Netapp » Data Ontap : Security Vulnerabilities, CVEs,
Clustered Data ONTAP versions prior to 9.3P21, 9.5P16, 9.6P12, 9.7P9 and 9.8 are susceptible to a vulnerability which could allow a remote authenticated attacker to cause a Denial of Service (DoS) on clustered Data ONTAP configured for SMB access.
Max CVSS
6.5
EPSS Score
0.14%
Published
2021-03-04
Updated
2021-03-17
Clustered Data ONTAP versions prior to 9.3P21, 9.5P16, 9.6P12, 9.7P8 and 9.8 are susceptible to a vulnerability which could allow unauthorized tenant users to discover information related to converting a 7-Mode directory to Cluster-mode such as Storage Virtual Machine (SVM) names, volume names, directory paths and Job IDs.
Max CVSS
3.5
EPSS Score
0.04%
Published
2021-03-04
Updated
2021-03-18
NTP through 4.2.8p12 has a NULL Pointer Dereference.
Max CVSS
7.5
EPSS Score
0.72%
Published
2019-05-15
Updated
2020-10-07
SMB in Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 has weak cryptography which when exploited could lead to information disclosure or addition or modification of data.
Max CVSS
9.1
EPSS Score
0.17%
Published
2019-08-05
Updated
2021-07-21
Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 may disclose sensitive LDAP account information to unauthenticated remote attackers.
Max CVSS
7.5
EPSS Score
0.38%
Published
2019-08-02
Updated
2020-08-24
Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 are susceptible to a vulnerability which discloses information to an unauthenticated attacker. A successful attack requires that multiple non-default options be enabled.
Max CVSS
7.5
EPSS Score
0.17%
Published
2019-08-02
Updated
2020-08-24
An issue was discovered in elf_link_input_bfd in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in elf_link_input_bfd when used for finding STT_TLS symbols without any TLS section. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.
Max CVSS
5.5
EPSS Score
0.52%
Published
2018-10-23
Updated
2019-10-31
An issue was discovered in the merge_strings function in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in _bfd_add_merge_section when attempting to merge sections with large alignments. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.
Max CVSS
5.5
EPSS Score
0.52%
Published
2018-10-23
Updated
2019-10-31
A heap-based buffer over-read issue was discovered in the function sec_merge_hash_lookup in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, because _bfd_add_merge_section mishandles section merges when size is not a multiple of entsize. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.
Max CVSS
5.5
EPSS Score
0.51%
Published
2018-10-23
Updated
2019-10-31
snmp_oid_compare in snmplib/snmp_api.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an unauthenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.
Max CVSS
7.5
EPSS Score
0.39%
Published
2018-10-08
Updated
2019-10-16
_set_key in agent/helpers/table_container.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.
Max CVSS
6.5
EPSS Score
0.41%
Published
2018-10-08
Updated
2019-10-16
CVE-2018-15473
Public exploit
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.
Max CVSS
5.3
EPSS Score
2.36%
Published
2018-08-17
Updated
2023-02-23
Data ONTAP operating in 7-Mode versions prior to 8.2.5P2 are susceptible to a vulnerability which discloses sensitive information to an unauthorized user.
Max CVSS
4.4
EPSS Score
0.04%
Published
2018-12-04
Updated
2019-02-05
NetApp Data ONTAP before 8.2.5, when operating in 7-Mode in NFS environments, allows remote attackers to cause a denial of service via unspecified vectors.
Max CVSS
5.9
EPSS Score
0.18%
Published
2017-08-18
Updated
2017-08-26
NetApp Data ONTAP before 8.2.4P5, when operating in 7-Mode, allows remote attackers to obtain information about the volumes configured for HTTP access.
Max CVSS
5.9
EPSS Score
0.27%
Published
2017-02-07
Updated
2017-02-24
NetApp OnCommand System Manager 8.3.x before 8.3.2 allows remote authenticated users to execute arbitrary code via unspecified vectors.
Max CVSS
8.8
EPSS Score
0.41%
Published
2017-02-07
Updated
2017-11-16
NetApp Data ONTAP before 8.2.4P1, when 7-Mode and HTTP access are enabled, allows remote attackers to obtain sensitive volume information via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.17%
Published
2016-01-18
Updated
2017-11-16
CVE-2015-7871
Public exploit
Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication.
Max CVSS
9.8
EPSS Score
97.02%
Published
2017-08-07
Updated
2021-04-13
The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (assertion failure) via a 6 or mode 7 packet containing a long data value.
Max CVSS
6.5
EPSS Score
97.07%
Published
2017-08-07
Updated
2021-04-19
Buffer overflow in the password management functionality in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted key file.
Max CVSS
8.8
EPSS Score
0.84%
Published
2017-08-07
Updated
2020-06-18
The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative input value.
Max CVSS
9.8
EPSS Score
7.28%
Published
2017-08-07
Updated
2021-07-16
ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted mode 6 response packets.
Max CVSS
5.9
EPSS Score
3.70%
Published
2017-08-07
Updated
2020-06-18
ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (infinite loop or crash) by pointing the key file at the log file.
Max CVSS
6.5
EPSS Score
0.86%
Published
2017-08-07
Updated
2020-06-18
Use-after-free vulnerability in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to possibly execute arbitrary code or cause a denial of service (crash) via crafted packets.
Max CVSS
8.8
EPSS Score
1.01%
Published
2017-08-07
Updated
2020-06-18
NetApp Data ONTAP before 8.2.4, when operating in 7-Mode, allows remote attackers to bypass authentication and (1) obtain sensitive information from or (2) modify volumes via vectors related to UTF-8 in the volume language.
Max CVSS
9.8
EPSS Score
0.47%
Published
2017-09-01
Updated
2017-09-06