Search
Total
17 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-11868 | 5 Debian, Netapp, Ntp and 2 more | 24 Debian Linux, All Flash Fabric-attached Storage 8300, All Flash Fabric-attached Storage 8300 Firmware and 21 more | 2022-04-26 | 5.0 MEDIUM | 7.5 HIGH |
| ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packet lacks a valid origin timestamp. | |||||
| CVE-2015-7704 | 6 Citrix, Debian, Mcafee and 3 more | 14 Xenserver, Debian Linux, Enterprise Security Manager and 11 more | 2021-11-17 | 5.0 MEDIUM | 7.5 HIGH |
| The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages. | |||||
| CVE-2016-10708 | 4 Canonical, Debian, Netapp and 1 more | 12 Ubuntu Linux, Debian Linux, Cloud Backup and 9 more | 2021-09-14 | 5.0 MEDIUM | 7.5 HIGH |
| sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c. | |||||
| CVE-2016-8610 | 4 Debian, Netapp, Openssl and 1 more | 28 Debian Linux, Clustered Data Ontap, Clustered Data Ontap Antivirus Connector and 25 more | 2020-10-20 | 5.0 MEDIUM | 7.5 HIGH |
| A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients. | |||||
| CVE-2019-8936 | 5 Fedoraproject, Hpe, Netapp and 2 more | 6 Fedora, Hpux-ntp, Clustered Data Ontap and 3 more | 2020-10-07 | 5.0 MEDIUM | 7.5 HIGH |
| NTP through 4.2.8p12 has a NULL Pointer Dereference. | |||||
| CVE-2019-5501 | 1 Netapp | 1 Data Ontap | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 may disclose sensitive LDAP account information to unauthenticated remote attackers. | |||||
| CVE-2019-5493 | 1 Netapp | 1 Data Ontap | 2020-08-24 | 4.3 MEDIUM | 7.5 HIGH |
| Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 are susceptible to a vulnerability which discloses information to an unauthenticated attacker. A successful attack requires that multiple non-default options be enabled. | |||||
| CVE-2015-7703 | 5 Debian, Netapp, Ntp and 2 more | 13 Debian Linux, Clustered Data Ontap, Data Ontap and 10 more | 2020-06-18 | 4.3 MEDIUM | 7.5 HIGH |
| The "pidfile" or "driftfile" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, when ntpd is configured to allow remote configuration, allows remote attackers with an IP address that is allowed to send configuration requests, and with knowledge of the remote configuration password to write to arbitrary files via the :config command. | |||||
| CVE-2015-7701 | 5 Debian, Netapp, Ntp and 2 more | 13 Debian Linux, Clustered Data Ontap, Data Ontap and 10 more | 2020-06-18 | 5.0 MEDIUM | 7.5 HIGH |
| Memory leak in the CRYPTO_ASSOC function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (memory consumption). | |||||
| CVE-2015-7692 | 5 Debian, Netapp, Ntp and 2 more | 13 Debian Linux, Clustered Data Ontap, Data Ontap and 10 more | 2020-06-18 | 5.0 MEDIUM | 7.5 HIGH |
| The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750. | |||||
| CVE-2015-7691 | 5 Debian, Netapp, Ntp and 2 more | 13 Debian Linux, Clustered Data Ontap, Data Ontap and 10 more | 2020-06-18 | 5.0 MEDIUM | 7.5 HIGH |
| The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted packets containing particular autokey operations. NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750. | |||||
| CVE-2015-7849 | 2 Netapp, Ntp | 6 Clustered Data Ontap, Data Ontap, Oncommand Balance and 3 more | 2020-06-18 | 6.5 MEDIUM | 8.8 HIGH |
| Use-after-free vulnerability in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to possibly execute arbitrary code or cause a denial of service (crash) via crafted packets. | |||||
| CVE-2015-7854 | 2 Netapp, Ntp | 6 Clustered Data Ontap, Data Ontap, Oncommand Balance and 3 more | 2020-06-18 | 6.5 MEDIUM | 8.8 HIGH |
| Buffer overflow in the password management functionality in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted key file. | |||||
| CVE-2018-18066 | 2 Net-snmp, Netapp | 7 Net-snmp, Cloud Backup, Data Ontap and 4 more | 2019-10-16 | 5.0 MEDIUM | 7.5 HIGH |
| snmp_oid_compare in snmplib/snmp_api.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an unauthenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. | |||||
| CVE-2015-8322 | 1 Netapp | 1 Data Ontap | 2017-11-16 | 6.5 MEDIUM | 8.8 HIGH |
| NetApp OnCommand System Manager 8.3.x before 8.3.2 allows remote authenticated users to execute arbitrary code via unspecified vectors. | |||||
| CVE-2016-3400 | 1 Netapp | 1 Data Ontap | 2017-08-31 | 6.8 MEDIUM | 7.5 HIGH |
| NetApp Data ONTAP 8.1 and 8.2, when operating in 7-Mode, allows man-in-the-middle attackers to obtain sensitive information, gain privileges, or cause a denial of service via vectors related to the SMB protocol. | |||||
| CVE-2016-5374 | 1 Netapp | 1 Data Ontap | 2017-03-14 | 6.5 MEDIUM | 8.8 HIGH |
| NetApp Data ONTAP 9.0 and 9.1 before 9.1P1 allows remote authenticated users that own SMB-hosted data to bypass intended sharing restrictions by leveraging improper handling of the owner_rights ACL entry. | |||||