Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Clustered_data_ontap
(Netapp)| Repositories |
• https://github.com/php/php-src
• https://github.com/openbsd/src • https://github.com/derickr/timelib |
| #Vulnerabilities | 186 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2017-01-11 | CVE-2017-5340 | Zend/zend_hash.c in PHP before 7.0.15 and 7.1.x before 7.1.1 mishandles certain cases that require large array allocations, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow, uninitialized memory access, and use of arbitrary destructor function pointers) via crafted serialized data. | Clustered_data_ontap, Php | 9.8 | ||
| 2017-01-11 | CVE-2016-7480 | The SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access) via crafted serialized data. | Clustered_data_ontap, Php | 9.8 | ||
| 2017-01-24 | CVE-2016-10160 | Off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PHAR archive with an alias mismatch. | Debian_linux, Clustered_data_ontap, Php | 9.8 | ||
| 2021-10-19 | CVE-2021-27001 | Clustered Data ONTAP versions 9.x prior to 9.5P18, 9.6P16, 9.7P16, 9.8P7 and 9.9.1P2 are susceptible to a vulnerability which could allow an authenticated privileged local attacker to arbitrarily modify Compliance-mode WORM data prior to the end of the retention period. | Clustered_data_ontap | 5.5 | ||
| 2021-06-04 | CVE-2020-7469 | In FreeBSD 12.2-STABLE before r367402, 11.4-STABLE before r368202, 12.2-RELEASE before p1, 12.1-RELEASE before p11 and 11.4-RELEASE before p5 the handler for a routing option caches a pointer into the packet buffer holding the ICMPv6 message. However, when processing subsequent options the packet buffer may be freed, rendering the cached pointer invalid. The network stack may later dereference the pointer, potentially triggering a use-after-free. | Freebsd, Clustered_data_ontap | 7.5 | ||
| 2020-04-17 | CVE-2020-11868 | ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packet lacks a valid origin timestamp. | Debian_linux, All_flash_fabric\-Attached_storage_8300_firmware, All_flash_fabric\-Attached_storage_8700_firmware, All_flash_fabric\-Attached_storage_a400_firmware, Clustered_data_ontap, Data_ontap, Fabric\-Attached_storage_8300_firmware, Fabric\-Attached_storage_8700_firmware, Fabric\-Attached_storage_a400_firmware, Hci_management_node, Hci_storage_node_firmware, Solidfire, Vasa_provider_for_clustered_data_ontap, Virtual_storage_console, Ntp, Leap, Enterprise_linux | 7.5 | ||
| 2020-04-29 | CVE-2019-15874 | In FreeBSD 12.1-STABLE before r356035, 12.1-RELEASE before 12.1-RELEASE-p4, 11.3-STABLE before r356036, and 11.3-RELEASE before 11.3-RELEASE-p8, incomplete packet data validation may result in memory access after it has been freed leading to a kernel panic or other unpredictable results. | Freebsd, Clustered_data_ontap | 9.8 | ||
| 2020-04-29 | CVE-2019-5614 | In FreeBSD 12.1-STABLE before r356035, 12.1-RELEASE before 12.1-RELEASE-p4, 11.3-STABLE before r356036, and 11.3-RELEASE before 11.3-RELEASE-p8, incomplete packet data validation may result in accessing out-of-bounds memory leading to a kernel panic or other unpredictable results. | Freebsd, Clustered_data_ontap | 9.8 | ||
| 2020-06-04 | CVE-2020-13817 | ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim's ntpd instance. | M10\-1_firmware, M10\-4_firmware, M10\-4s_firmware, M12\-1_firmware, M12\-2_firmware, M12\-2s_firmware, Cloud_backup, Clustered_data_ontap, Data_ontap, Element_software, H300e_firmware, H300s_firmware, H410c_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H700e_firmware, H700s_firmware, Hci_compute_node_firmware, Hci_management_node, Ontap_tools, Solidfire, Steelstore_cloud_integrated_storage, Ntp, Leap | 7.4 | ||
| 2021-07-09 | CVE-2021-3541 | A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service. | Active_iq_unified_manager, Cloud_backup, Clustered_data_ontap, Clustered_data_ontap_antivirus_connector, H300e_firmware, H300s_firmware, H410c_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H700e_firmware, H700s_firmware, Manageability_software_development_kit, Ontap_select_deploy_administration_utility, Smi\-S_provider, Snapdrive, Zfs_storage_appliance_kit, Jboss_core_services, Libxml2 | 6.5 |