Product:

Clustered_data_ontap

(Netapp)
Date Id Summary Products Score Patch Annotated
2017-01-30 CVE-2015-7973 NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in broadcast mode, allows man-in-the-middle attackers to conduct replay attacks by sniffing the network. Ubuntu_linux, Freebsd, Clustered_data_ontap, Oncommand_balance, Ntp, Tim_4r\-Ie_dnp3_firmware, Tim_4r\-Ie_firmware 6.5
2016-01-26 CVE-2015-7974 NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key." Debian_linux, Clustered_data_ontap, Oncommand_balance, Ntp, Tim_4r\-Ie_dnp3_firmware, Tim_4r\-Ie_firmware 7.7
2017-08-07 CVE-2015-7855 The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (assertion failure) via a 6 or mode 7 packet containing a long data value. Debian_linux, Clustered_data_ontap, Data_ontap, Oncommand_balance, Oncommand_performance_manager, Oncommand_unified_manager, Ntp, Tim_4r\-Ie_dnp3_firmware, Tim_4r\-Ie_firmware 6.5
2017-08-07 CVE-2015-7871 Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication. Debian_linux, Clustered_data_ontap, Data_ontap, Oncommand_balance, Oncommand_performance_manager, Oncommand_unified_manager, Ntp 9.8
2021-02-08 CVE-2020-8590 Clustered Data ONTAP versions prior to 9.1P18 and 9.3P12 are susceptible to a vulnerability which could allow an attacker to discover node names via AutoSupport bundles even when the –remove-private-data parameter is set to true. Clustered_data_ontap 3.3
2021-02-08 CVE-2020-8578 Clustered Data ONTAP versions prior to 9.3P20 are susceptible to a vulnerability which could allow an attacker to discover node names via AutoSupport bundles even when the –remove-private-data parameter is set to true. Clustered_data_ontap 3.3
2021-02-03 CVE-2020-8588 Clustered Data ONTAP versions prior to 9.3P20 and 9.5P15 are susceptible to a vulnerability which could allow unauthorized tenant users to discover the existence of data on other Storage Virtual Machines (SVMs). Clustered_data_ontap 3.5
2021-02-03 CVE-2020-8589 Clustered Data ONTAP versions prior to 9.3P20 and 9.5P15 are susceptible to a vulnerability which could allow unauthorized tenant users to discover the names of other Storage Virtual Machines (SVMs) and filenames on those SVMs. Clustered_data_ontap 3.5
2020-10-27 CVE-2020-8579 Clustered Data ONTAP versions 9.7 through 9.7P7 are susceptible to a vulnerability which allows an attacker with access to an intercluster LIF to cause a Denial of Service (DoS). Clustered_data_ontap 7.5
2017-08-07 CVE-2015-7854 Buffer overflow in the password management functionality in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted key file. Clustered_data_ontap, Data_ontap, Oncommand_balance, Oncommand_performance_manager, Oncommand_unified_manager, Ntp N/A