Every CVE whose affected-product data names Netapp Data Ontap, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (42)
CVE-2008-3349 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in NetApp Data ONTAP, as used on NetApp and IBM eServer platforms, allow remote attackers to execute…
CVE-2015-7705 — CVSS 9.8 (critical): The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large…
CVE-2015-7871 — CVSS 9.8 (critical): Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication.
CVE-2015-7853 — CVSS 9.8 (critical): The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute…
CVE-2015-7746 — CVSS 9.8 (critical): NetApp Data ONTAP before 8.2.4, when operating in 7-Mode, allows remote attackers to bypass authentication and (1) obtain sensitive…
CVE-2019-5502 — CVSS 9.1 (critical): SMB in Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 has weak cryptography which when exploited could lead to information…
CVE-2015-8322 — CVSS 8.8 (high): NetApp OnCommand System Manager 8.3.x before 8.3.2 allows remote authenticated users to execute arbitrary code via unspecified vectors.
CVE-2015-7854 — CVSS 8.8 (high): Buffer overflow in the password management functionality in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated…
CVE-2015-7849 — CVSS 8.8 (high): Use-after-free vulnerability in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to possibly…
CVE-2016-5374 — CVSS 8.8 (high): NetApp Data ONTAP 9.0 and 9.1 before 9.1P1 allows remote authenticated users that own SMB-hosted data to bypass intended sharing…
CVE-2020-11868 — CVSS 7.5 (high): ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode…
CVE-2016-3400 — CVSS 7.5 (high): NetApp Data ONTAP 8.1 and 8.2, when operating in 7-Mode, allows man-in-the-middle attackers to obtain sensitive information, gain…
CVE-2019-5501 — CVSS 7.5 (high): Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 may disclose sensitive LDAP account information to unauthenticated remote…
CVE-2015-7703 — CVSS 7.5 (high): The "pidfile" or "driftfile" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, when ntpd is configured to allow remote…
CVE-2018-18066 — CVSS 7.5 (high): snmp_oid_compare in snmplib/snmp_api.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an unauthenticated…
CVE-2019-5493 — CVSS 7.5 (high): Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 are susceptible to a vulnerability which discloses information to an…
CVE-2015-7704 — CVSS 7.5 (high): The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of…
CVE-2015-7692 — CVSS 7.5 (high): The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service…
CVE-2015-7701 — CVSS 7.5 (high): Memory leak in the CRYPTO_ASSOC function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a…
CVE-2016-10708 — CVSS 7.5 (high): sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an…
CVE-2015-7691 — CVSS 7.5 (high): The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service…
CVE-2016-8610 — CVSS 7.5 (high): A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined…
CVE-2020-13817 — CVSS 7.4 (high): ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time…
CVE-2021-26989 — CVSS 6.5 (medium): Clustered Data ONTAP versions prior to 9.3P21, 9.5P16, 9.6P12, 9.7P9 and 9.8 are susceptible to a vulnerability which could allow a remote…
CVE-2015-7702 — CVSS 6.5 (medium): The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service…
CVE-2015-7850 — CVSS 6.5 (medium): ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (infinite loop or…
CVE-2015-7855 — CVSS 6.5 (medium): The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service…
CVE-2016-1895 — CVSS 6.5 (medium): NetApp Data ONTAP before 8.2.5 and 8.3.x before 8.3.2P12 allow remote authenticated users to cause a denial of service via vectors related…
CVE-2018-18065 — CVSS 6.5 (medium): _set_key in agent/helpers/table_container.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an authenticated…
CVE-2015-7852 — CVSS 5.9 (medium): ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted mode 6…
CVE-2017-12859 — CVSS 5.9 (medium): NetApp Data ONTAP before 8.2.5, when operating in 7-Mode in NFS environments, allows remote attackers to cause a denial of service via…
CVE-2016-6495 — CVSS 5.9 (medium): NetApp Data ONTAP before 8.2.4P5, when operating in 7-Mode, allows remote attackers to obtain information about the volumes configured for…
CVE-2020-1971 — CVSS 5.9 (medium): The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName…
CVE-2018-18606 — CVSS 5.5 (medium): An issue was discovered in the merge_strings function in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed…
CVE-2018-18607 — CVSS 5.5 (medium): An issue was discovered in elf_link_input_bfd in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU…
CVE-2018-18605 — CVSS 5.5 (medium): A heap-based buffer over-read issue was discovered in the function sec_merge_hash_lookup in merge.c in the Binary File Descriptor (BFD)…
CVE-2018-15473 — CVSS 5.3 (medium): OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after…
CVE-2016-2518 — CVSS 5.3 (medium): The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference…
CVE-2018-5496 — CVSS 4.4 (medium): Data ONTAP operating in 7-Mode versions prior to 8.2.5P2 are susceptible to a vulnerability which discloses sensitive information to an…
CVE-2015-7886 — CVSS 3.7 (low): NetApp Data ONTAP before 8.2.4P1, when 7-Mode and HTTP access are enabled, allows remote attackers to obtain sensitive volume information…
CVE-2021-26988 — CVSS 3.5 (low): Clustered Data ONTAP versions prior to 9.3P21, 9.5P16, 9.6P12, 9.7P8 and 9.8 are susceptible to a vulnerability which could allow…