Netapp: Security Vulnerabilities
ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference) via a ntpdc reslist command.
CVSS Score
5.9
EPSS Score
0.164
Published
2017-01-30
Off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PHAR archive with an alias mismatch.
CVSS Score
9.8
EPSS Score
0.047
Published
2017-01-24
named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed response to an RTYPE ANY query.
CVSS Score
7.5
EPSS Score
0.728
Published
2017-01-12
Clustered Data ONTAP versions 8.0, 8.3.1, and 8.3.2 contain a default privileged account which under certain conditions can be used for unauthorized information disclosure.
CVSS Score
3.7
EPSS Score
0.002
Published
2017-01-11
MetroCluster Tiebreaker for clustered Data ONTAP in versions before 1.2 discloses sensitive information in cleartext which may be viewed by an unauthenticated user.
CVSS Score
7.5
EPSS Score
0.004
Published
2017-01-11
The SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access) via crafted serialized data.
CVSS Score
9.8
EPSS Score
0.036
Published
2017-01-11
Zend/zend_hash.c in PHP before 7.0.15 and 7.1.x before 7.1.1 mishandles certain cases that require large array allocations, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow, uninitialized memory access, and use of arbitrary destructor function pointers) via crafted serialized data.
CVSS Score
9.8
EPSS Score
0.071
Published
2017-01-11
An integer overflow can occur in NTP-dev.4.3.70 leading to an out-of-bounds memory copy operation when processing a specially crafted private mode packet. The crafted packet needs to have the correct message authentication code and a valid timestamp. When processed by the NTP daemon, it leads to an immediate crash.
CVSS Score
7.5
EPSS Score
0.013
Published
2017-01-06
NetApp Snap Creator Framework before 4.3.1 discloses sensitive information which could be viewed by an unauthorized user.
CVSS Score
7.5
EPSS Score
0.003
Published
2016-12-21
NetApp Plug-in for Symantec NetBackup prior to version 2.0.1 makes use of a non-unique server certificate, making it vulnerable to impersonation.
CVSS Score
5.6
EPSS Score
0.002
Published
2016-12-05