Vulnerabilities (CVE)

Filtered by vendor Netapp Subscribe

Filtered by product Clustered Data Ontap

Total 186 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2016-7480	2 Netapp, Php	2 Clustered Data Ontap, Php	2023-12-10	7.5 HIGH	9.8 CRITICAL
The SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access) via crafted serialized data.
CVE-2015-7973	5 Canonical, Freebsd, Netapp and 2 more	9 Ubuntu Linux, Freebsd, Clustered Data Ontap and 6 more	2023-12-10	5.8 MEDIUM	6.5 MEDIUM
NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in broadcast mode, allows man-in-the-middle attackers to conduct replay attacks by sniffing the network.
CVE-2016-4341	1 Netapp	1 Clustered Data Ontap	2023-12-10	5.0 MEDIUM	7.5 HIGH
NetApp Clustered Data ONTAP before 8.3.2P7 allows remote attackers to obtain SMB share information via unspecified vectors.
CVE-2015-7974	4 Debian, Netapp, Ntp and 1 more	8 Debian Linux, Clustered Data Ontap, Oncommand Balance and 5 more	2023-12-10	4.0 MEDIUM	7.7 HIGH
NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key."
CVE-2016-3064	1 Netapp	1 Clustered Data Ontap	2023-12-10	4.0 MEDIUM	6.5 MEDIUM
NetApp Clustered Data ONTAP before 8.2.4P4 and 8.3.x before 8.3.2P2 allows remote authenticated users to obtain sensitive cluster and tenant information via unspecified vectors.
CVE-2016-1563	1 Netapp	1 Clustered Data Ontap	2023-12-10	5.8 MEDIUM	6.8 MEDIUM
NetApp Clustered Data ONTAP 8.3.1 does not properly verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.