cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*
The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.
Max CVSS
5.3
EPSS Score
0.66%
Published
2017-10-26
Updated
2022-12-13
In PHP before 5.6.30 and 7.x before 7.0.15, the PHAR archive handler could be used by attackers supplying malicious archive files to crash the PHP interpreter or potentially disclose information due to a buffer over-read in the phar_parse_pharfile function in ext/phar/phar.c.
Max CVSS
9.1
EPSS Score
0.32%
Published
2017-07-10
Updated
2022-07-20
The i_zval_ptr_dtor function in Zend/zend_variables.h in PHP 7.1.5 allows attackers to cause a denial of service (memory consumption and application crash) or possibly have unspecified other impact by triggering crafted operations on array data structures.
Max CVSS
9.8
EPSS Score
0.62%
Published
2017-05-21
Updated
2019-03-19
The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to force ap_find_token() to return an incorrect value.
Max CVSS
7.5
EPSS Score
27.31%
Published
2017-06-20
Updated
2022-04-21
NetApp OnCommand Performance Manager and OnCommand Unified Manager for Clustered Data ONTAP before 7.1P1 improperly bind the Java Management Extension Remote Method Invocation (aka JMX RMI) service to the network, which allows remote attackers to obtain sensitive information via unspecified vectors.
Max CVSS
5.3
EPSS Score
0.12%
Published
2017-04-10
Updated
2017-04-17
Zend/zend_hash.c in PHP before 7.0.15 and 7.1.x before 7.1.1 mishandles certain cases that require large array allocations, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow, uninitialized memory access, and use of arbitrary destructor function pointers) via crafted serialized data.
Max CVSS
9.8
EPSS Score
48.73%
Published
2017-01-11
Updated
2022-07-20
In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed.
Max CVSS
9.8
EPSS Score
1.40%
Published
2017-06-20
Updated
2021-06-06
Off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PHAR archive with an alias mismatch.
Max CVSS
9.8
EPSS Score
2.07%
Published
2017-01-24
Updated
2022-07-20
Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-end application servers, either through mod_proxy or using conventional CGI mechanisms, and may result in request smuggling, response splitting and cache pollution.
Max CVSS
7.5
EPSS Score
0.27%
Published
2017-07-27
Updated
2022-09-07
The SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access) via crafted serialized data.
Max CVSS
9.8
EPSS Score
0.48%
Published
2017-01-11
Updated
2022-07-20
NetApp Clustered Data ONTAP before 8.3.2P7 allows remote attackers to obtain SMB share information via unspecified vectors.
Max CVSS
7.5
EPSS Score
0.33%
Published
2017-02-07
Updated
2017-02-24
The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value.
Max CVSS
5.3
EPSS Score
0.31%
Published
2017-01-30
Updated
2021-06-10
ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference) via a ntpdc reslist command.
Max CVSS
5.9
EPSS Score
1.35%
Published
2017-01-30
Updated
2022-02-01
NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in broadcast mode, allows man-in-the-middle attackers to conduct replay attacks by sniffing the network.
Max CVSS
6.5
EPSS Score
0.67%
Published
2017-01-30
Updated
2021-04-26
14 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!