Clustered Data ONTAP versions prior to 9.3P21, 9.5P16, 9.6P12, 9.7P9 and 9.8 are susceptible to a vulnerability which could allow a remote authenticated attacker to cause a Denial of Service (DoS) on clustered Data ONTAP configured for SMB access.
Max CVSS
6.5
EPSS Score
0.14%
Published
2021-03-04
Updated
2021-03-17
Clustered Data ONTAP versions prior to 9.3P21, 9.5P16, 9.6P12, 9.7P8 and 9.8 are susceptible to a vulnerability which could allow unauthorized tenant users to discover information related to converting a 7-Mode directory to Cluster-mode such as Storage Virtual Machine (SVM) names, volume names, directory paths and Job IDs.
Max CVSS
3.5
EPSS Score
0.04%
Published
2021-03-04
Updated
2021-03-18
NTP through 4.2.8p12 has a NULL Pointer Dereference.
Max CVSS
7.5
EPSS Score
0.72%
Published
2019-05-15
Updated
2020-10-07
SMB in Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 has weak cryptography which when exploited could lead to information disclosure or addition or modification of data.
Max CVSS
9.1
EPSS Score
0.17%
Published
2019-08-05
Updated
2021-07-21
Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 may disclose sensitive LDAP account information to unauthenticated remote attackers.
Max CVSS
7.5
EPSS Score
0.38%
Published
2019-08-02
Updated
2020-08-24
Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 are susceptible to a vulnerability which discloses information to an unauthenticated attacker. A successful attack requires that multiple non-default options be enabled.
Max CVSS
7.5
EPSS Score
0.17%
Published
2019-08-02
Updated
2020-08-24
An issue was discovered in elf_link_input_bfd in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in elf_link_input_bfd when used for finding STT_TLS symbols without any TLS section. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.
Max CVSS
5.5
EPSS Score
0.52%
Published
2018-10-23
Updated
2019-10-31
An issue was discovered in the merge_strings function in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in _bfd_add_merge_section when attempting to merge sections with large alignments. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.
Max CVSS
5.5
EPSS Score
0.52%
Published
2018-10-23
Updated
2019-10-31
A heap-based buffer over-read issue was discovered in the function sec_merge_hash_lookup in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, because _bfd_add_merge_section mishandles section merges when size is not a multiple of entsize. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.
Max CVSS
5.5
EPSS Score
0.51%
Published
2018-10-23
Updated
2019-10-31
snmp_oid_compare in snmplib/snmp_api.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an unauthenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.
Max CVSS
7.5
EPSS Score
0.39%
Published
2018-10-08
Updated
2019-10-16
_set_key in agent/helpers/table_container.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.
Max CVSS
6.5
EPSS Score
0.41%
Published
2018-10-08
Updated
2019-10-16

CVE-2018-15473

Public exploit
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.
Max CVSS
5.3
EPSS Score
2.36%
Published
2018-08-17
Updated
2023-02-23
Data ONTAP operating in 7-Mode versions prior to 8.2.5P2 are susceptible to a vulnerability which discloses sensitive information to an unauthorized user.
Max CVSS
4.4
EPSS Score
0.04%
Published
2018-12-04
Updated
2019-02-05
NetApp Data ONTAP before 8.2.5, when operating in 7-Mode in NFS environments, allows remote attackers to cause a denial of service via unspecified vectors.
Max CVSS
5.9
EPSS Score
0.18%
Published
2017-08-18
Updated
2017-08-26
NetApp Data ONTAP before 8.2.4P5, when operating in 7-Mode, allows remote attackers to obtain information about the volumes configured for HTTP access.
Max CVSS
5.9
EPSS Score
0.27%
Published
2017-02-07
Updated
2017-02-24
NetApp OnCommand System Manager 8.3.x before 8.3.2 allows remote authenticated users to execute arbitrary code via unspecified vectors.
Max CVSS
8.8
EPSS Score
0.41%
Published
2017-02-07
Updated
2017-11-16
NetApp Data ONTAP before 8.2.4P1, when 7-Mode and HTTP access are enabled, allows remote attackers to obtain sensitive volume information via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.17%
Published
2016-01-18
Updated
2017-11-16

CVE-2015-7871

Public exploit
Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication.
Max CVSS
9.8
EPSS Score
97.02%
Published
2017-08-07
Updated
2021-04-13
The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (assertion failure) via a 6 or mode 7 packet containing a long data value.
Max CVSS
6.5
EPSS Score
97.07%
Published
2017-08-07
Updated
2021-04-19
Buffer overflow in the password management functionality in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted key file.
Max CVSS
8.8
EPSS Score
0.84%
Published
2017-08-07
Updated
2020-06-18
The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative input value.
Max CVSS
9.8
EPSS Score
7.28%
Published
2017-08-07
Updated
2021-07-16
ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted mode 6 response packets.
Max CVSS
5.9
EPSS Score
3.70%
Published
2017-08-07
Updated
2020-06-18
ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (infinite loop or crash) by pointing the key file at the log file.
Max CVSS
6.5
EPSS Score
0.86%
Published
2017-08-07
Updated
2020-06-18
Use-after-free vulnerability in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to possibly execute arbitrary code or cause a denial of service (crash) via crafted packets.
Max CVSS
8.8
EPSS Score
1.01%
Published
2017-08-07
Updated
2020-06-18
NetApp Data ONTAP before 8.2.4, when operating in 7-Mode, allows remote attackers to bypass authentication and (1) obtain sensitive information from or (2) modify volumes via vectors related to UTF-8 in the volume language.
Max CVSS
9.8
EPSS Score
0.47%
Published
2017-09-01
Updated
2017-09-06
33 vulnerabilities found
1 2
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!