 19 more 2025-04-20 5.0 MEDIUM 5.3 MEDIUM
The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.
CVE-2017-5340 2 Netapp, Php 2 Clustered Data Ontap, Php 2025-04-20 7.5 HIGH 9.8 CRITICAL
Zend/zend_hash.c in PHP before 7.0.15 and 7.1.x before 7.1.1 mishandles certain cases that require large array allocations, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow, uninitialized memory access, and use of arbitrary destructor function pointers) via crafted serialized data.
CVE-2017-5988 1 Netapp 1 Clustered Data Ontap 2025-04-20 5.0 MEDIUM 7.5 HIGH
NetApp Clustered Data ONTAP 8.1 through 9.1P1, when NFS or SMB is enabled, allows remote attackers to cause a denial of service via unspecified vectors.
CVE-2015-7852 5 Debian, Netapp, Ntp and 2 more 14 Debian Linux, Clustered Data Ontap, Data Ontap and 11 more 2025-04-20 4.3 MEDIUM 5.9 MEDIUM
ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted mode 6 response packets.
CVE-2015-7849 2 Netapp, Ntp 6 Clustered Data Ontap, Data Ontap, Oncommand Balance and 3 more 2025-04-20 6.5 MEDIUM 8.8 HIGH
Use-after-free vulnerability in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to possibly execute arbitrary code or cause a denial of service (crash) via crafted packets.
CVE-2017-9119 2 Netapp, Php 3 Clustered Data Ontap, Storage Automation Store, Php 2025-04-20 7.5 HIGH 9.8 CRITICAL
The i_zval_ptr_dtor function in Zend/zend_variables.h in PHP 7.1.5 allows attackers to cause a denial of service (memory consumption and application crash) or possibly have unspecified other impact by triggering crafted operations on array data structures.
CVE-2015-7854 2 Netapp, Ntp 6 Clustered Data Ontap, Data Ontap, Oncommand Balance and 3 more 2025-04-20 6.5 MEDIUM 8.8 HIGH
Buffer overflow in the password management functionality in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted key file.
CVE-2017-7947 1 Netapp 1 Clustered Data Ontap 2025-04-20 5.0 MEDIUM 6.5 MEDIUM
NetApp Clustered Data ONTAP before 8.3.2P11, 9.0 before P4, and 9.1 before P5 allow attackers to obtain sensitive password information by leveraging logging of passwords entered non-interactively on the command line.
CVE-2015-7705 4 Citrix, Netapp, Ntp and 1 more 10 Xenserver, Clustered Data Ontap, Data Ontap and 7 more 2025-04-20 7.5 HIGH 9.8 CRITICAL
The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests.
CVE-2015-8020 1 Netapp 1 Clustered Data Ontap 2025-04-20 4.3 MEDIUM 3.7 LOW
Clustered Data ONTAP versions 8.0, 8.3.1, and 8.3.2 contain a default privileged account which under certain conditions can be used for unauthorized information disclosure.
CVE-2015-7704 6 Citrix, Debian, Mcafee and 3 more 14 Xenserver, Debian Linux, Enterprise Security Manager and 11 more 2025-04-20 5.0 MEDIUM 7.5 HIGH
The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages.