Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Oncommand_balance
(Netapp)| Repositories |
• https://github.com/mm2/Little-CMS
• https://github.com/madler/zlib |
| #Vulnerabilities | 75 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-01-16 | CVE-2017-3138 | named contains a feature which allows operators to issue commands to a running server by communicating with the server process over a control channel, using a utility program such as rndc. A regression introduced in a recent feature change has created a situation under which some versions of named can be caused to exit with a REQUIRE assertion failure if they are sent a null command string. Affects BIND 9.9.9->9.9.9-P7, 9.9.10b1->9.9.10rc2, 9.10.4->9.10.4-P7, 9.10.5b1->9.10.5rc2,... | Debian_linux, Bind, Data_ontap_edge, Element_software, Oncommand_balance | 5.3 | ||
| 2019-01-16 | CVE-2017-3137 | Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could lead to a situation in which named would exit with an assertion failure when processing a response in which records occurred in an unusual order. Affects BIND 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0-P3, 9.11.1b1->9.11.1rc1, and 9.9.9-S8. | Debian_linux, Bind, Data_ontap_edge, Element_software, Oncommand_balance, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation | 7.5 | ||
| 2017-12-01 | CVE-2017-15707 | In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an outdated JSON-lib library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted JSON payload. | Struts, Oncommand_balance, Agile_plm_framework, Enterprise_manager_for_virtualization, Financial_services_hedge_management_and_ifrs_valuations, Financial_services_market_risk_measurement_and_management, Global_lifecycle_management_opatchauto, Jd_edwards_enterpriseone_tools, Retail_order_broker, Retail_xstore_point_of_service, Webcenter_portal, Weblogic_server | 6.2 | ||
| 2017-10-16 | CVE-2016-4461 | Apache Struts 2.x before 2.3.29 allows remote attackers to execute arbitrary code via a "%{}" sequence in a tag attribute, aka forced double OGNL evaluation. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-0785. | Struts, Oncommand_balance | 8.8 | ||
| 2015-02-06 | CVE-2014-9354 | NetApp OnCommand Balance before 4.2P3 allows local users to obtain sensitive information via unspecified vectors related to cleartext storage. | Oncommand_balance | N/A | ||
| 2015-02-06 | CVE-2014-9353 | NetApp OnCommand Balance before 4.2P2 contains a "default privileged account," which allows remote attackers to gain privileges via unspecified vectors. | Oncommand_balance | N/A |