Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Clustered_data_ontap
(Netapp)| Repositories |
• https://github.com/php/php-src
• https://github.com/openbsd/src • https://github.com/derickr/timelib |
| #Vulnerabilities | 183 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-07-01 | CVE-2019-5497 | NetApp AFF A700s Baseboard Management Controller (BMC) firmware versions 1.22 and higher were shipped with a default account enabled that could allow unauthorized arbitrary command execution. | Aff_a700s_firmware, Clustered_data_ontap | 9.8 | ||
| 2019-02-06 | CVE-2018-16890 | libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds. | Ubuntu_linux, Debian_linux, Libcurl, Clustered_data_ontap, Communications_operations_monitor, Http_server, Secure_global_desktop, Sinema_remote_connect_client | 7.5 | ||
| 2019-02-27 | CVE-2019-5491 | Clustered Data ONTAP versions prior to 9.1P15 and 9.3 prior to 9.3P7 are susceptible to a vulnerability which discloses sensitive information to an unauthenticated user. | Clustered_data_ontap | 7.5 | ||
| 2019-02-01 | CVE-2018-5498 | Clustered Data ONTAP versions 9.0 through 9.4 are susceptible to a vulnerability which allows remote authenticated attackers to cause a Denial of Service (DoS) in NFS and SMB environments. Exploitation of this vulnerability will allow a remote authenticated attacker to cause a Denial of Service (DoS) on affected versions of clustered Data ONTAP configured for multiprotocol access. | Clustered_data_ontap | 4.4 | ||
| 2019-01-24 | CVE-2018-5497 | Clustered Data ONTAP versions prior to 9.1P16, 9.3P10 and 9.4P5 are susceptible to a vulnerability which discloses sensitive information to an unauthorized user. | Clustered_data_ontap | 4.4 | ||
| 2018-08-03 | CVE-2018-5490 | Read-Only export policy rules are not correctly enforced in Clustered Data ONTAP 8.3 Release Candidate versions and therefore may allow more than "read-only" access from authenticated SMBv2 and SMBv3 clients. This behavior has been resolved in the GA release. Customers running prior release candidates (RCs) are requested to update their systems to the NetApp Data ONTAP 8.3 GA release. | Clustered_data_ontap | 8.8 | ||
| 2017-05-21 | CVE-2017-9119 | The i_zval_ptr_dtor function in Zend/zend_variables.h in PHP 7.1.5 allows attackers to cause a denial of service (memory consumption and application crash) or possibly have unspecified other impact by triggering crafted operations on array data structures. | Clustered_data_ontap, Storage_automation_store, Php | 9.8 | ||
| 2017-07-17 | CVE-2017-7947 | NetApp Clustered Data ONTAP before 8.3.2P11, 9.0 before P4, and 9.1 before P5 allow attackers to obtain sensitive password information by leveraging logging of passwords entered non-interactively on the command line. | Clustered_data_ontap | 6.5 | ||
| 2017-04-10 | CVE-2017-7345 | NetApp OnCommand Performance Manager and OnCommand Unified Manager for Clustered Data ONTAP before 7.1P1 improperly bind the Java Management Extension Remote Method Invocation (aka JMX RMI) service to the network, which allows remote attackers to obtain sensitive information via unspecified vectors. | Clustered_data_ontap | 5.3 | ||
| 2017-04-10 | CVE-2017-5988 | NetApp Clustered Data ONTAP 8.1 through 9.1P1, when NFS or SMB is enabled, allows remote attackers to cause a denial of service via unspecified vectors. | Clustered_data_ontap | 7.5 |