Product:

Clustered_data_ontap

(Netapp)
Repositories https://github.com/derickr/timelib
https://github.com/openbsd/src
#Vulnerabilities 38
Date ID Summary Products Score Patch
2019-04-08 CVE-2019-0217 In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions. Http_server, Ubuntu_linux, Debian_linux, Fedora, Clustered_data_ontap, Oncommand_unified_manager, Leap, Enterprise_manager_ops_center, Http_server, Retail_xstore_point_of_service, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation N/A
2019-10-25 CVE-2019-5508 Clustered Data ONTAP versions 9.2 through 9.6 are susceptible to a vulnerability which allows an attacker to use l2ping to cause a Denial of Service (DoS). Clustered_data_ontap N/A
2019-10-09 CVE-2019-5506 Clustered Data ONTAP versions 9.0 and higher do not enforce hostname verification under certain circumstances making them susceptible to impersonation via man-in-the-middle attacks. Clustered_data_ontap N/A
2017-09-01 CVE-2017-12423 NetApp Clustered Data ONTAP 8.3.x before 8.3.2P12 allows remote authenticated users to read data on other Storage Virtual Machines (SVMs) via unspecified vectors. Clustered_data_ontap 7.7
2017-09-01 CVE-2017-12421 NetApp Clustered Data ONTAP 8.3.x before 8.3.2P12 allows remote authenticated users to execute arbitrary code on the storage controller via unspecified vectors. Clustered_data_ontap 8.8
2017-11-07 CVE-2017-16642 In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension's timelib_meridian handling of 'front of' and 'back of' directives could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function. NOTE: this is a different issue than CVE-2017-11145. Ubuntu_linux, Debian_linux, Clustered_data_ontap, Storage_automation_store, Php 7.5
2018-03-26 CVE-2018-1303 A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of mod_cache_socache. The vulnerability is considered as low risk since mod_cache_socache is not widely used, mod_cache_disk is not concerned by this vulnerability. Http_server, Ubuntu_linux, Debian_linux, Clustered_data_ontap, Santricity_cloud_connector, Storage_automation_store, Storagegrid 7.5
2018-03-26 CVE-2018-1302 When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter and the team could not reproduce it outside debug builds, so it is classified as low risk. Http_server, Ubuntu_linux, Clustered_data_ontap, Santricity_cloud_connector, Storage_automation_store, Storagegrid 5.9
2018-03-26 CVE-2018-1301 A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to trigger in non-debug mode (both log and build level), so it is classified as low risk for common server usage. Http_server, Ubuntu_linux, Debian_linux, Clustered_data_ontap, Santricity_cloud_connector, Storage_automation_store, Storagegrid, Enterprise_linux 5.9
2018-03-26 CVE-2018-1283 In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a "Session" header. This comes from the "HTTP_SESSION" variable name used by mod_session to forward its data to CGIs, since the prefix "HTTP_" is also used by the Apache HTTP Server to pass HTTP header fields, per CGI specifications. Http_server, Ubuntu_linux, Debian_linux, Clustered_data_ontap, Santricity_cloud_connector, Storage_automation_store, Storagegrid, Enterprise_linux 5.3